INTRODUCTION
This website is provided by Haventus Group Holdings Limited, Haventus Limited and Ardersier Port (Scotland) Limited (together, Haventus, we, our or us). We are committed to protecting the privacy of individuals whose personal data we process (you or your) and complying with our obligations under applicable data protection laws (Data Protection Laws). We take your privacy seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use, share and otherwise process any information relating to you if you use our website, if you are a contractor or service provider to Haventus, and/or if you are a business contact of Haventus. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint in relation to our use of your personal data. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact Haventus at enquiries@haventus.com FAO Martin Roughead.
YOUR GUIDE TO OUR PRIVACY POLICY
This privacy policy is provided in a layered format to allow you to navigate it easily. The privacy policy is split into the following sections:
- Section One, The Controller of Your Personal Data: This section provides details of the Haventus group so you can identify the controller of your personal data.
- Section Two, How We Process Your Personal Data: This section provides information on how we process your personal data, including the purposes for which we process personal data (and the legal bases on which we rely to process it). How we process your personal data will depend on the nature of your engagement and relationship with us, so this section is split into parts:
- Part One, Website Users: If you are a user of our website, this section provides details of how we process your personal data.
- Part Two, Contractors and Service Providers: If you are a contractor or provide services to us, this section provides details of how we process your personal data.
- Part Three, Business Contacts: If you are a business contact of Haventus, this section provides details of how we process your personal data. This includes if you have provided us with a business card, if you have corresponded with us and/or if you have attended events run by us
- Section Three, Other Information: This section applies to all persons about whom we process personal data, and provides information about our data protection practices, including information about our data security and retention policies, details of our arrangements for disclosing personal data to third parties and transferring personal data outside of the UK and EEA and information on your rights under Data Protection Laws.
SECTION ONE – THE CONTROLLER OF YOUR PERSONAL DATA
The controller of your personal data is the entity which, alone or jointly with others, determines the purposes and means of the processing of your personal data. The member(s) the Haventus group of companies which act as a controller of your personal data will depend on the circumstances for which you engage with Haventus and/or provide your personal data to Haventus. The following members of the Haventus group of companies may process your personal data:
- Haventus Group Holdings Limited (a company registered in England and Wales with company number: 15543542);
- Haventus Limited (a company registered in England and Wales with company number: 15544964); and
- Ardersier Port (Scotland) Limited (a company registered in Scotland with company number: SC698452).
There may be circumstances where more than one member of the Haventus group is a controller of your personal data. If you would like further information on who the specific controller(s) of your personal data are, then please contact Haventus at enquiries@haventus.com FAO Martin Roughead.
SECTION TWO – HOW WE PROCESS YOUR PERSONAL DATA
PART ONE – WEBSITE USERS
This section of our privacy policy sets out how we may process personal data about persons who use our website. This website is not intended for children and we do not knowingly collect data relating to children. Children should not access or use our website. If you are aware that any personal data of any children has been shared with us through our website please let us know so that we can delete that data. In this section, you or your refers to a person whose personal data is held by us, where that data has been provided to us through your use of our website.
HOW YOUR PERSONAL DATA IS COLLECTED
We may use different methods to collect data from you and about you including through:
- direct interactions with you, such as filling in submission forms. This includes personal data you provide when you request communications to be sent to you.
- automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
- third parties. We may collect personal data from third parties including analytics providers and search engine providers.
PERSONAL DATA WE MAY COLLECT ABOUT YOU
The personal data we collect about you depends on the particular activities carried out through our website. We have grouped together the various types of data we may hold about you as a website user as follows:
- Identity data includes names, titles, dates of birth and pronoun preferences;
- Contact data includes addresses, telephone numbers, personal and work email addresses and communications preferences;
- Correspondence data includes data you provide to us when you correspond with us, for example by completing submission forms on our website;
- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, internet server provider’s domain name, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website; and
- Usage data includes information about how you use our website.
Please note that by operating cookies on our website we collect certain information about you automatically when you use our website, including details of your domain name, IP address, operating system and browser. For further information about our use of cookies, please see our cookies policy which can be found here. Persons applying for employment with Haventus may also access and use our website, including to upload their CV and other information. Haventus has a separate supplementary privacy policy in connection with its processing of personal data relating to job applicants, which is available here. Unless you are a job applicant (in which case, please refer to our job applicant privacy policy: here), we do not knowingly collect any sensitive personal data or special categories of personal data about you through our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences through our website. You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.
HOW AND WHY WE USE YOUR PERSONAL DATA
As a website user, your personal data may be processed by us or our sub-processors (or any of their affiliates, agents, employees, delegates or sub-contractors) for the following purposes:
- To respond to communications and submissions you make to us, including through submission forms on our website.
- To use data analytics to improve our website, including as further detailed in our cookies policy.
- To comply with legal and/or regulatory requirements.
- To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.
- To share personal data with third parties in certain circumstances as detailed in Section Three.
- To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency.
- Such other actions as are necessary to manage our business activities including processing instructions, monitoring and recording electronic communications for quality control, analysis and training purposes and enforcing or defending our rights and/or interests.
We will only use your personal information as the law permits. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The legal bases we principally rely upon are these:
- It is necessary for the purposes of our legitimate interests or those of a third party.
- It is necessary for us to comply with a legal or regulatory obligation on us.
Where such processing is being carried out on the basis that it is necessary to pursue our legitimate interests, we will only carry out such processing if these legitimate interests are not overridden by your interests, fundamental rights or freedoms. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact Haventus at enquiries@haventus.com FAO Martin Roughead if you need us to confirm which of the legal bases set out below we relied upon in a specific type of processing for a particular category of personal data.
Purpose / Activity | Type of Data | Legal Basis for Processing |
---|---|---|
To respond to communications and submissions you make to us, including through submission forms on our website | Identity data Contact data Correspondence data | Our legitimate interests of pursuing and developing our business and responding to queries, comments and communications |
To use data analytics to improve our website, including as further detailed in our cookies policy | Technical data Usage data | Our legitimate interests of understanding user behaviour and improving our website |
To comply with legal and/or regulatory requirements | Identify data Contact data Correspondence data Technical data Usage data | Compliance with our legal and/or regulatory obligations, including under data protection law to securely protect personal data |
To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems | Identity data Contact data Correspondence data Technical data | Our legitimate interests including for document retention purposes and IT security Compliance with our legal and regulatory obligations, including under data protection law to securely protect personal data |
To share personal data with third parties in certain circumstances as detailed in Section Three | Identity data Contact data Correspondence data Technical data Usage data | Our legitimate interests of pursuing and developing our business, including to allow us to outsource certain business activities |
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency | Identify data Contact data Correspondence data Technical data Usage data | For our legitimate interests of protecting, realising and growing the value in our business The legitimate interests of our shareholders including in managing their investment in our business. |
Such other actions as are necessary to manage our business activities including processing instructions, monitoring and recording electronic communications for quality control, analysis and training purposes and enforcing or defending our rights and/or interests | Identify data Contact data Correspondence data Technical data Usage data | Compliance with our legal and regulatory obligations Our legitimate interests of pursing and developing our business and effectively operating our website |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
THIRD PARTY WEBSITES
Our website may, from time to time, include links to third party websites, plug-ins and applications. Following those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their content including, but not limited to, their privacy policies and practices. When you leave our website, you should read the privacy policy of each website you visit.
WHERE YOUR CONSENT IS REQUIRED
If we consider it necessary to obtain your consent in relation to the use of your personal data you will be asked to provide this and/or we will contact you to request this consent. In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact Haventus at enquiries@haventus.com FAO Martin Roughead. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
IF YOU FAIL TO PROVIDE PERSONAL DATA REQUESTED
Where we need to collect personal data by law or in connection with our website and you fail to provide that information, we may not be able to give you full access to our website.
PART TWO – CONTRACTORS & SERVICE PROVIDERS
This section of our privacy policy sets out how we may process personal data about contractors and service providers to Haventus. In this section:
- contractor or service provider means an individual or organisation providing services to Haventus; and
- you or your means a person whose personal data is held by us, where that data has been provided to us by you directly or by a contractor or service provider or by its directors, partners, employees, agents or representatives on its behalf, or has been collected by us, in each case, in the context of the provision of services to us by that contractor or service provider.
PERSONAL DATA WE MAY COLLECT ABOUT YOU
We may hold various kinds of personal data about you which the contractor or service provider or you provide to us from time to time, or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:
- Identity data may include names, gender, date of birth, pronoun preferences and country of residence;
- Contact data may include addresses, work email addresses, personal email addresses and telephone numbers;
- Employment data may include places of work and job titles, employment history and qualifications;
- Correspondence data includes any personal data which you share with us when you correspond with us (including over email, during telephone calls and/or in meetings);
- Financial data may include bank account details;
- Technical data may include internet protocol (IP) address, mail server URL, MIME version, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when you correspond with us; and
- CCTV data may include image and sound recordings.
We do not knowingly collect any sensitive personal data or special categories of personal data about you in the course of your relationship/engagement with us (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we expect to collect any information about criminal convictions and offences which relate to you. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the ourposes of deleting it.
HOW AND WHY WE USE YOUR PERSONAL DATA
As a contractor/service provider, your personal data may be processed by us or our sub-processors (or any of their affiliates, agents, employees, delegates or sub-contractors) for the following purposes:
- To administer and manage our relationship with you and/or the contractor or service provider.
- To comply with our obligations under the terms of a contract between us and the contractor or service provider.
- To assess your skills and qualifications, your suitability for the role and to decide whether to enter into a contract with you, the contractor or service provider or to permit access to our offices.
- To assess and to monitor the standard of services being provided or offered to us.
- To allow us to process payments in relation to any goods and services provided to us.
- To update and maintain our records including details of people that have accessed our offices.
- To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.
- To comply with our legal and regulatory requirements.
- To monitor emails sent to us (including attachments) for viruses or malicious software.
- To protect and manage email traffic.
- To share personal data with third parties in certain circumstances as detailed in Section Three.
- To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency.
- Generally to manage our activities, including monitoring and recording electronic communications (including telephone calls and emails).
We will only use your personal information as the law permits. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The legal bases we principally rely upon are as these:
- It is necessary for the performance of a contract between Haventus and you or in order to take steps prior to entering into such a contract.
- It is necessary for the purposes of our legitimate interests, where such interests are not overridden by your rights or interests.
- It is necessary for us to comply with a legal obligation on us.
Where such processing is being carried out on the basis that it is necessary to pursue our legitimate interests, we will only carry out such processing if these legitimate interests are not overridden by your interests, fundamental rights or freedoms. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact Haventus at enquiries@haventus.com FAO Martin Roughead if you need us to confirm which of the legal bases set out below we relied upon in a specific type of processing for a particular category of personal data.
Purpose / Activity | Type of Data | Legal Basis for Processing |
---|---|---|
To administer and manage our relationship with you and/or the contractor or service provider | Identity data Contact data Employment data Correspondence data Financial data | Performance of a contract with you Our legitimate interests of pursuing and developing our business and receiving services from the contractor or service provider |
To comply with our obligations under the terms of a contract between us and the contractor or service provider | Identity data Contact data Employment data Correspondence data Financial data | Performance of a contract with you Our legitimate interests of pursuing and developing our business, receiving services from the contractor or service provider and complying with the terms of contracts to which we are a party |
To assess your skills and qualifications, your suitability for the role and to decide whether to enter into a contract with you, the contractor or service provider or to permit access to our offices | Identity data Contact data Employment data Correspondence data | Our legitimate interests of pursuing and developing our business and ensuring continuity and quality of services |
To assess and to monitor the standard of services being provided or offered to us | Identity data Contact data Employment data Correspondence data | Our legitimate interests of pursuing and developing our business and ensuring continuity and quality of services |
To allow us to process payments in relation to any goods and services provided to us | Identity data Contact data Correspondence data Financial data | Performance of a contract with you Our legitimate interests of pursuing and developing our business, receiving services from the contractor or service provider and complying with the terms of contracts to which we are a party |
To update and maintain our records including details of people that have accessed our offices | Identity data Contact data Employment data Correspondence data Financial data Technical data | Our legitimate interests to keep our records updated and in certain circumstances for the prevention of criminal activity |
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV | Identity data Technical data CCTV data | Our legitimate interests of maintaining the security of our offices |
To comply with our legal and regulatory requirements | Identity data Contact data Employment data Correspondence data Financial data Technical data | Compliance with our legal and regulatory obligations |
To monitor emails sent to us (including attachments) for viruses or malicious software | Identity data Contact data Correspondence data Technical data | Our legitimate interests to protect and maintain the security of our systems |
To protect and manage email traffic | Identity data Contact data Correspondence data Technical data | Our legitimate interests to protect and maintain the security of our systems |
To share personal data with third parties in certain circumstances as detailed in Section Three | Identity data Contact data Employment data Correspondence data Financial data Technical data CCTV data | Our legitimate interests of pursuing and developing our business, including to allow us to outsource certain business activities |
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency | Identity data Contact data Employment data Correspondence data Financial data Technical data CCTV data | For our legitimate interests of protecting, realising and growing the value in our business The legitimate interests of our shareholders including in managing their investment in our business |
Generally to manage our activities, including by monitoring and recording electronic communications (including telephone calls and emails) | Identity data Contact data Employment data Correspondence data Financial data Technical data CCTV data | Our legitimate interests of pursuing and developing our business |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
WHERE YOUR CONSENT IS REQUIRED
If we consider it necessary to obtain your consent in relation to the use of your personal data you will be asked to provide this and/or we will contact you to request this consent. In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact Haventus at enquiries@haventus.com FAO Martin Roughead. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
IF YOU FAIL TO PROVIDE PERSONAL DATA REQUESTED
Where we need to collect personal data by law or under the terms of a contract we have with the contractor or service provider or you and you fail to provide that information, we may not be able to perform the contract we have or are trying to enter into with the contractor or service provider or you.
PART THREE – BUSINESS CONTACTS
This section of our privacy policy sets out how we may process personal data in relation to business contacts such as if you have provided us with your business card, or have corresponded with one of our directors or employees and/or have attended an event hosted by us. In this section you or your means a person who is a business contact of us and whose personal data has been provided to or collected by us, in the context of our business.
PERSONAL DATA WE MAY COLLECT ABOUT YOU
We may hold various kinds of personal data about you which you provide to us from time to time, or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:
- Identity data may include names, gender, date of birth, pronoun preferences, country of residence;
- Contact data may include addresses, work email addresses, personal email addresses and telephone numbers;
- Employment data may include places of work and job titles, employment history and qualifications;
- Correspondence data includes any personal data which you share with us when you correspond with us (including over email, during telephone calls and/or in meetings);
- Technical data may include internet protocol (IP) address, mail server URL, MIME version, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when you correspond with us; and
- CCTV data may include image and sound recordings. We do not knowingly collect any sensitive personal data or special categories of personal data about you in the course of your relationship/engagement with us (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we expect to collect any information about criminal convictions and offences which relate to you. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.
HOW AND WHY WE USE PERSONAL DATA
As a business contact, your personal data may be processed by us or our sub-processors (or any of their affiliates, agents, employees, delegates or sub-contractors) for the following purposes:
- To administer and manage our relationship or potential relationship with you.
- To send you updates, news items, articles or other material which we think may be of interest to you.
- To send you invitations to events and seminars and the like which we think may be of interest to you and to facilitate your attendance at such events.
- To monitor emails sent to us (including attachments) for viruses or malicious software.
- To protect and manage email traffic.
- To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.
- To share personal data with third parties in certain circumstances as detailed in Section Three.
- To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency.
- Generally to manage the activities of the business, including monitoring and recording electronic communications (including telephone calls and emails).
We will only use your personal information as the law permits. We have set out below, in table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The legal bases we principally rely upon are these:
- It is necessary for the performance of a contract between us and you or in order to take steps at your request prior to entering into such a contract.
- It is necessary for the purposes of our legitimate interests, where such interests are not overridden by your rights or interests.
- It is necessary for us to comply with a legal obligation on us.
Where such processing is being carried out on the basis that it is necessary to pursue our legitimate interests, we will only carry out such processing if these legitimate interests are not overridden by your interests, fundamental rights or freedoms. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact Haventus at enquiries@haventus.com FAO Martin Roughead if you need us to confirm which of the legal bases set out below we relied upon in a specific type of processing for a particular category of personal data.
Purpose / Activity | Type of Data | Legal Basis for Processing |
---|---|---|
To administer and manage our relationship or potential relationship with you | Identity data Contact data Employment data Correspondence data | Our legitimate interests of pursuing and developing our business |
To send you updates, news items, articles or other material which we think may be of interest to you. | Identity data Contact data Correspondence data | Our legitimate interests of pursuing and developing our business |
To send you invitations to events and seminars and the like which we think may be of interest to you and to facilitate your attendance at such events | Identity data Contact data Correspondence data | Our legitimate interests of pursuing and developing our business |
To monitor emails sent to us (including attachments) for viruses or malicious software | Identity data Contact data Correspondence data Technical data | Our legitimate interests of protecting and maintaining the security of our systems |
To protect and manage email traffic | Identity data Contact data Correspondence data Technical data | Our legitimate interests of protecting and maintaining the security of our systems |
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV | Identity data Technical data CCTV data | Our legitimate interests of protecting the safety and security of our offices and staff |
To share personal data with third parties in certain circumstances as detailed in Section Three | Identity data Contact data Employment data Correspondence data Technical data CCTV data | Our legitimate interests of pursuing and developing our business, including to allow us to outsource certain business activities |
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency | Identity data Contact data Employment data Correspondence data Technical data CCTV data | For our legitimate interests of protecting, realising and growing the value in our business The legitimate interests of our shareholders including in managing their investment in our business |
Generally to manage the activities of our business, including monitoring and recording electronic communications (including telephone calls and emails) | Identity data Contact data Employment data Correspondence data Technical data CCTV data | Our legitimate interests including of pursuing and developing our business, providing services, protecting and maintaining the security of our systems, offices and staff and generally to manage and operate our business |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
WHERE YOUR CONSENT IS REQUIRED
If we consider it necessary to obtain your consent in relation to the use of your personal data you will be asked to provide this and/or we will contact you to request this consent. In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact Haventus at enquiries@haventus.com FAO Martin Roughead. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
IF YOU FAIL TO PROVIDE THE INFORMATION REQUESTED
Where we need to collect personal data in order to perform our business relationship with you, and you fail to provide that information, we may not be able to perform the business relationship we have or are trying to enter into with you.
SECTION THREE – OTHER INFORMATION
This section of our privacy policy provides information about our data protection practices, including information about our data security and retention policies, details of our arrangements for disclosing personal data to third parties and transferring personal data outside of the UK and EEA and information about your rights under Data Protection Laws.
DATA SECURITY
We have put in place measures designed to ensure the security of the personal data we collect and store about you. We will comply with law in our approach to protecting your personal data from unauthorised disclosure and/or access, but we cannot guarantee the security of any data we collect and store.
DISCLOSURES OF YOUR PERSONAL DATA
We may share your data with third parties, including third-party service providers, regulatory bodies and other authorities, and other entities in our group, including where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so.
- Intra-group: We may share your personal data with other members of the Haventus group of companies in the ordinary course of our business, including as part of our regular reporting activities on Haventus’ performance, in the context of a business reorganisation or group restructuring exercise, as part of intra-group service arrangements, and in order to consolidate services and systems on a group-wide basis (including for efficiencies).
- Third parties: We will disclose personal information we hold about you to third parties who are providing services to us (or to you), which may include the following:
- IT service providers.
- Software and software-as-a-service (SaaS) providers.
- Event management businesses.
- PR and marketing service providers.
- Printers.
- Telephone service providers.
- Document storage providers.
- Backup and disaster recovery service providers.
- Other professional services providers, such as lawyers, accountants and tax advisers.
- CCTV providers.
- Regulatory and other authorities: We may share your information in order to comply with any applicable legal and regulatory obligations to which we are subject.
We may also disclose your information to third parties (including professional advisers) in connection with the actual or potential acquisition of some or all of our business or assets. Where such data is provided to third parties to process it on our behalf, we will enter into agreements with such third parties which impose processing obligations. Where we disclose your personal data to third parties, those third parties may in certain circumstances require to process your personal data for purposes and means which they determine. For example, they may need to use your information to comply with their own legal obligations. In those cases, the relevant service provider will be acting as a controller in respect of your personal data, and its use of your personal data will be subject to its privacy policy (which they are required by law to make available to you).
TRANSFERRING YOUR PERSONAL DATA OUT OF THE UK AND/OR EEA
In some circumstances, your personal data may be transferred outside of the UK or the European Economic Area (EEA), including because some of the external service providers used by Haventus may be based (or carry on processing of personal data) outside of the UK or EEA so their processing of your personal data may involve a transfer of personal data outside of the UK or EEA. Where we transfer your personal data outside the UK or EEA we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the UK or EEA. Please contact us if you would like further information on the specific safeguards we use when transferring your personal data out of the UK or EEA.
HOW LONG YOUR PERSONAL DATA WILL BE KEPT
We will only retain your personal data for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any business, legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
AUTOMATED DECISION-MAKING
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
YOUR LEGAL RIGHTS
In certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object if and where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Withdraw your consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact Haventus at enquiries@haventus.com FAO Martin Roughead. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you wish to exercise any of the rights set out above, please contact Haventus at enquiries@haventus.com FAO Martin Roughead. You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
CHANGES TO YOUR DATA
It is important that the personal data we hold about you is up-to-date. Please let us know of any changes to your personal data so that we can correct our records.
CHANGES TO THIS PRIVACY POLICY
We keep our privacy policy under review and may change it from time to time. This version was last updated in March 2024.