HewardMills – Privacy Notice
Last updated: 13/09/2024
This Privacy Notice explains how HewardMills ltd, its subsidiaries and affiliated entities located globally, including HewardMills Holdings Limited, HewardMills Ireland Limited and HewardMills DPO Ghana (hereinafter “HewardMills”, “we”, “us”, “our”), process and adequately protect personal data about you (your ‘personal data’) when you use our website or use our Services .
We are a Data Protection Officer (DPO) entity which provides the best available DPO services and support for organisations globally. We provide regulatory advice to help clients comply with global data protection laws and regulations (collectively our ‘Services’), including but not limited to the GDPR (EU & UK), the CCPA (California Consumer Privacy Act), ePrivacy Regulations and cybersecurity requirements as well as legal and regulatory requirements arising from emerging technologies (collectively “applicable data protection laws”).
We reserve the right to change this Privacy Notice at any point in time and for any reason. You will be updated by changes through the “Last updated” date on top of this Privacy Notice.
What personal data do we collect and why?
HewardMills is committed to transparency about your personal data and will only collect and process the personal data we need for a specified purpose as per the below:
Type of personal data | Purpose for processing personal data | Lawful basis for processing personal data |
---|---|---|
Business Contact Information
|
|
|
Website Visitors’ Information:
|
|
Legitimate Interests |
Client and Prospect Data: All personal data shared with our clients or prospects in the course of our contractual or pre-contractual relationship. |
|
|
HewardMills does not knowingly collect or process special categories of personal data .
Disclosure of your personal data
We may sometimes need to disclose personal data for the following purposes:
- Performance of the contract: We may disclose your personal data with our affiliates, business partners, suppliers, contractors, and other third parties when it is necessary for the performance of a contract we enter into with you. This includes the use of third parties for administrative purposes and to facilitate the provision of our products and services to you. Such third parties may include IT support providers, hosting services, cloud-based software solutions, and telecommunications equipment providers.
- Direct Marketing: We may disclose your personal data to our business partners for the purpose of direct marketing, but only where you have provided explicit consent. This allows us to send you marketing communications about our products and services that we believe may be of interest to you.
- Legal obligation. We may be required by law or pursuant to a court order to disclose certain personal data to relevant regulatory, law enforcement and/or other competent authorities.
- Legal claims: We may need to share personal data to exercise or defend legal claims.
- Business transfers: As we continue to develop our business, we might sell or buy other businesses or services. We may need to disclose personal data as part of a merger, acquisition, bankruptcy, or similar process.
International Data Transfers
HewardMills operate in many countries around the world. As a global DPO service provider, we may need to share your data with people who work for HewardMills and to third parties located in countries different from the country you are located. If we need to do an international transfer of your data, it will normally be to a country with a decision of adequacy from the regulator in your home country. Where this is not possible, we will ensure that transfers take place under appropriate safeguards (such as standard data protection clauses or an approved code of conduct).
Minors
HewardMills does not allow anyone under the age of 18 to use HewardMills services and does not knowingly collect personal data from children under the age of 18. Should we mistakenly collect a child’s personal data without appropriate authorization, it would be immediately deleted.
Third-Party Websites ?
Our websites and apps may contain links to third-party websites and apps. By clicking on these links, you would leave our website and be directed to third-party websites. We are not responsible for the processing of your personal data taking place on these third-party websites or their content. The terms of this Privacy Notice do not apply to these third-party websites or apps, or to any collection of your Personal data after you click on links to such third-party websites. We encourage you to read the privacy policies of every website you visit.
Cookies and Other Technologies
We use cookies and similar tools to enhance our ability to deliver our services, to understand how customers use our services so as to improve our customer experience, and to display ads. For more information about cookies and how we use them, please read our Cookies Notice. You can manage your cookie preferences here.
Your Rights
At HewardMills, the satisfaction of our customers is of central importance. We respect your rights concerning the processing of personal data and provide you with the relevant and appropriate choices. Depending on your location and residency you may have a right to one or more of the following with respect to your personal data we process or control. Details about these rights and how to exercise them are provided below.
We will aim to comply with your request within one month of receiving your request. Depending on the complexity and scope of your request, we may need to extend this period to a maximum of three months. If so, we will notify you via the contact information you have provided, explaining the reason for the extension and the expected timeframe for fulfilling your request.
To exercise any of your rights, please contact our designated privacy contact here: dpo@hewardmills.com mailto:DPO@company.comproviding details of your request.
Note that you may have the right to designate another person to serve as your authorized agent, to exercise any of the rights described below.
1. THE RIGHT OF ACCESS.
You have the right to access a copy of your personal data and to request information about how we process your personal data. This includes information about the purposes of the processing, the categories of personal data we process, and the recipients or categories of recipient to whom the personal data have been or will be disclosed.
2. THE RIGHT TO RECTIFICATION.
You have the right to request that we correct any inaccurate personal data we process about you., and to request that we complete any incomplete personal data we process about you.
3. THE RIGHT TO ERASURE.
You have the right to request that we erase your personal data under certain conditions, e.g., if the information is no longer needed for its intended purposes, if you have withdrawn your consent, if you have made a valid request under the “right to object”, if the information has been processed unlawfully, or to comply with a legal obligation.
4. THE RIGHT TO RESTRICT PROCESSING.
You have the right to request that we restrict how we process your personal data if:
You claim that the personal data is inaccurate, and we need time to verify this; or
The processing is unlawful, but you do not want the personal data erased; or
The personal data is no longer needed for the purposes for which it was collected, but you still need it to establish, exercise or defend legal claims; or
You have exercised the right to object, and we need time to determine whether to comply with your objection, under certain circumstances.
If you make a valid request to restrict the processing of your personal data, we will continue to store the information. We will not process the information in any other ways, unless we have your consent; we need the personal data to establish, exercise or defend legal claims; we need to protect the rights of another natural or legal person; or we need to process the personal data for reasons of important public interest.
5. THE RIGHT TO OBJECT.
You have the right to object to the processing of your personal data under certain conditions. You have the absolute right to object to us using your personal data for direct marketing.
In other circumstances, we might decline your objection, but only if we can demonstrate “compelling legitimate grounds” to continue processing your personal data. The right to object only applies where our legal basis for processing your personal data is for our “legitimate interests” or where we are performing a “public task”. For more information about our legal bases for processing, see the relevant part of our Privacy Notice above.
6. THE RIGHT TO DATA PORTABILITY.
Under certain conditions, you have the right to request a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format. Where technically feasible, we will also transmit this personal data to another organization at your request. This right only applies to digital information that we collected from you with your consent, or that we collected as part of a contract or proposed contract with you.
7. RIGHTS IN RELATION TO AUTOMATED DECISION MAKING AND PROFILING.
You have certain rights relating to “solely automated individual decision-making, including profiling”. A “solely automated individual decision” is a decision made by an automated system that does not involve a human. We are not allowed to make solely automated decisions that affect your legal rights or other similarly important matters unless (I) we need to do so under a contract with you, (ii) we are allowed to do so by law, or (iii) we have your consent. In these cases, you have the right to request a human review of the decision, to challenge the decision, and to request an explanation of the decision.
8. RIGHT TO LODGE A COMPLIANT WITH SUPERVISORY AUTHORITY
You have the right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data. We encourage that you try and resolve the issue with us at first, although you have the right the contact the supervisory authority at any time.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data Retention
We will store your personal data for no longer than is necessary to fulfil the purposes described in this Privacy Notice. We may also be legally required to store personal data for a specific period as may be required for tax and accounting purposes, compliance with anti-money laundering laws, or as otherwise communicated to you. When considering retention periods, we first carefully assess whether it is necessary to retain the personal data collected and, if retention is required, we endeavour to retain the personal data for the shortest term permitted by law.
Contact Information
If you wish to leave a comment, raise a question, exercise your rights or learn more about the processing or your personal data by HewardMills, please do not hesitate to contact us at dpo@heardmills.com.