Introduction
Welcome to Heather Robinson Ltd.’s privacy notice.
Heather Robinson Ltd respects your privacy and is committed to protecting your Personal Data. This privacy notice will inform you as to how we look after your Personal Data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
This document pertains to personal data, defined as any information about a living individual (referred to as the Data Subject) that is not publicly available.
The General Data Protection Regulation (GDPR) aims to safeguard and strengthen the rights of data subjects. These rights include the protection of personal data, prevention of unlawful data processing, and the free movement of personal data within the EU. However, it is important to note that the GDPR does not apply to information that is already publicly accessible.
We are pleased to provide the following Privacy Notice:
What personal data we may collect
In Schedule 1, we have set out a description of the different types of Personal Data we may collect, use, store and transfer, the ways we plan to use the Personal Data, and the legal justification on which we rely in order to do so. Where we rely on that justification that it is necessary to process the Personal Data for our Legitimate Interests we have, where appropriate, also identified what we consider those Legitimate Interests to be.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
How do we collect personal data
Direct Methods - Personal data may be collected through the following methods:
Information you provide when filling out forms on our registration sites, including details submitted during event- related service registration or general inquiries.
Information shared with us via direct email communication.
Records of any correspondence if you contact us.
Data provided through surveys used for research, quality control, and measurement purposes (participation is optional).
Automated Technologies or Interactions – As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
Third Parties or Publicly Available Sources – We may receive Personal Data about you from various third parties and public sources as set out below:
Analytics providers, such as Google based outside the EU:
Advertising networks Facebook, Instagram, X, LinkedIn, Pinterest, Google and Bing based outside the EU
Search information providers such as Google and Bing based outside the EU
Google Analytics – Additionally, we use Google Analytics which tracks your interaction with our website and stores non- personal information about IP address, operating system, web browser, and pages visited. Also collected is information about demographics of the visitor, the device used, where the visit originated.
Google Cookie and Privacy Policy is available here
If you want to opt-out of being tracked by Google Analytics on any site, you find how to do it here
Cookies
Our website and web registration sites uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.
Your consent applies to the following domain: www.ordinaryhero.co.uk
Cookie Settings
Heather Robinson Ltd’s websites use 3rd party applications that track IP’s and use cookies for tracking purposes and could be linked to an individual, these come as part of the following:
Google Analytics
Facebook
LinkedIn
For details on above companies privacy policy, please visit their respective websites. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. The cookies in use on our site have a range of expiry from closing of the web browser up to one year.
Who to contact to request access to personal data that we hold, or to discuss our privacy policy
Should you wish to contact us, you can do so in several ways;
Send an email to hello@ordinaryhero.co.uk
Phone us on 01789 761353
Write to us at Minerva Mill, Station Road, Alcester B49 5ET
We may need to confirm your identify, in which case we will ask you for two of the following forms of identity:
Driving license
Passport
Birth certificate
Utility bill not older than three months
A minimum of one photographic ID listed above and a supporting document is required.
If a subject access request is deemed manifestly unfounded or excessive, we may, in accordance with GDPR, either charge a reasonable fee (taking into account the administrative costs of providing the information) or decline to respond.
If a request is refused, the data subject will receive an explanation for the decision, along with information on their right to lodge a complaint with the supervisory authority and seek a judicial remedy. This response will be provided without undue delay and no later than one month from the date the request is received.
How we use the data we collect
We use the information collected about you for various purposes, most commonly:
Registering you for a specific event or service.
Keeping our internal records accurate and up to date.
Fulfilling obligations under any contracts established between you and us.
See Schedule 1 for more details.
How we protect the data we collect
We are dedicated to safeguarding your information. To prevent unauthorised access or disclosure, we implement appropriate physical, electronic, and organisational measures to protect your data.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Consent
Through agreeing to this privacy notice you are providing your consent to allow the processing of your
personal data for the purposes outlined. You can withdraw consent at any time by contacting us via the methods provided in this privacy notice.
Disclosures of your personal data
We may have to share your Personal Data for the purposes set out in Schedule 1 with external third parties such as:
Service providers acting as processors such as Adobe Sign, Revolut, Agency Software Worldwide and external IT and system administration services.
Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal and accounting services.
HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
If you are a client of ours, we may need to pass your Personal Data on to relevant partners in order to provide services for your event.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
International Transfers
Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your Personal Data will involve a transfer of data outside the EEA.
Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission
Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between Europe and the US
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
Your rights
We are committed that the processing and storage of any personal data and/or sensitive personal data provided by you or about you, is at all times handled in accordance with the Data Protection Act 1998 (DPA) and the General Data Protection Regulation (GDPR).
Where you are registering your information for the purposes of attending an event we will not use your data for any other purposes except those in connection with that event, unless specifically notified and made clear
Further to this, the GDPR provides the following rights to the data subject to whom the personal and/or sensitive personal data relates:
the right to access personal data and supplementary information
the right to have inaccurate personal data rectified, or completed if it is incomplete
the right to erasure (to be forgotten) in certain circumstances
the right to restrict processing in certain circumstances
the right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
the right to object to processing in certain circumstances
rights in relation to automated decision making and profiling
the right to withdraw consent at any time (where relevant)
Sharing your personal data with third parties
We will not sell, distribute or lease your personal information to third parties unless we have your prior consent or are required by law to do so.
We may on occasion pass your personal data to third parties exclusively to process work on our behalf. We require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR alongside a Sub Processor Agreement.
Our retention policy
We will process personal data for the duration of any contract and will continue to store only the personal data needed for five years after the contract has expired to meet any legal obligations. After five years any personal data not needed will be deleted.
Automated decision making
We do not make any decision based solely on automated means, but if we did you would have the right for a human to review that decision.
Complaints
In the event that you wish to make a compliant about how your personal data is being processed by us or our partners, you can do so by contacting the Information Commissioners Office whose contact details can be found on their website https://ico.org.uk.
Schedule 1
Types of personal data and legal justification
2-Contact Data
Such as billing address, delivery address, email address and telephone numbers
3-Financial Data
Such as bank account and payment card details
4-Transaction Data
Relating to events you have asked us to organise for you, such as the date and location of the event, the budget, number of guests, details about payments to and from you and other details of products and services you have purchased from us, photographs or videos taken by our partners at the event, and any other information you choose to send to us in connection with your event, such as photographs of the inside or outside of the event location
5-Technical Data
About the devices you use to access this website, such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform and other technology
6-Profile Data
Such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses and what you typed into search engines to find us
7-Usage Data
Such as information about how you use our website and services and about your visits to and use of our website including length of visit, page views and website navigation
Aggregated Data
We may also collect, us and share aggregated data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly
identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy notice
Special Categories of Personal Data
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any
information about criminal convictions and offences
Legal justification for processing
A-Necessary For The Performance Of A Contract
We process your Personal Data because it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract
B-Necessary For Compliance With A Legal Or Regulatory Obligation
We process your Personal Data because it is necessary for compliance with a legal or regulatory obligation to which we are subject
C-Legitimate Interests
We process your Personal Data because it is necessary for the legitimate interests of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact
on you in respect of specific activities by contacting us.
To register you as a new customer
1,2Interest
A
To process and fulfil your order including:
a – Deliver the services ordered
b – Send statements and invoices c-Manage payments, fees and charges
d-Collect and recover money owed to us
1,2,4,8
A, C (to recover debts due to us)
To manage our relationship with you which will include:
a – Sending you general non- marketing commercial communications
Sending you email notifications which you have specifically requested
Sending you marketing communications relating to our business which we think may be of interest to you
Notifying you about changes to our terms or privacy policy
Asking you to leave a review or take a survey
1,2,6,8
A, B, C (to keep our records updated and to study how customers use our services)
To administer and protect our business and this website (including troubleshooting, dealing with enquiries and complaints made by or about you relating to the website, data analysis, testing, system maintenance, support, reporting and hosting of data,
security and fraud prevention)
1,2,5
B, C (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To use data analytics to improve our website, services, marketing, customer relationships and
experiences
5,7
C (to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
To make suggestions and recommendations to you about services that may be of interest to
you
1,2,5,6,7
C (to develop our services and grow our business