Privacy policy

Privacy Policy

Hope and May is committed to protecting your privacy and the secure handling of your personal data. For the purposes of this notice, Hope & May is the data controller. To ensure the processing of personal data is lawful, Hope and May will process your personal data in accordance with UK Data Protection Law which includes but may not be limited to the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications Regulation (PECR), The Data Protection Act 2018 and any other relevant data protection legislation according to where you may reside or where your organisation may be established.

This Privacy Notice explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others. Your personal data is defined as any information that can directly or indirectly identify you. This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them.

If you have any questions regarding our Privacy Notice and our use of your personal data, or would like to exercise any of your rights, please get in touch via the following information:

Email us: info@hope-may.com or sofiya@hope-may.com

Call us:  0330 111 0013

Personal Data we collect: How, why, and what lawful basis:

APPENDIX 1 – HUMAN RESOURCES (EMPLOYEES, TRUSTEES, JOB APPLICANTS AND VOLUNTEERS)

APPENDIX 2 – CLIENTS AND CLIENT COMMUNICATIONS

APPENDIX 3 – WEBSITE VISITORS AND COOKIES

Where your data is stored

We retain personal data and other records in the UK and in the EU

Your Rights:

Under data protection laws in the UK and EU, you have certain rights over the personal information that we hold about you. If you would like to exercise your rights, please get in contact with any of the details listed above. Here is a summary of the rights we think apply:

  1. Right to be Informed

You have the right to be informed as to how we use your data and under what lawful basis we carry out any processing. This Privacy Notice sets this information out however if you would like further information, please get in touch.

  1. Right of Erasure – also known as the right to be forgotten

You may ask us to delete some or all of your information we hold about you. Sometimes where we have a legal obligation we cannot erase your personal data.

  1. Right to Object

You have the right to object to processing where we are using your personal information such as where it is based on legitimate interests or for direct marketing.

  1. Inaccurate personal information corrected

Inaccurate or incomplete information we hold about you can be corrected. The accuracy of your information is important to us and we are working on ways to make this easier for you to review and correct the information that we hold about you. We will also carry out an annual accuracy check. If any of your information is out of date or if you are unsure of this, please get in touch through any of the contact details listed in this notice.

  1. Right of restriction

You have a right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we are not lawfully allowed to use it.

  1. Right to Access your information

You have a right to request access to a copy of your personal information that we hold about you, along with the information on what personal information we use, why we use it, who we share it with, how long we keep it for and whenever it has been used for automated decision making. You can make a request for access free of charge and proof of identity is required.

  1. Automated decision making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to question the outcome of automated decisions that may create legal effects or create a similar significant impact on you. We currently do not undertake automated decision making.

  1. Portability

You can ask us to provide you or a third party with some of the personal information that we hold about you.

  1. Right to withdraw consent

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data

Complaining about our processing of data

If you feel that data has been handled incorrectly by Hope and May, a complaint can be made to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK.

They can be contacted on 0303 123 1113 or by going online to www.ico.org.uk/concerns

If you would like to discuss your concerns directly with us please call 0330 111 0013 or us the contact us form at the bottom of this page.

If the organisation is based outside the UK, the complaint should be directed to the relevant data protection supervisory authority in that Country.

Changes to our Privacy Notice

This privacy notice is kept under regular review.  If we make any significant changes to the way in which we process your information, we’ll make the required changes to this Privacy Notice and will notify you so that you can raise any concerns or objections with us. When making less impactful changes, we’ll update this notice and post a summary of the changes on our website.

This privacy notice was last updated August 5th 2024

 

Appendix 1: Human Resources:

How and when do we collect information about you?

You provide several pieces of data to us directly during the recruitment period and subsequently upon the start of your employment/engagement.

In some cases, we will collect data about you from third parties, such as employment agencies or former employers when gathering references.

What types of information is collected about you and who provides it?

We keep several categories of personal data on our employees and volunteers in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each individual.

Specifically, depending on your type of engagement with us, we may process the following types of data:

  1. personal details such as name, address, phone numbers
  2. name and contact details of your next of kin
  3. your photograph, your gender, marital status
  4. information of any disability or other medical information you have disclosed
  5. right to work documentation
  6. information gathered via the recruitment process such as that included in a CV, cover letter or application form, references from former employers, details on your education and employment history etc
  7. National Insurance number, bank account details and tax codes
  8. information relating to your employment with us (e.g job title, job description, salary, terms and condition of the contract, annual leave records, appraisal and performance indication, formal and informal proceedings involving you such as letters of concern and disciplinary, disciplinary and grievance proceedings.)
  9. information on time off from work including sickness absence, family related leave etc
  10. IT equipment use including telephones and internet access
  11. your biography and picture for the website (if applicable).

 We may also process special category of data which include health information. We also process criminal records information conducted during DBS check.

Lawful basis for processing

We mainly use ‘contractual obligation’ as a lawful basis for processing personal data for employees. We may also have legal obligation in order to process and share your data, for example we need to share salary information to HRMC or use some of your data to enrol a new employee on a pension scheme.

We may rely on our legitimate interest for processing activity such as keeping supervision and appraisal records; using your image, bio and videos/pictures of the organisations’ events where you may appear on our website or marketing. Some special categories of personal data, such as information about health or medical conditions is processed in order to carry out employment law obligations (such as those in relation to colleagues with disabilities and for health and safety purposes). When processing criminal records (for example, in order to perform DBS check), the organisation relies on the lawful basis of legitimate interest read with conditions from the Data Protection Act 2018.

Appendix 2: Client and service users

How and when we collect information about you

We collect only basic information from clients such as their office address, email address, names.

Hope and May does not set out to collect any special category information about its clients or their staff, customers, supporters, beneficiaries or members.

However, we are mindful that information of the type may be available to us from time to time. For example, if an organisation reveals to us a staff file, or the details of a beneficiary or service user of a charity for the purposes of an SAR. Any observations made as part of our service are justified in our general terms and conditions of business which forms the necessary contractual understanding.

Lawful basis for processing

For any client information that we process, we rely on contractual obligation. For any other information we receive during providing our services, eg. dealing with a subject access request, we rely on contractual obligation.

Appendix 3: Website visitors and Marketing

How and when we collect information about you, and the lawful basis.

When an individual visits our website, we may collect the IP Address, page visited, web browser, any search criteria entered, previous web page visited and other technical information. This information is used solely for web server monitoring and to deliver the best visitor experience. We may use technology such as cookies to help us deliver relevant and interesting content in our communications in the future. We may profile individuals to find out more about them but in the least most intrusive way. We may use information we collect to display the most interesting content on our website we may use data we hold about previous visits. We rely on legitimate interest for such processing.

We may also collect social media usernames if data subjects interact with us through these channels in order to help us respond to comments, questions and feedback. The data privacy laws allow this as part of our legitimate interest in understanding our audience.

When we send out marketing communications such as our newsletter, we rely on your consent.

Get in touch