PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
- “Location data” – we may collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example. We may use GPS and other technologies to collect geolocation data that tells us your location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt, you may not be able to use certain aspects of the Services.
Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit and debit card numbers), email address, phone number, account name and password. We refer to this information as “Order Information.”. All payment data is stored by Stripe. You may find their privacy notice link here: https://stripe.com/gb/privacy.
When you purchase and attend an advisory or consultancy service, we will collect any data you provide to us in this meeting, which may include your name, workplace, personal and sensitive including information revealing your race or ethnic origin, information revealing religious or philosophical beliefs, information revealing trade union membership, health data including mental health. This data is confidential, only available to HR Said That with your consent and this data is not shared with third parties.
We will collect anonymised data from any surveys or open calls for submissions of data we release, but not limited to, the purposes of improving our products and services, creating reports on various aspects across the creative industries, creating reports on various aspects of HR operations and workforce data within the creative industries.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication, and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
- To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
- To respond to user enquiries/offer support to users. We may process your information to respond to your enquiries and solve any potential issues you might have with the requested service.
- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
- To fulfil and manage your orders. We may process your information to fulfil and manage your orders, payments, returns, and exchanges made through the Services.
- To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
- To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see “YOUR RIGHTS” below.
- To deliver targeted advertising to you. We may process your information to develop and display personalised content and advertising tailored to your interests, location and more.
- To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
- To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
- To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provider marketing and promotional campaigns that are most relevant to you.
- To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest such as to prevent harm.
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use GoDaddy to power our online store--you can read more about how GoDaddy uses your Personal Information here: https://www.godaddy.com/en-uk/agreements/privacy.
We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Third-Party Service Providers – we may share your data with third-party vendors, service providers, contractors, or agents (“third-parties”) who perform services for us on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organisation apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:
- Ad Networks
- Affiliate Marketing Programs
- Cloud Computing Services
- Communications & Collaborations Tools
- Data Analytics Services
- Data Storage Service Providers
- Finance & Accounting Tools
- Payment Processors
- Performance Monitoring Tools
- Retargeting Platforms
- Sales & Marketing Tools
- Social Networks
- User Accounts Registration & Authentication Services
- Website Hosting Service Providers
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
FACEBOOK - https://www.facebook.com/settings/?tab=ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
Summary: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to processes your personal information:
- Consent. We may process your information if you have given us permission (i.e. consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing Services or at your request prior to entering a contract with you.
- Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
1. Send users information about special offers and discounts on our products and services
2. Develop and display personalised and relevant advertising content for our users
3. Analyse how our services are use so we can improve them to engage and retain users
4. Support our marketing activities
5. Diagnose problems and/or prevent fraudulent activities
6. Understand how our users use our products and services so we can improve user experience
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident, we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
WITHDRAWING YOUR CONSENT
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the details on our website and within this policy or updating your marketing preferences.
OPTING OUT OF MARKETING AND PROMOTIONAL COMMUNICATIONS
You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send or HR Said That directly and being asked to be removed from our mailing list using the details provided on our website.
We keep your information for as long as necessary, or until you ask us to delete this information, to fulfil the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
KEEPING YOUR INFORMATION SAFE
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we can not promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of information to and from our Services is at your own risk. You should only access the Services within a secure environment.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org.