This privacy notice explains how Barrow and Cole t/a xHeight uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
xHeight is a data controller, because we make decisions about what data we collect and how it is used and with whom it is shared with. We can be contacted at [email protected] or telephone number 01403 586002
Data Protection law defines the basis by which we can lawfully collect and process personal data.
Consent
We will collect and process your personal data on the basis of your freely given and informed consent where we have concluded that this is the most appropriate basis for the processing. You are free to withdraw your consent at any time and can do so by contacting us on the numbers above or using the email address.
In our legitimate interest:
We will collect and process personal data where it is in the legitimate interest of xHeight to do so. We have determined that the rights of data subjects are not outweighed by the use of this legal basis. We also use legitimate interest as our basis to conduct B2B marketing. You have the right to object to electronic direct marketing and can unsubscribe at any time.
For the data we act as data controller for, we have determined the following purpose and legal basis for the data collected:
Purpose | Data Category | Data Type | Legal Basis |
---|---|---|---|
Engaging commercially | Identity Details | Name | Legitimate Interest |
Engaging commercially | Contact Details | Phone number | Legitimate Interest |
Engaging commercially | Contact Details | Email address | Legitimate Interest |
Marketing | Identity Details | Name | Legitimate Interest/ Consent |
Marketing | Contact Details | Phone Number | Legitimate Interest/ Consent |
Marketing | Contact Details | Email address | Legitimate Interest/ Consent |
Where we have used consent to process data for example for B2C marketing, you are free to withdraw that consent at any time.
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.
The data we collect as data controllers from our data subjects is obtained directly from the data subject themselves, or is obtained from sources such as social media platforms. Please see our Cookie Policy for information on the data collected by our website.
We do not sell any of your personal data to any third party. Where necessary, we share personal data with service providers such as our accountants and insurance companies, as We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.
Specifically, we share your data with:
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Personal data in electronic form is held in UK accredited data centres. Where data is transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision such as the USA Privacy Shield or through mechanism such as standard contractual clauses as approved by the EU (Dropbox, Asana).
xHeight does not process sensitive data as defined by Article 9 of the GDPR.
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC requirements. Outside of that xHeight has a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Generally, personal data required for financial transaction and audit purposes, including reporting to the HMRC will be retained for 6 years plus the current year it is collected. Personal data processed for marketing purposes will be retained for as long as a legitimate interest exists or as long as consent is in place.
xHeight follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.
Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
The regulations provide a number of rights to you as the Data Subject. xHeight is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
xHeight does not use automated decision making to process personal data.
Our website may contain links to other websites. This privacy policy only applies to xHeight, so if you follow a link to another website, you should read that organisations own privacy policy.
We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in November 2019
You can write to us at this address:
xHeight
Suite 3, Falcon Court Business Centre
College Road, Maidstone
ME15 6TF
You can telephone us on this number:
01403 586002
You can email us by using this link:
[email protected]