What’s yours is yours...
Our commitment to keeping your privacy, private.
What type of information we have
We currently collect and process the following information:
Personal details such as name, title, and contact details provided through our online contact form, internal support systems, face-to-face meetings, or other communication methods such as emails or electronic messaging.
Profile data such as a username or password when using our internal support systems.
Image data such as a user profile image, or CCTV images when visiting our offices.
Technical data such as system access logs, web browser details, or IP addresses (a type of data used for identifying computers over the internet) when viewing our web applications.
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
General enquires and communications via our online contact form located at huler.io
As part of our day-to-day usage of electronic communications as part of recruitment, business networking, client support, and technical support for our web applications.
We also receive personal information indirectly, from the following sources in the following scenarios:
Recruitment agencies, awarding bodies, or prospective job applicants who contact us about opportunities across our business.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting Huler via the contact details listed at the end of this Privacy Notice.
(b) We have a contractual obligation.
(c) We have a legal obligation.
(f) We have a legitimate interest.
What we do with the information we have
We use the information that you have given us within our internal or client systems to; create and maintain user accounts, communicate effectively with our users, fulfil contractual obligations, provide system security through the recording of access logs, or as part of a security or data protection audit.
We may also use personal data for account management, responding to recruitment enquiries, and other administrative tasks.
We may share this information with our parent group – My Clever Group ( https://www.myclevergroup.com/), or with our sub-processors as outlined in the section below.
What sub-processors we use
Here is an overview of sub-processors we use, and how we use them.
AWS ( https://www.aws.amazon.com/) – AWS services are used for server hosting and provide technical support for internal and client web-based systems – including web and database hosting. Security monitoring and configuration, server backups, and other related tasks may be performed with or by AWS Ltd.
MailChimp ( https://mailchimp.com) – Huler uses MailChimp for email marketing services. The service is integrated via the register interest form and, with your consent, stores your name, email and company information to our mailing list.
CloudFlare ( https://www.cloudflare.com/) – CloudFlare provides a number of web based services used to enhance the speed, security, and reliability of our web applications. CloudFlare services include a global CDN (Content Delivery Network), along with WAF, DDoS protection, and SSL encryption security features.
Google Suite ( https://gsuite.google.co.uk/) – G Suite is a collection of secure web-based applications and services provided on the Google Cloud used for administration tasks via documents and spreadsheets, cloud file storage, and email communications.
Office365 ( https://www.office.com/) – Office365 is a set of Microsoft production tools for use in offline and online situations, or in combination with the OneDrive cloud storage platform. These tools are used for tasks such as word processing, spreadsheet creation and auditing, or internal and external scheduling and communications.
How we store your information
Your information is securely stored on both our on-site workplace storage solutions, as well as on our cloud storage solutions or hosting providers as outlined above.
Our on-site storage solutions are protected by physical and digital access control, and our data protection methods are regularly reviewed to ensure continued data safety.
The cloud hosting services we use employ enterprise level security protection measures, and are credited with industry standards including ISO 27002, ISO 27001, and the Privacy Shield Framework.
How long we keep personal data for
The duration for which we store personal data varies depending on what that data is used for.
We retain data according to the periods outlined in our client contracts, and within any consent agreements or opt-ins between us and our users.
For our online contact form and communications regarding recruitment we retain personal data for up to 12 months.
In certain cases, we may need to retain data for a certain period after our contractual obligations have ended, or after a request has been made for the data to be deleted. This is for situations relating to legitimate business interests, to conduct audits, to comply with (and demonstrate compliance with) legal obligations, or to resolve disputes and enforce our agreements.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us via the contact information below if you wish to make a request.
Data Protection Enquiries and GDPR Requests
Contact: Data Protection Officer
Address: Suite 3, Three Counties House, Festival Way, Stoke-on-Trent, England, ST1 5PX
Under the GDPR, all users have the right to raise any concerns with the Information Commissioner’s Office (the data protection authority for the UK) should they wish to do so.
The Information Commissioner’s Office (UK)
Tel: 0303 123 1113
Address: Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF