This privacy notice describes how and why we process your personal information. Your privacy is very important to us and we are committed to using your personal information lawfully and protecting your privacy.
Who are we?
Helyx is a company registered in England & Wales. Our full legal name is Helyx Secure Information Systems Limited. Our company number is 04464638. Our registered address is Millennium House, 65 Walton Street, Aylesbury, Buckinghamshire HP21 7QG and our administrative offices are at 2 Hanley Court, Brockeridge Park, Tewkesbury, GL20 6FE.
Helyx SIS Ltd is registered with the Information Commissioner’s Office. Our registration number is ZA240172.
How and on what basis do we collect, hold, use and/or process personal information?
We will only collect, hold, use and/or process (together “process”) your personal information where we are legally allowed to do so.
We will ensure that your personal information is:
- processed lawfully, fairly and transparently
- collected for specific, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for the purpose of the processing
- kept accurate and up to date
- only kept for so long as is necessary
- processed securely using appropriate technical and organisational measures to ensure integrity and confidentiality
For us, the lawful basis which we rely on will fall into one of the following:
Contractual performance:where we process your personal information for contractual performance
This includes enabling us to take steps you request prior to us entering into a contract; and then once we have entered into a contract, to enable us to perform the contract and to provide you with the products and services. We will process your personal information in accordance with the contract.
Legitimate interests:where we process your personal information for our legitimate interests
We are a commercial organisation engaged in the provision of professional services and engineering. We have an interest in promoting, marketing, selling and supporting our services. Where we process your personal information for our interests we will do so only where we have carefully considered both our and your interests. We will not process your personal information if our interests are overridden by your interests or fundamental rights and freedoms.
Consent:where we rely solely on your consent to process your personal information
There may be circumstances where we need to or are required to obtain and/or rely upon your consent to process your personal information. If this is the case we will give you:
- the reason for needing your consent, including details as to how we will process your information
- the choice as to whether to provide consent
- information to enable you to withdraw your consent
Why do we process personal information and how do we process it?
We process your personal information for a number of reasons. Primarily this will be to enable you to contract our services or to send you, or allow you to access, our marketing material. We only process your personal information in accordance with the law, including the EU General Data Protection Regulation, as set out in this privacy notice.
Further information on these is set out below:
|Example||Lawful Basis for processing|
|You are a customer||We will have entered into a contract with you in order to provide you with products, services, content or training|
|You use our website||To help inform you of our products and services. Where we process your information, we will do so with your consent|
|You attend one of our events||To provide you details of the event. Where we process your information, we will do so with your consent|
|You visit our office||The legitimate interests for processing information when you visit our offices is to ensure our and your security and safety during the visit|
|You apply for a job with us||The legitimate interests for processing information you provide us is to facilitate your application for employment|
|You contact us||The legitimate interests for processing information you provide us when you contact us on a specific enquiry is to enable us to address your query|
|If you are a supplier||We will have entered into a contract with you in order for you to supply us with products, goods or services|
How do we process personal information?
|Example||Where is the personal information captured|
|Where you are a customer||In pre-contract discussions and correspondence
In contractual documents
When registering, using or receiving our products and services
Where we provide you with support and assistance in the use of our products and services
|If you use our website||Via specific forms on our website, e.g. when you download case studies or register for trial software
Via cookies or our website analytics tools
|When you attend one of our events||Typically, via a website provided by us or by a company working on our behalf to organise the event|
|If you visit our offices||When you sign-in to our visitor book|
|If you apply for a job with us||Typically, via email when you send us your CV|
|If you are contacting us||Typically, via email to one of our staff|
What personal information do we process?
We may also process other personal information about you when needed to provide data, software, products, services or other information that you requested. We will make you aware of what personal information we are processing at the time of when we obtain it.
We do not process any sensitive personal information about you. You should not provide us with any sensitive personal information. Any sensitive personal information provided to us will be deleted.
Who do we share your personal data with?
We will never sell your information to a third party.
We will only share your information with a third party or transfer your data outside of the UK / EU if we need to. Where we do this we will comply with all of our legal obligations and we ensure that there are adequate protections in place to protect your information.
If we need your consent we will:
- explain why we need to share your personal information
- explain the purpose for which we will be sharing it
- provide you with details of the third party
- obtain your explicit consent for such.
You will be able to easily withdraw your consent in the same way in which you gave it.
Where we rely on a different lawful basis, such as ‘legitimate interests’ or ‘contractual’, we will do so only to the extent permitted by such lawful basis.
- Those whom we use for our back-office systems, for the purpose of hosting those back-office systems.
- The third party owner or licensor of any third party software and/or third party data, for the purpose of licensing and administering access, use and support of the third party software and/or third party data.
- Those acting on our behalf for our conferences, events or webinars, for the purpose of providing the facilities, to enable the conference, event or webinar to take place, and where applicable to ensure your safety.
- Venues used to deliver our external training courses, for the purpose of enabling the delivery of the training and to ensure your safety when onsite at that venue. These include specific customer or 3rd party locations, as dictated by the relevant contract.
How long do we keep your personal information?
- In all cases we will only keep your personal information for as long as we have a lawful basis for processing it.
- Where you enter into a contract and/or place an order, we will keep your information for the duration of the contract and/or order, and thereafter for such period as we are permitted by law (to comply with financial legislation), or for so long as is necessary for the establishment, exercise or defence of legal claims.
- Where you have made a general or specific enquiry but have not entered into a contract or placed an order with us, we will keep your information until that enquiry is resolved.
- Where you have expressly consented to and/or subscribed to marketing, newsletters, events information or to any other form of communication, we will keep your information only whilst your consent and/or subscription is valid.
Where we no longer need your information and no longer have a basis for keeping it, we will delete it within 6 months.
How do we secure your personal data?
We place a great deal of importance on the security of all personal information. We have in place appropriate technical and security measures which are reviewed routinely. Our approach to information security is validated by our externally audited certification to Cyber Essentials (and Cyber Essentials Plus, from May 18).
Your rights; including your right to object and right to withdraw consent
We respect and place significant importance on your rights. To demonstrate this we have a separate document that outlines your rights, provides further information in relation to those rights and details what we will do when you wish to exercise your rights. Please refer to our ‘Data Subjects Rights Policy’, which can be found on the Helyx Website in the GDPR section and on our company shared drive.
In summary, your rights include the right to:
- Basic information (such as our identity, or that of the controller if not us, the reason and basis on which we process your personal data, together with as much information to ensure fairness and transparency) and to be informed
- Object: to object to processing of personal data where such is done by us in certain circumstances, for example for our legitimate interests or direct marketing
- Withdraw consent: to withdraw your previously given consent
- Access: to be aware of and verify the lawfulness of the processing
- Rectification: to correct personal data if it is inaccurate or incomplete
- Erasure: to request the removal or deletion of personal data
- Restrict processing: to restrict the processing of personal data
- Data portability: to obtain and reuse personal data
- Be aware of any automated decision making or profiling, and to request such is restricted
If you wish to object or to withdraw consent, you may contact us though one of the methods detailed below in the ‘Contact us’ section. In addition, where we have sent you a marketing email, we will have provided an ‘unsubscribe’ or ‘set your preferences’ or ‘opt-out’ link which you can use to stop any future marketing communications.
Concerns or complaint?
If you have a concern or complaint about our processing of your personal information, then you may contact us though one of the methods detailed below. We will endeavour to resolve or address your concern or complaint. If we are not able to do so you may be entitled to complain to the supervisory authority and/or seek a remedy through the courts.
Contact us: do you want to discuss how or why we hold personal information about you, what personal information we hold about you, or request your personal information to be amended or deleted?
Please contact us by one of the following means:
- E-mail us at: firstname.lastname@example.org
- Telephone us at: +44 (0)1684 273725
- Write to us at: 2 Hanley Court, Brockeridge Business Park, Twyning, Tewkesbury, Gloucestershire, GL20 6FE.