PERSONAL DATA WE HOLD ABOUT YOU AND PURPOSES FOR WHICH WE USE IT
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, job title, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- Usage Data includes information about how you use our website and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
There are more sensitive types of personal information which require a higher level of protection under certain applicable data protection laws, commonly known as Special Categories of Personal Data. We do not collect such sensitive information about you except, where applicable, health information in the event that we have to give you first aid on site for events and meetings that you voluntarily provide to us. We do not collect any information about criminal convictions and offences unless revealed by due diligence conducted to comply with a legal obligation or given to us in connection with our role, or potential role, as financial adviser in connection with a transaction, in order to comply with a legal obligation.
We may process your personal information without your knowledge or consent, where this is required or permitted by law.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
HOW IS YOUR PERSONAL DATA COLLECTED
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our services;
- request marketing to be sent to you;
- visit our offices; or
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties including partner organisations involved in our work, and publicly available sources.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into with Hines Clients or have entered into with Hines Clients.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA
We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To provide our financial services to Hines Clients (including seeking and receiving advice from our professional advisors)||
|Necessary to perform the contract we have entered into with Hines Clients.|
|To document your visit to our offices||
(c) Special Category Data (Health)
Necessary for an individual’s vital interests.
|To send communications because you have requested or provided us with your contact details (e.g. updates about Hines’ business, activities and opportunities)||
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)|
|Improving, enhancing and developing our financial services and business operations||
|Necessary for our legitimate interests (advance our services)|
|To administer and protect our organisation (e.g. reporting requirements)||
|Necessary for our legitimate interests (complying with our regulatory and legal obligations, including assessing and managing risk)|
|Website analytics, to see where users are visiting our website from||(a) Technical||Necessary for our legitimate interests (to study how visitors use our website and view our services)|
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical and Usage Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us, provided us your contact details or purchased services from us and you have not opted out of receiving that marketing.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service purchase, warranty registration, product/service experience or other transactions.
DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below for the purposes set out in the table above.
- Internal Third Parties including investors in Hines.
- External Third Parties, such as auditors, professional advisors, lawyers, consultants, regulators and financial intermediaries.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a business contact, supplier, professional advisor, counterparty with whom Hines conducts business (including client) we will retain and securely destroy your personal information in accordance with our data retention policy.
SECURITY MEASURES TO KEEP YOUR PERSONAL DATA SAFE
Hines acknowledges that the information you provide may be confidential and will maintain the confidentiality of and protect your information in accordance with its normal procedures and all applicable laws. We employ appropriate technical and organisational security measures to help protect your personal data against loss and to guard against access by unauthorised persons. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
YOUR CHOICES AND RIGHTS
You have the right to know what personal data we process about you and may request a copy. You are also entitled to have incorrect personal data about you corrected and you may in some cases ask us to delete your personal data. You can also object to certain personal data about you being processed and request that processing of your personal data be limited. Please note that the limitation or deletion of your personal data may mean we will be unable to provide the communications and invitations described above. You also have the right to receive your personal data in a machine-readable format and have the data transferred to another party responsible for data processing. Where we have requested consent to process your personal data, you will have the right to withdraw consent.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) which is the UK regulator for the processing of personal data (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
HOW TO CONTACT US
If you have any questions about how we process your personal data, please feel free to contact us in the following ways:
Email Address: firstname.lastname@example.org
Postal Address: 42 Carlyle Square, London, SW3 6HA
REVISIONS TO THIS POLICY AND YOUR DUTY TO INFORM US OF CHANGES
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure you are happy with any changes.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.