Where the legal basis of consent is to be used, this will be gathered freely, we will use clear, plain language that is easy to understand, and you will be able to remove your consent at any point.
1. What Information do we collect about you and how do we use it?
We collect/process information so that we can provide the best possible experience for you when you use our site. This section of the policy will describe the purpose for processing your Personal Data, the legal basis to do so and how long we will keep your data.
“Personal Data” has the meaning given to it in the Data Protection Laws.
“Data Protection Laws” means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Act 2018, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded.
We do not collect any Special Categories of Personal Data about you (such as details about your race or ethnicity, religious or philosophical beliefs, sexual orientation,or information about your health).
1.1. Our Site
If you choose to use our site, including receiving email notifications, newsletters and product/service updates, or attending webinars, you must consent to provide us with some Personal Data so that we can provide these services to you; this will include your name, email address and IP address. Other non-mandatory Personal Data may also be gathered if you choose to provide it.
We will only process your personal data where we have a lawful basis for doing so. In general, unless we have your consent, our lawful basis will be one or more of the following:
● that the processing is necessary for the performance of a contract;
● that the processing is necessary for compliance with our legal obligations;
● that the processing is necessary for the purposes of pursuing our legitimate interests (this includes carrying out the business of providing products and services and pursuing our general business interests);
● that the processing is necessary for the establishment, exercise or defence of legal claims;
Sometimes we may process personal data on the basis that you have provided your consent, however you have the right to change your mind which you can do by getting in touch with us using the contact details below. You may also opt-out of receiving marketing emails from us by following the instructions outlined in the email.
We will retain Personal Data for active customer leads or site users for a period of up to two (2) years. A lead will be active under the following circumstances:
● An email sent by our organisation has not received an unknown account bounce back
● An email or contact us form has been sent to us from the data subject
We would like to send you information about new or existing products and services, or content resources of ours which may be of interest to you. You have a right at any time to stop us from contacting you for marketing purposes. To distribute our marketing information we may use personal data such as names, addresses, email addresses, employer details, job titles, telephone numbers and LinkedIn profiles.
If you request or consent to be added to our mailing or marketing lists, we will use consent as the legal basis to process your Personal Data.
If you haven’t requested to be added to our mailing or marketing lists, we will process Personal Data using the following legal rationale to send marketing information: if your role within an organisation is associated with any of:
● learning and development;
● diversity & inclusion or wellbeing
● leadership & management
● culture change
● business change & transformation
then we will use legitimate interest as the legal basis to process the data. We use this legal basis after completing a legitimate interest assessment process. The assessment states we will only send low volume, customised messages to business email addresses who, based on their job role, would have a legitimate interest in developing their employees and may find our product useful. If you do not want us to contact you we will provide an unsubscribe facility within the emails or you can email us at firstname.lastname@example.org.
We will retain Personal Data for active customer leads for a period of up to two (2) years, a lead will be active under the following circumstances:
● An email sent by our organisation has not received an unknown account bounce back
● An email has been sent to us from the data subject
We will retain active cookie data for a period of up to one (1) year, a cookie will remain active if a user re-visits our site.
2. Updating This Policy
3. Your Rights
3.1. Accessing or Rectifying your personal data
In most circumstances before we are able to invoke your rights we may need to verify you as the data subject, therefore we will request data from you and this will be checked against our records before we can proceed.
We want to make sure that your personal information is accurate and up to date and you have the right to request a copy and update the Personal Data that we hold about you. You may ask us to correct or remove information you think is inaccurate. If you would like to invoke this right, please email or write to us at email@example.com or DP – Hive Learning, Scale Space, 58 Wood Lane, London, W12 7RZ.
Based upon the retention periods described above we will remove your Personal Data from our platforms.
3.3. Object, Restrict or Withdraw Consent
You may wish to object to or restrict our ability to process your Personal Data, this can be done either via email or in writing, using the contact details below. Further context may need to be requested to ensure we can carry out the relevant tasks to perform the request.
You can also opt out of receiving emails or updates at any point.
You may wish to port your Personal Data to another platform. If you would like to invoke this right, please email or write to us at firstname.lastname@example.org or DP – Hive Learning, Scale Space, 58 Wood Lane, London, W12 7RZ.
4. Who We Are And How To Contact Us
Our company name is: Hive Learning Limited
Our company address is: Scale Space, 58 Wood Lane, London, W12 7RZ.
Our email address is: email@example.com
5. To Whom We Disclose Information
Any information that you voluntarily choose to include in a public area of the site, will be available to any visitor or user who has access to that content.
6. Service Providers
We work with third party service providers who provide email hosting, core corporate applications, web hosting, maintenance, advertising, marketing and other services for us. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, our contracts with them require them to maintain the confidentiality of such information, and we ensure a privacy impact assessment and data processing agreement is conducted with each third party before any Personal Data is shared to ensure privacy compliance with applicable laws at all time. An up to date list of our service providers can be found at the end of this policy.
6.1. Overseas transfers
The information you provide may be transferred to countries outside the UK or European Economic Area (EEA). However, we will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your information, you consent to these transfers for the purposes specified above.
We may transfer your personal information to our service providers located outside of the UK or EEA as specified in the list of service providers which can be found at the end of this policy.
All of our International service providers have each provided the information to demonstrate they have appropriate technical and organisational measures in place to safeguard Personal Data, and it shall be processed to at least the same standards as set out by the General Data Protection Regulations. Each organisation has entered into Standard Contractual Clauses with Hive Learning, which is accepted by the European Commission as evidence that an adequate level of protection exists for the Personal Data in the country, territory, or organisation where it is being transferred.
6.2. Non-Personally Identifiable Information
We may make non-personally-identifiable information available to third parties for various purposes. This data may be automatically-collected and would be analysed to create an aggregated view of the data, ensuring the reported information was anonymous.
6.3. Law Enforcement, Legal Process and Compliance
We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
6.4. Change of Ownership
An up to date list of our service providers can be found [HERE]
7. Our Data Security
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way and we regularly review and maintain these measures to ensure they are always fit for purpose.
In relation to the California Consumer Privacy Act (CCPA), we confirm the following
● We do not sell any personal information
● We do not offer any financial incentive for your personal information
● You will not receive any discriminatory treatment by our business for exercising your privacy rights
● We will not charge you for exercising your privacy rights
● Upon receiving a request to know or a request to delete, we will confirm receipt of the request within 10 business days and provide information about how the business will process the request.
● We will respond to requests to know and requests to delete within 45 calendar days.
● We shall not disclose in response to a request to know a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions and answers, or unique biometric data generated from measurements or technical analysis of human characteristics.
● We are able to provide the information and classification of information when responding to a Request to Know request
● We are able to delete the personal information in relation to a Request to Delete request