Data Privacy at Halma plc
Halma respect your right to privacy and will process personal information you provide only in accordance with the General Data Protection Regulation 2018, the Data Protection Act 2018 and other applicable privacy laws.
Halma plc is responsible for the data we collect and process for our own purposes. We’re committed to maintaining the security and privacy of the personal data we process, whether through our website or through our interactions with clients, investors or industry partners.
Whilst we take appropriate measures in our own practices, security and privacy is at the core of our business operations. It is imperative we operate in accordance with industry and regulatory requirements.
Although our services do not revolve around collecting and processing personal data, we often process personal data as part of delivering information to our clients and investors.
We have an alerts section on our website, which allows individuals to sign up to receive our investor alerts. While Halma plc is the Data Controller, the alerts page is monitored by Investis Digital (Data Processor)and sending an email to email@example.com is monitored by our team. The alerts page form contains basic contact information. We request that you do not include sensitive information anywhere on this form, as we have other secure ways in which you can send us information, should we require any. This data is processed under your consent and only used to facilitate your enquiry.
Data Types – full name, email addresses, country and occupation
Data Types: name, country, email address, occupation, and employment.
To administer our website and protect our business and this website (including troubleshooting; data analysis; testing; system maintenance; support; and reporting and hosting of data) we will process your personal data under your consent.
Data Types: name, country, email address, occupation, and employment.
Financial Management, Accounting and Administration
Our financial management and accounting services process basic supplier contact information to fulfil our accounting requirements. This ranges from invoices, purchase orders, account details, statement of works, terms and conditions and bank details. We use a cloud-based solution to process and store this data. This processing is primarily to enable us to perform our side of the contract with our suppliers and meet our legal obligations for financial reporting.
Data Types – Name, email addresses, address, telephone details, supplier bank account details, signatures, business contact details.
We process basic contact and work information in relation to associates, contractors and job seekers who would like to work with us. The information could be collected through our website, email, Linkedin, social media, recruitment agencies or job advertising boards. Contractors who are working with us or who could potentially be working with us in the future will have their details stored in a cloud-based solution, so that we can keep track of their skills, work history, contact details and availability. This processing is undertaken under Halma plc’s legitimate interests and in the performance of a contract or with a view to entering into one.
Data Types – name, email addresses, address, telephone, CV, skills, work history, passport, driving licence, references and email conversations.
Halma plc make use of social media platforms such as LinkedIn, Instagram, Facebook and Twitter. We as a business sign up to the terms and conditions of the provider and use these platforms to provide insight into the latest news and activities taking place across our group, to promote Halma plc’s employees, our services and provide you with our latest thought leadership content on different subject matter.
We use industry leaders for our cloud-based infrastructure services, which means that the provider looks after all of the physical equipment and management of it. This means that there are high levels of physical security on our systems and Halma plc provide additional layers above that. We build our systems and services in these environments, which also allow you to choose the location of where data is held (including personal data). Halma plc always choose the United Kingdom (UK) or the European Union (EU), which means if we deliver a service from these systems, data will reside in the UK or EU.
Email, office applications and document storage
We use an externally hosted provider for these services who are world renowned experts in providing these services. The data is all processed in the EU and we are responsible for ensuring it’s configured securely. These systems are critical to our company and if you have dealings with us, no doubt your data will be held within these.
Security of Personal Data
We take the security of personal data extremely seriously. We assess security for Confidentiality, Integrity and Availability to ensure that data remains protected, accurate and available for its intended purposes. Some of the core controls we have implemented, for our cloud solutions, include:
- Multi-Factor Authentication (MFA) on all Internet cloud-based systems
- Encryption of data at rest and in transit
- Technical assessments of our systems for vulnerabilities and configuration weaknesses
- Controlled access to only approved individuals
- Security awareness training for all our employees
- Policies and procedures on secure operations and configuration of systems
International Data Transfers
Primarily our systems and services are all located within the United Kingdom. Your personal data will be processed outside of the EU and in countries that are deemed not to have adequate safeguards in place. This is because some of the locations of where some of the industry leading systems we use are hosted in the UK but process data outside of the EU in countries such as but not limited to the United States of America.
There may also be occasions where our employees work outside of the EU and access systems from outside the EEA.
Your rights in relation to your data
Under Data Protection Law you have a number of rights that are focussed on placing you in control of how your data is processed.
You can exercise these rights by emailing us at firstname.lastname@example.org or by writing to Halma plc, Misbourne Court, Rectory Way, Amersham, Bucks, HP7 0DE, UK.
We may ask you for identification prior to disclosing any data, as we need to ensure we only disclose information to the person entitled to it.
You have the following rights in relation to the processing of your personal data;
- Right to be Informed – You have the right to be provided information on how your personal data is processed
- Right to Access – You have the right to have access to the personal information we hold about you
- Right to Rectification – This relates to the right to rectify any inaccurate personal information we hold about you
- Right to Erasure – The right to request that we delete your data, or stop processing it or collecting it, in some circumstances
- The Right to Object – You have the right to object to the processing of your data, such as requesting us to stop sending you communications
- Right to Data Portability – You can request your personal data to be sent to another service provider
- Right to Withdraw Consent – You have the right to withdraw your consent and stop the processing of your personal data
Right to Lodge a Complaint – You can lodge a complaint with the Data Protection Regulator, the UK Information Commissioner’s Office, using the below details;
Postal Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Online Form https://ico.org.uk/global/contact-us/email/
Telephone: 0303 123 1113
Changes to our policy
From time to time, things change, and we are always striving to continuously improve our business operations and services we deliver.
Some of the changes may result in changes to our privacy information and this page, to ensure we are transparent about how we are processing your data at all times.
When any significant changes to the way we protect your privacy are made, we will make this clear on our website or by other means of communication such as email, so that you are able to review the changes and make an informed decision as to whether you want to exercise any of your rights in relation to the processing of your personal data.