Our data policy
Given the EU General Data Protection Regulation 2018 (GDPR) we thought it might be helpful to say more about how we handle our clients data.
What is GDPR?
The General Data Protection Regulation is an EU regulation that is implemented in the UK by the Data Protection Act 2018. The Act affects all industry sectors and it addresses what we can and cannot do with your personal data. “Personal data” is information that identifies individuals directly or from which individuals can be identified indirectly. Under the Act, we are the “data controller” in relation to your personal data that we hold because we control the storage and use of that personal data.
We write to all our clients personally.
One of the requirements of the Act is that we write to tell you how we “process” your personal data. When you become a client at Hay Hill Partners we write to the individual coaching client personally as well as the main contact in the organisation to explain how we handle any personal data. “Processing” includes obtaining, recording or storing personal data and carrying out any tasks using that personal data. This notice also describes your data protection rights, including your right to withdraw your consent to process your personal data.
For what purposes does Hay Hill Partners process my personal data?
We process your personal data because we deem it necessary for us to hold information about you and your circumstances in order to deliver the business coaching and executive mentoring services we provide to you. Taking and using notes of our coaching conversations is an integral part of how we work and allows us to be fully prepared for our sessions together. We process your personal data solely for the purpose of providing our service to you and do not share it within our firm or with any other organisations.
What allows Hay Hill Partners to process my personal data?
The Act allows us to process your personal data if:
The processing is necessary for the performance of our service to you
The processing is necessary for the purpose of our “legitimate interests”
You consent to the processing
“Legitimate interests” is a heading that covers several different reasons why we might need to process your personal data which may not be covered by other headings. This might include:
Providing you with a better service in the future
Building our relationship with you by sending you material in which we think you may be interested
including articles and papers written by us and by others
What sort of my personal data does Hay Hill Partners record and store?
In summary, we keep comprehensive records of our coaching and mentoring sessions with clients and, as you know, these may include a variety of personal information, including (amongst other things):
Your name, organisational title and email address(es) - but not your home postal address or details
The names and organisational titles of your colleagues
Your education and career history
The first names of your family – but not their contact details
How does Hay Hill Partners process and store my personal data?
We continue to be committed to protecting your personal information and the way we collect and process your personal data will not alter under the new Act. Our aim is to maintain your trust and confidence in the way we handle your personal information whilst continuing to provide you with a high quality coaching service.
Our processing of your data includes:
Using a specialist, external IT provider, Cloud Direct, in order to maximise the security, resilience and integrity of our IT service and data storage. All data is encrypted for transmission from desktop computers to servers using Remote Desktop Protocol compliant technology. The servers are held in data centres that are physically manned 24 a day and protected with firewall security to protect against access from unauthorized devices and network traffic. Our system’s anti virus software is also updated automatically
Keeping all hard copies of our records in secured cabinets held within locked, dedicated offices
For how long will Hay Hill Partners keep my personal data?
We have deemed that being able to provide you with support after the completion of our initial assignment, whether that be on an informal, unpaid basis or through further formal assignments, is part of our “service” to you and your employers. Consequently, unless you instruct us not to, we will keep your personal data for as long as we feel it appropriate to be able to provide the service. The length of time we will keep your personal data will also reflect the obligations we have under applicable regulation to store personal data and the practicality of deleting or permanently anonymising your personal data. Can I withdraw my “consent”?
Yes, you can withdraw your consent at any time. Although the Act does not require us to gain your explicit consent to process your personal data, only to write to you to tell you how we process it, we very keen to ensure that you are happy with our approach. If you decide, at any stage, that you would prefer us not to hold your personal data, and therefore to withdraw your consent to us, please contact your coach, or any of the partners, at Hay Hill Partners.
What can I do if I want to complain to you about Hay Hill Partners’ use of my personal data?
Please contact your coach, or any of the partners, at Hay Hill Partners, if you want to complain about our use of your personal data. Alternatively, you have a right to lodge a complaint in relation to our processing of your personal data with a supervisory authority. The relevant supervisory authority is the Information Commissioner’s Office. The number for their helpline is 0303 123 1113.
Does the GDPR affect the confidentiality between me and my coach?
No. Everything you discuss with your coach remains 100% confidential, subject only to the provisos regarding our discussions with our professional supervisor and our obligations to break confidentiality in the (highly unlikely) event of us believing you might be a danger to yourself or to others. Indeed, our commitment to data security and protection, that pre-dates the GDPR and the new Act, and that is outlined above, reflects our strong commitment to maintaining the confidentiality of our work together.
Updates to this Notice
We may update this notice from time to time to reflect changes in the way we process your personal data or to clarify information we have provided in this notice. Any changes will be lodged on our website and we will notify you directly about any we think are significant or when we are legally required to do so.
Hay Hill Partners
May 2018