Website Privacy Statement HCM Metrics
The purpose of this statement is to inform you about how and why your personal data is used so that we are as transparent as possible, and to ensure that you are aware of your rights under data protection legislation. This is not an agreement document; it is simply for your information.
Data Controller Details
We are HR Analytics Limited, trading as HCM Metrics, and we are your data controller where we determine the purpose and use of your personal data that we are processing. It is the responsibility of the privacy manager (PM) to ensure all processing is carried out lawfully. The PM can be contacted by mail where our address is 70 London Road, Cowplain, Hampshire, PO8 8UJ as well as by email using [email protected].
We keep the minimum amount of information we can about you to provide our services and meet our legal obligations. Your data is deleted when we no longer need it for the purpose we collected it for, or when we no longer have an obligation or legitimate interest to retain it.
We do not pass your information to third parties other than those stated below (see third parties) unless exceptional circumstances apply. We have policies, procedures, and technical measures in place to keep your data secure.
What personal data do we process?
If you are a client, we will hold the following information about you:
- Your name and contact information
- Information about your business activities
- Information and documentation about your matters or enquiries, including communications with you
- Invoicing and payment informationWe do not process special category personal data.How we use your personal data
We do not process special category personal data.
How we use your personal data
As a potential client, we will only process your name and contact information to respond to your queries and prepare contracts if that is required.
If you become our client, we will use your personal data to maintain our commercial relationship. We will add your personal data to our email address book and contact list and use it to administer contracts, invoices, and payments, as well as to keep in contact with you during the contract period and beyond when appropriate.
If your personal data is provided by an end-user client for analysis, it will be passed to us after being made anonymous and in an aggregated manner. HCM Metrics makes no attempt to re-identify the information provided in this way.
Explaining the lawful basis
References in this statement regarding the lawful basis being used (see below) relate to Article 6 of the UK General Data Protection Regulation (GDPR).
HCM Metrics processes personal data against a lawful basis as described below:
- If you contact us or your details have been passed to us by introducer with your permission, we will respond to your general enquiries and/ or contact you to promote our services in pursuit of our legitimate interests
- When it’s necessary for the performance of our contract with you and its prior preparation
- To comply with our legal obligations
- When processing for a pre-defined purpose, for which your consent will be sought prior to that processing commencing, and please note that you may withdraw your consent at any time by contacting the HCM Metrics PM.
We will retain your personal data for the period you actively engage with us. We will subsequently retain all or some of your personal data in accordance with our retention schedule, as follows:
- General correspondence with a potential client that does not lead to a contract will be retained for 4 years after our last contact with you
- Personal data collected for the preparation of a contract will be retained for the duration of the active contract plus 4 years thereafter
- Minimal contact data is stored indefinitely although all requests for erasure will be considered and actioned appropriately
- Financial records and invoices, which may include personal data, will be retained for 6 years after the end of the current tax year of processing
- By exception, documentation that includes personal data may be retained by HCM Metrics beyond the schedule, but only for a specific purpose and only when we believe we have a legitimate interest or a legal obligation to do so
At the end of this retention schedule HCM Metrics will either return, destroy or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, we will put it beyond operational use. We allow up to 3 months after the retention schedule to complete this action.
We may share your personal data with our approved associates to supply the services you have requested, when this is necessary, with some or all the following third parties:
- The Inland Revenue (HMRC) for invoice purposes
- An accountant and bookkeeper appointed by HCM Metrics
- Associates appointed by HCM Metrics in both an administrative and an analytical role in support of the services we provide
Ordinarily, we will not transfer your personal data to any other third party without your permission, unless:
- We need to engage a third party to recover any money owed to us
- We are subject to a court order or other binding mandate
We only engage with data processors that provide us with reassurances of their ability to manage your personal data responsibly, with the appropriate technical and organisational measures in place, and who are subject to a formal data processing agreement, as required by Article 28 of the UK GDPR.
The only personal data being transferred outside the UK will be subject to the derogations set out in Article 49a, 49b and 49c of the UK GDPR, as they affect our associates and client representatives.
Whilst the information (for analysis by HCM Metrics) provided by our clients will be transferred globally, it will only ever be in an anonymised and aggregated format. It is not personal data by definition and is, therefore, outside the scope of the UK GDPR.
The UK GDPR requires us to implement appropriate technical and organisational measures to protect your personal data. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website. Additional technical measures include appropriate access controls to the systems used by us and security applied to our website.
Use of Website Cookies
The UK General Data Protection Regulation defines the rights that you have (although these do not apply in all situations). For convenience, these rights are shown below:
- Right to be informed as to how your personal data is being processed by us – this is done through this statement and/or specific privacy notices issued separately
- Right to access your personal data held by us which is done by making a ‘Data Subject Access Request’ (DSAR) to the HCM Metrics PM
- Right to rectification of your personal data if you believe we have collected or recorded it incorrectly or it needs to be updated
- Right to erasure of your personal data for which we no longer have a legitimate purpose to process or where your interests outweigh our own
- Right to restrict processing under certain circumstances, during which time your personal data but will not be in operational use until the related matter is resolved
- Right to data portability of your personal data in a machine-readable version, as you have provided but only applicable to data provided with your consent or under contract
- Right to object to our processing of your personal data for which there is no associated legal or contractual obligation
- Rights related to automated decision making and profiling (however HCM Metrics does not use these techniques in its decision making)
Further details about your rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.
Raising concerns, exercising rights, or making queries about our processing of your personal data, can be done by contacting the HCM Metrics privacy manager. Please be aware that we will need to verify your identity before responding fully, therefore, you may be asked for proof of your ID.
Alternatively, you may contact the ICO directly, but naturally we welcome the opportunity to handle your concerns in the first instance.
v1.0 October 2021