Data Protection Statement
We believe that the lawful and correct treatment of personal information is critical to our success. Complying with the legislation will ensure that we maintain the confidence of our stakeholders and uphold our reputation and integrity as a professional firm.
In order to carry out our work, we need to collect and use certain types of personal information about the people with whom we engage, such as current, past and prospective employees, students, suppliers, clients and professional contacts.
In addition, we may be required by law to collect and use certain types of personal information in order to comply with the requirements of government departments and agencies.
Under the Data Protection Legislation, all organisations which handle personal information must comply with a number of important principles regarding the privacy and disclosure of information.
Data Protection Legislation
In the United Kingdom and the European Economic Area (EEA), “Data Protection Legislation” means all applicable data protection and privacy legislation or regulations including The Privacy and Electronic Communications (EC Directive) Regulations 2003 (also known as PECR) and any guidance or codes of practice issued by the European Data Protection Board or the Information Commissioner, together with:
prior to 25 May 2018, the UK Data Protection Act 1998; and
from 25 May 2018 onwards Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), as amended by the UK Data Protection Bill.
Outside of the EEA, “Data Protection Legislation” means local, territorial data protection and privacy legislation that governs the processing of Personal Data.
We fully endorse and adhere to the principles of the Data Protection Legislation and will:
fully observe the conditions regarding the fair collection and use of personal information;
meet our legal obligations to specify the purposes for which we use personal information;
only collect and process the personal information needed to carry out our business or to comply with any legal requirements;
ensure that the personal information we use is as accurate as possible;
ensure that we don’t hold personal information for longer than is necessary;
ensure that people are aware of their rights to view the personal information that we hold about them;
take appropriate technical and organisational security measures to safeguard personal information; and
ensure that personal information is not transferred outside of the UK without suitable safeguards.
Furthermore, we recognise the following rights of individuals under GDPR:
the right to be informed;
the right of access;
the right to rectification;
the right to erase;
the right to restrict processing;
the right to data portability;
the right to object; and
rights in relation to automated decision making and profiling.
In addition, we will ensure that:
there is someone with specific responsibility for data protection in the organisation. Currently, the nominated person is Mark O’Hanrahan; email markoh@northhillfinance.com.
there is a data protection point of contact. The data protection point of contact is Mark O’Hanrahan; email markoh@northhillfinance.com telephone; 020 3239 7652.
we regularly review and monitor how we handle personal information;
the ways in which we handle personal information are clearly described;
everyone handling personal information understands that they are responsible for following good practice;
everyone handling personal information is appropriately trained and properly supervised;
we regularly assess the performance of people who handle personal information;
anybody wanting to make enquiries about handling personal information knows how they can do so; and
queries about handling personal information are dealt with promptly and courteously.
You have the right to request a copy of the personal information that we hold about you. To do so please write to the data protection point of contact using the email address provided above.