GDPR / Supplier Policy
1. Key terms
We, us, our: HR Smith Group of Companies, Techtest Limited, HR Smith (Technical Developments) Limited, Specmat Limited
Personal data: Any information relating to an identified or identifiable individual
2. Personal data we collect about you
The table below sets out the personal data we will or may collect in the course of dealing with an initial or ongoing enquiry concerning any HR Smith products or support enquiries. This personal data is required to enable us to provide our service to you.
Personal data we will collect:
address and telephone number
details of your position in your company
website cookies & website analytics data
3. How your data is collected
4. How and why we use your personal data
Under data protection law, we can only use your personal data if we have proper reason for doing so e.g. in order to create, process and reply to any requests from yourself concerning any HR Smith products and services.
What we use your personal data for:
Generating product quotations: In order to provide you with current pricing for our products & services
Generating invoices: In order to create and deliver invoices for purchased products & services
Quality control: For internal quality control procedures
Auditing: For the use of internal audits
Marketing: For use in promoting our business to existing and former clients
External audits e.g. our regulators: For legitimate interests or those of a third party, i.e. to maintain accreditations so we can demonstrate that we operate at the highest standards
Website analytics: To see how effective our website is performing
5. Digital & Promotional Communications including newsletters
6. Who we share your personal data with
We routinely share personal data with:external auditors and regulatorsour banks / accountants / legal advisorsour sales agents and representativesWe only allow our service providers to handle your personal data if we are satisfied they take the appropriate measures to protect your personal data. We may disclose and exchange information with law enforcement agencies should this be required by a valid lawful request concerning an investigation or enquiry.
7. Where is your personal data held
Information may be held at our offices and those of our group companies, representatives and agents (see ‘who we share your personal data with’). Some of our offices are located outside of the European Economic Area. For more information, including on how we safeguard your personal data when data is shared with our overseas office please see ‘Transferring your personal data out of the EEA’.
8. How long your personal data will be kept
We will keep your personal data after we have finished advising or supplying any services or products. We will do so for one of these reasons:to respond to any questions, complaints or claims made by you or on your behalfto show that we treated you fairlyto keep records required by lawWe will not retain your data for longer than necessary for the purposes set out in this policy.
9. Transferring your personal data out of the EEA
To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) e.g.:with your and our service providers located outside the EEAif you are based outside the EEAThese transfers are subject to special rules under European and UK data protection law. These non EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure.
10. Your rights
You have the following rights, which you can exercise free of charge by submitting written notice to the data protection officerAccess: The right to be provided with a copy of your personal dataRectification: The right to require us to correct any mistakes in your personal dataTo be forgotten: The right to require us to delete your personal data - in certain situationsRestriction of processing: The right to require us to restrict processing of your personal data - in certain circumstances e.g. if you contest the accuracy of the dataData Portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.To object: The right to object:- at any time to your personal data being processed for direct marketing (including profiling);- in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.Not to be subject to automated individual decision making: The right not to be subject to a decision based soley on automated processing (including profiling) if you would like to exercise any of those rights, please:email our Data Protection Officer - see below ‘How to contact us’; andlet us have enough information to identify youlet us have proof of your identity and address by means that are acceptable by HR Smithlet us know what right you want to exercise and the information to which your request relates
11. Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to so.
12. How to contact us