At HBA (HB Acting) we take your privacy seriously and we are committed to respecting and protecting your privacy.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
Policy key definitions:
“HBA”, “HBA Acting”, “I”, “our”, “us”, or “we” refer to the business, HBA (HB Acting).
“you”, “the user” refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner’s Office.
Cookies mean small files stored on a users computer or device.
Key principles of GDPR:
Processing of your personal data
We are exempt from registration in the ICO Data Protection Register because we are only processing personal data for the core business purposes. And therefore do not have to register with and pay a fee to the ICO. We do however adhere to the principles of the General Data Protection Regulations and understand best practice for managing information.
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
We use the contract legitimate interest basis under the GDPR for the processing of your personal information to provide you with details of our services, supplying pricing, course information and details. We do not share your information with any third parties. We only store this information for as long as a legitimate interest exists or until you withdraw your consent.
We use the consent lawful basis under the GDPR for the processing of your personal information when you explicitly consent to subscribe to our email mailing list. Your information is used to send you marketing messages within the scope outlined to you at the point subscription. We collect your email address, IP address and the date and time you subscribed. Your information is not shared with any third parties. We only store this information under this basis until you withdraw your consent or it is determined your consent no longer exists.
Any personal information processed is done so securely with protective measures in place to prevent data breach. This includes data saved to computers, mobile devices, phone laptops or tablets. Protective measures include, passwords, finger print recognition software where applicable, fire wall technology and data encryption.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
What personal data we need and how we collect it
Personal data, or personal information, means any information about an individual that can identify them. It does not include data where the identity has been removed (anonymous data). We collect the minimum amount of personal information needed to complete a contract that we have with you.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes your first name, maiden name, last name, title, date of birth, credit/debit card information,
Contact Data includes your postal address, email address and telephone numbers.
Where we need to collect personal information about you by law, or to fulfil our obligations to you and you fail to provide that information when requested, we may not be able to perform the contract we have or services we are trying to provide to you. In this case, we may have to stop providing you with the services, but we will notify you if this is the case at the time. For example, where you do not consent for your child to be recorded by HBA, we will contact you and discuss whether we can continue providing the services under the contract.
We collect your personal information by direct interactions with you. Mainly you will give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone and email.
How we use your personal data
The processing of your personal data is necessary for us to provide a service that you have requested under a contract we have with you. We rely on that contract as a legal basis on which we process your personal data.
HBA processes personal data for certain legitimate business purposes which include, some or all, of the following:
Otherwise, we rely on consent as the legal basis on which we process your personal information. We will seek your consent from time to time to continue to process your data by contacting you.
We only use your personal information to administer your account and to provide you information on the products and services you have requested from us. From time to time we will also invite you to participate in surveys which help us to improve what we do. We will never sell, distribute or lease your personal information to third parties.
Where and how we store your personal data
When you provide HBA with personal data, we will hold your information on our electronic database.
We will use appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss destruction or damage of your personal information. Your personal information is stored electronically on a database file which is password-protected and stored offline, behind up-to-date firewall and antivirus protection.
Access to personal information is limited to Principals and employees of HBA. These individuals have access to the personal information on the database to enable them to perform their contractual duties. We provide all Principals and employees of HBA with Data Protection Legislation training.
We have put in place procedures to deal with any suspected personal information breach. In the unlikely event that your personal information was accessible to third parties through a data breach, we would inform you as soon as we become aware of it and any applicable regulator where we are legally required to do so.
How long we will retain your personal data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information we consider
– the amount, nature, sensitivity of the personal information,
– the potential risk of harm from unauthorised use or disclosure of your personal information;
– the purposes for which we process your personal information,
– whether we can achieve those purposes through other means,
– and the applicable legal requirements.
If you have contacted us and have requested that we keep your personal data on file for the purposes of receiving information from us, for example, about new services and projects, we will ensure that we confirm with you each time we contact you, that you are happy for your personal data to be stored by us for contact only. If you choose not to proceed with registering with us, we will remove all your stored data after 6 months.
Access to information
Data Protection Legislation gives you right to access the information we hold about you. Your right of access can be exercised in accordance with Data Protection Legislation. We will respond to any valid access request within 30 days (though if it is expected to take longer than 30 days, we will notify you and keep you updated on likely timescale) and we will make available your information in a format to be agreed. To obtain a copy of the personal information we hold about you please contact us in the manner set out at the end of this Privacy Notice.
You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. In these instances, we will notify you.
Erasure or rectification of information
Data Protection Legislation gives you the right to ask us to erase information held about you if it is no longer necessary in relation to the purposes for which it was collected or processed. You also have the right to ask us to rectify inaccurate information we hold about you or to complete incomplete information about you.
Your right of erasure and/or rectification can be exercised in accordance with Data Protection Legislation. If you make a valid erasure or rectification request, we will take reasonable steps to erase or rectify your information so far as required by Data Protection Legislation. However, Data Protection Legislation allows us to retain and continue processing your information in certain circumstances and if any of those circumstances apply we may continue to hold and process your information (in accordance with this Privacy Notice) despite your request for us to erase it. Such circumstances include (but may not be limited to) where our continued holding and/or processing or your information is necessary:
for exercising the right of freedom of expression and information;
Changes to our privacy notice and your duty to inform us of changes
We will communicate to you any material changes to our Privacy Notice. This will ensure that you are always aware of the information we collect, how we use it and the circumstances under which we may disclose it.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Your right to withdraw your consent or complain
You have the right to withdraw from us your consent to process your personal data at any time. Please bear in mind that if you object, this may affect our ability to complete a contract which we have with you or to access HBA services in full.
If you consider that we have failed to comply with this Privacy Notice and/or Data Protection Legislation in relation to the information which we hold or process, or you are not satisfied with our response, you have a right to make a compliant to the relevant UK supervisory authority for data protection issues at any time, which in the UK is the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance in the manner which is set out at the end of the Privacy notice.
Some cookies are required to enjoy and use the full functionality of this website.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Fair & Transparent Privacy Explained
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.