1.0 Our core beliefs regarding user privacy and data protection
• User privacy and data protection are human rights
• We have a duty of care to the people within our data protection policy
• Data should only be collected and processed when absolutely necessary
• We loathe spam as much as you do!
• We will never sell, rent or otherwise distribute or make public your personal information.
2.0 Relevant Legislation
Along with our business and internal computer systems, this website is designed to comply with the following legislation with regards to data protection and user privacy:
UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)
3.0 Personal information that this website collects and why we collect it
This website collects and uses personal information for the following reasons:
3.1 Site visitation tracking
Like most websites, this site collects user visitor data. We use this data to determine the number of people using our site, to better understand how
they find and use our web pages and to see their journey through the website. This website may collect* information (already held in the public domain) attributed to the IP address of
the computer or device that is being used to access it. The information is supplied to us by Google Analytics and Statcounter. These systems do not use your IP address to identify you,
the individual, in any way. We regard these companies as third party and as such you can see their privacy details here: https://www.google.com/analytics/terms/us.html https://statcounter.com/about/legal/
3.2 Contact forms and email links
Should you choose to contact us using the contact form on our Contact us page none of the data
that you supply will be stored by this website or be processed by any third party data processors. Instead the data will be sent in an email to us over the Simple Mail Transfer Protocol
(SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across
the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you
always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.
3.3 Email newsletter
If you choose to join one of our email newsletters, the email address that you submit to us will be forwarded to Mailchimp who provide us with email services. We consider Mailchimp to be a third party data processor.
The email address that you submit will not be stored within this website's own database or in any of our internal computer systems. Your email address will remain within Mailchimp database for as long as we continue to
use their services for email marketing or until you request removal from the list. You can do this by un-subscribing using the unsubscribe links contained in any email newsletters that we send to you or by requesting
removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list. If you are under 16 years of age you MUST obtain parental consent
before joining our email newsletter. While your email address remains within the Mailchimp, you will receive periodic (approximately one per month) newsletter-style emails from us. We do not share our email address
list with third parties although we may suggest third party products or services to you in our emails.
3.4 Registering as a Member
If you choose to register your business as a Member we ask you to complete a registration form which includes your name, business address, contact
details and service details. This is so that we may display your details to web site visitors and contact you about updates and business referrals. If you choose to have your data deleted
from our website we may retain the information that is required of us by law. You will be asked to confirm business insurance and compliance with our professional code of conduct and
GDPR and we will retain this information to maintain transparency for clients.
4.0 How and for what length of time we will store your personal information
Information You Give Us: We receive and store any information you enter on our Website or give us in any other way. By registering with us as a Member via our Website, you choose
to accept the practices described in this Privacy Notice. We use the information that you provide for such purposes as set out in here.
As detailed in section 3.2 above, if you submit an email your information will not be stored on this website but sent to us in an email form and saved securely
We will keep your information only as long as necessary to facilitate your enquiry and provide you with information and services as necessary. If you make a purchase from this
website or from our services we will keep your information as long as we are required to do so by the UK HMRC service for tax accounting. Your information will be stored on our
secure servers as detailed in 5.0.
If you take out Membership services we may store your information in files on a secure server to facilitate your Membership listing on this website.
Your information will be kept as long as you require us to provide this services and information will be displayed on this website according to your instructions and as checked and authorised
by you. After the service ends your data will be kept as long as required of us for tax accounting. Your personal details are not transferred to our Accountancy service provider.
If you complete the service enquiry form your details may be sent to one of our registered Members to assist you with your enquiry. These members are required to comply with Privacy and
Data protection regulations and if you decide not to contract their services then you can request your details to be removed from their files.
5.0 About our data protection and this website's server
Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic and managerial procedures to to safeguard and secure data collected
via this Website.
This website is hosted by tsoHOST within a UK data centre. You can see deails of their hi-tec facility here https://www.tsohost.com/data-centre-and-network
All traffic (transferral of files) between this website and your browser is encrypted to protect your data and delivered over HTTPS
We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
Because of the nature of the Internet, data that is provided by you may pass through any location - including countries outside the European Economic Area (EEA) and by using the web site
you consent to the transfer of the data.
If you are outside the EEA, you agree to use the data sent to you only for your own purposes and in accordance with the English data protection laws
(including the Data Protection Act 1998).
It is important for you to protect against unauthorised access to your password and to your computer. Be sure to log off/sign off and not just close
a page when you finish using a shared computer.
6.0 Information to prevent or detect fraud
When you apply through this Website to register with us, we may check our own and the your business partners records which are available in the public domain. If you give us false
or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.
7.0 Sharing your information
Information about our Members is an important part of our business. We share Member information only as described below and with controls that either are subject to this Privacy Notice or
follow practices at least as protective as those described in this Privacy Notice. We do not typically share personal information about Users who are not Members.
When you post
a Request for Services: We share Client information (full name, postcode, email address and phone number) with Professionals that are registered with us to respond to a Client's request
for services. Professionals must comply with our Professional Code of Conduct concerning how they deal with Clients and use Client information.
When you respond to a Request for
Services: We share Professional's information (name, business address including postcode, email address and phone number) with Clients when they respond to a request for services. We
disclose account and other personal information when we believe disclosure is appropriate to comply with the law; enforce or apply our User Agreement and other agreements; or protect the
rights, property, or safety of our Website, our Users, or others.
Sharing Information with Search Engines: To enable others to find Members and find out more about the services
you offer, your profile information on our Website may be included within search engine results. This includes but is not limited to your company name, profile picture, work area,
services offered and reviews from homeowners.
Facebook And Other Social Media Services: We offer many ways for users to find enjoy, and share content about professionals
from a range of sectors. We enable and encourage users to explore who else is using our Website and their public profiles. Most of your information (apart from financial information)
includes your name and/or username, profile picture, tier of membership, your activity, including the designs and projects you like, social media applications that you link to your
account and user content that you post on our Website.
Your activity on our Website may appear in the activity feed of friends and users who follow your profile on our Website.
You acknowledge and agree that the use of your information by any third party website or social media platform will be governed by their own privacy policies.
We will collect and process payment and financial data when you use our payment service to pay for services sourced through our Website. This information will be stored by third
party payment processors. The third party payment processors will provide us with some payment information about you, including a unique reference, your payment card type,
and the expiry date and last four digits of the payment card.
HSC Design Ltd, may from time to time, expand or reduce our business and this may involve the sale and/or
transfer of control of all or part of HSC Design Ltd Data provided by users, where it is relevant to any part of our business transferred, will be transferred and the new owner
duty to comply with the GDPR Data Protection policy and safeguard your data.
8.0 Third party advertisers and external web links
Our Website may include third-party advertising and links to other websites. If you access other websites using the links provided, the operators of those websites may
or statement of other websites prior to using them.
9.0 Data breaches
We will report any unlawful data breach of this website's database or the database(s) of any of our third party data processors to any and all relevant persons and authorities
within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. If password access is required for certain parts of the
Website, you are responsible for keeping this password confidential. Always log off rather than closing a page, especially on a shared computer.
10.0 Your choices
You choose what information to pass to us and can update this at any time by using the sign in update options or contacting us.
If you choose to visit our Website,
your visit and any dispute over privacy is subject to this Privacy Notice and our Terms including limitations on damages, resolution of disputes, and application
of English Law.
If you have any concerns about privacy at this website or wish to be removed from our records, please contact us with a thorough description,
and we will try to resolve it. If you are not happy with our response you can complain to the Information Commissioner's Office. www.ico.org.uk
11.0 Data contoller
The Data controller of this website is:
HSC Design Ltd, a UK Private Limited Company with company number: 6576986
office is: HSC Design Ltd, Elizabeth House, 13-19 Queen Street, Leeds, LS1 2TW
HSC Design Ltd have been registered with the Information Commissioners
Office under the Data Protection Act since 27th June 2012. Registration Number Z324311X.
12.0 Data protection contact
HSC Design Ltd
Telephone: 0333 800 8002
Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates will be mentioned in the change log on this page.