Privacy Policy

 
Date last revised: May 2018
 
OAKHILL COMMUNICATIONS LIMITED (we/us/our) are committed to protecting personal data. We recognise that personal data does not belong to us.
Unless otherwise required by law, the Information Commissioner’s Office (ICO) guidance or best practice, or in order to provide our services to you, we will only process your personal data in the way we tell you or in the way you ask us to, and we will give it back to you at any time.

  1. THIS POLICY
    1. This policy, available on our website at www.oakhillcommunications.co.uk (our Website) sets out how we process the personal data that you provide to us. This policy applies, together with any other documents we provide to you, to your contractual relationship with us.
    2. This policy will apply to our contract with you. You are therefore advised to read it carefully. Terms used within it shall have the meaning(s) given in the Data Protection Act 1998 (Act) and/or the General Data Protection Regulation (Regulation), as applicable.
    3. By visiting our Website, or by providing your personal data to us, you understand, accept and consent to the practices described in this policy.
    4. Any changes we make to this policy will be posted on this page. You are advised to check back frequently as, unless your consent is required, any changes will be binding on you when you continue to use the Website or work with us after the date of the relevant change.
    5. For more information relating to your rights under this policy, please see section 9.
    6. If you have any queries relating to this policy, please contact us at privacy@oakhillcommunications.co.uk in the first instance.
  2. WHO WE ARE
    1. For the purposes of the Act, the data controller is Oakhill Communications Limited, a company registered in England & Wales (number 09718147). At times, subject to the nature of our relationship with our customer or client, we may be a data processor.
    2. We are registered with the ICO to process your personal data and our registration number is ZA348217.
    3. Our website is hosted by Identity Protect Limited, a company registered in England & Wales (number 07407280) with its registered office on 5th Floor, The Shipping Building, 252-254 Blyth Road, Hayes UB3 1HA.
    4. Our nominated point of contact for all data protection enquiries is our Managing Partner.
    5. Your personal data will be held and stored by our UK-based staff who are regulated by our internal staff data protection policy.
  3. YOUR CONSENT
    1. We do not ordinarily rely on your consent to process your personal data. We process your personal data primarily to perform our contract with you on our standard terms of business, and we consider the personal data we obtain is reasonable and necessary for that purpose.
    2. By using our Website and/or working with us, you expressly consent to:
      1. the transfers of your personal data to those specifically listed third parties in this policy, for the reasons specified; and
      2. us, and/or our affiliated companies listed in this policy, using your personal data for direct marketing purposes.
    3. You may exercise your rights under section 9 at any time, which includes withdrawing your consent to our processing of your personal data. However, where this withdrawal prevents us from performing our contract with you, we may not be able to provide our goods and services to you.
  4. WHAT WE COLLECT
    1. We collect the following categories of data from our customers, clients and suppliers (whether actual or potential):
      1. full names
      2. Bank account details
      3. Residential addresses; and
      4. Email addresses and telephone contact numbers.
    2. Where you are a current, potential or former employee, worker or other member of our staff, we may collect additional categories of your personal data from you for the purposes of providing you with the necessary benefits under our contract with you. In those circumstances, an internal privacy policy applies and a copy is available on request.
    3. We consider that all categories of personal data we obtain are proportionate and relevant to the purposes for which they are obtained. However, we review this intermittently and remove any inaccurate or obsolete data.
  5. HOW IT IS COLLECTED
    1. When you provide it to us
      1. personal data is primarily provided to us in correspondence with us directly by phone or e-mail as part of our business with clients. Any personal data contained in that correspondence will be retained by us.
      2. Any personal data given to us in meetings may also be retained by us.
    2. When we collect it from you
      1. When you use our Website, we will automatically collect technical information about the device you use to visit, including your IP address, browser type/version and related settings.
      2. We also monitor your use of our Website. This includes the full URLs, your clickstreams through our Website, the pages you view and how you interact with them and how you leave the Website.
    3. When we receive it from others. On occasion, your personal data may have been stored on third party databases and passed to us by those third parties. We do this for marketing purposes (in relation to the products we offer) on the terms of a written agreement with those third parties. In those circumstances, the relevant third party confirms to us that you have expressly consented to them holding your data and transferring it specifically to us for the reasons we require it.
    4. DeHavilland Information Services Limited, a company registered in England & Wales with company number 08297488, provide a range of research services to us, most of which contain information already in the public domain, but some constitute personal data, which is transferred to us for the purposes of providing our services.
  6. WHAT WE USE IT FOR
    1. Personal data is primarily required to enable us to administer our trading relationships, and to supply our services and support requested from us, such as any enquiries or requests raised with us.
    2. We may (with your permission) also use personal data to send information by email about us and our services that are similar to those you have already purchased or enquired about. We only do this where you have given us permission to do so, and you can opt-out at any time. Where you opt out, we will no longer contact you until you ask us to, and we will not prompt you to do so.
    3. Technical information we collect about your visit to our Website is used to enable us to:
      1. personalise and improve its functionality and security (to keep it safe and secure);
      2. administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes; and
      3. ensure that we can offer the most effective and efficient browsing experience, and make improvements where necessary.
    4. Where we change our services, or our terms of business, we will contact you.
    5. Once collected, personal data will be retained by us for as long as is necessary for us to provide the relevant services, to market our services to you (where requested) and to enable us to improve our Website. Typically, this can be up to 12 months following the termination of our business relationship with you or your last visit to our Website, but this may vary depending on your circumstances.
  7. SECURITY
    1. All of our staff are made aware of their obligations under the Act and the Regulation in relation to protecting personal data. We have an internal data protection, security and retention policy, which is provided to all staff.
    2. All personal data is stored locally on machines owned by us and operated by our staff. All machines are password protected and require user authentication prior to granting access. We consider these measures are appropriate given the size of our organisation and the nature and volume of the personal data we process.
  8. HOW AND WHY WE DISCLOSE YOUR DATA
    1. Subject to the rest of section 8, the only third parties with or to whom we disclose or receive your personal data are those listed in section 4, for the purposes listed in that section.
    2. Any websites which are linked from the Website are outside of our control and not covered by this policy. If you access those websites using the links provided, the website operators may collect information from you which will be used by them in accordance with their own privacy policies (if any). These policies may differ from ours, and we cannot accept any responsibility or liability in respect of these.
  9. YOUR RIGHTS
    1. In relation to all of your personal data, you have the following rights (in addition to any rights you may have under the Act or the Regulation) to ask us:
      1. not to process your personal data for marketing purposes;
      2. to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
      3. to amend any inaccurate data we hold about you;
      4. to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
      5. to only process your personal data in limited circumstances, for limited purposes.
    2. We have the capacity to extract your personal data from our databases and provide it to you in a structured, commonly-used way (typically by .csv file).
    3. If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.
    4. Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.