The following outlines what data we collect, why we collect it and what we do with it.
Who we are
A company in the Hexadex group of companies.
What we collect and why
When you visit our website, we record certain details about your visit, such as your domain name and / or IP address, the pages you view and the address of any website that may have led you to this one. We use this information to understand what visitors to our website are looking for and what they find interesting, and to make decisions about how to improve the service that our website provides.
Storage of data
If you complete a form on the website (e.g. when you request further information), we store the details you enter in a database. Unless you tell us when you complete the form that you don’t wish us to contact you in future, we may use this data to inform you about updates to our website or our range of products and services from time to time.
If you believe your name and/or e-mail address is stored in one of our databases and would like the record deleted or amended, or would like a copy of the details we hold, please send an e-mail to firstname.lastname@example.org specifying your name and e-mail address.
Appropriate technical and organisational measures have been taken to protect the data we store from access by unauthorised individuals or organisations.
Information Sharing and Disclosure
Hexadex will not sell or rent your personally identifiable information to anyone.
We may send personally identifiable information about you to other companies or people when we have your deemed or actual consent or either or both of the following apply:-
- We need to share your information to provide the product or service you have requested
- We need to send the information to companies who work on behalf of Hexadex to provide a product or service to you. (Unless we tell you differently, these companies do not have any right to use the personally identifiable information we provide to them beyond what is necessary to help us.)
Data Protection Law
Hexadex operates under the European General Data Protection Regulation (‘GDPR’) and (when enacted) the UK Data Protection Act (‘DPA’). The GDPR and DPA apply to ‘personal data’ we process. Under the GDPR and DPA, the data protection principles set out the main responsibilities imposed on organisations, and the principles with which they must be able to demonstrate compliance. Following those principles we will ensure that personal data is:-
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and where necessary kept up to date;
- Kept for no longer than is necessary for the purposes for which the personal data are processed. Hexadex operates a data retention policy the aim of which is to ensure we meet this obligation.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We only retain personal data for the purposes for which it was collected and for a reasonable period afterwards if there is a legitimate need or legal obligation to do so. For details of our current retention policy contact us at email@example.com. Hexadex ensures lawful processing of personal data by obtaining consent; or if there is a contractual obligation to do so; or where processing the data is necessary for the purposes of the legitimate interests of Hexadex. To meet its Data Protection obligations under GDPR and DPA, Hexadex has established comprehensive and proportionate governance measures.
An individual’s rights under Data Protection Law
Under the GDPR and DPA, an individual has the following rights about their personal data processed by Hexadex: The right to:-
- be informed about how Hexadex uses personal data.
- access the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt.
- rectification where data is inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
- erasure of personal data, but only in very specific circumstances, typically where:
- the personal data is no longer required for the purpose for which it was originally collected, or
- we have relied on a consent which is withdrawn and we have no other legitimate reason to retain it, or
- the individual objects to the processing and there is no overriding legitimate interest to continue.
- restrict processing, for example while we are reviewing accuracy or completeness of data, or deciding if a request for erasure is valid. In such cases we shall continue to store the data, but not further process it until the issue is resolved.
- data portability which, subject to qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
- object in cases where processing is based on legitimate interests, where the Hexadex requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task.
- require information about automated decision making and profiling.
Please contact us at firstname.lastname@example.org or write to us at the address on this website for more information about the GDPR and your rights under Data Protection law as they apply to our business.
Our supervisory authority for data protection compliance is
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)