Privacy Policy

Privacy Policy

About this Privacy Policy

The European Union’s (‘EU’) General Data Protection Regulation (‘GDPR’), regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU. The GDPR came into force in the UK on 25 May 2018. It is designed to give people greater control over their personal data and extends the protections afforded by the Data Protection Act 1998.

Your personal data is important to you and we are committed to protecting and respecting your privacy with regard to your personal information. We do not share your data with anyone without your express permission. We will never sell or rent your data.

Hayley Sampson Research is registered with the UK Information Commissioner’s Office as a data controller in accordance with the Data Protection (Charges and Information) Regulations 2018 (registered number ZA283847).

The purpose of this Privacy Policy is to explain the circumstances under which Hayley Sampson Research (“We”, “Us”) collects, uses, and protects your personal data.

This Privacy Policy will be revisited and updated from time to time. Last updated September 2023.

MAIN POINTS

• The types of personal data we collect may include your name, address, phone number, or email address.
• We will only collect sufficient information to enable us to communicate with you and which is necessary to enable us to carry out any work entrusted to us.
• We will keep your data only for as long as is necessary, either as specified in a data processing contract between us or in order to comply with our trading obligations (eg. financial or professional insurance requirements).
• We take all reasonable measures physically and technologically to protect and take care of the personal data that we collect from you.
• You may ask us to stop processing your data or communicating with you at any time by emailing hayley@sampsonresearch.co.uk.
• The following sections describe in more detail what information we may collect, why we collect it, and how we protect it.

WHAT IS PERSONAL DATA?

Personal data is any information from which you may be directly or indirectly identified. Personal identifiers constitute such things as your name, an identification number attributed to you, location data or online data. It applies to automated personal data, electronic, and to manual filing systems where personal data are accessible according to specific criteria (eg. ordered chronologically). It also includes pseudonymised personal data, depending on how difficult a particular individual could be identified from the pseudonym.

The rules only apply to personal data about living individuals, they don’t govern data about companies or any other legal entities. However, information in relation to one-person companies may constitute personal data where it allows the identification of a natural person.

The rules also apply to all personal data relating to natural persons in the course of a professional activity, such as the employees of a company/organisation, business email addresses like ‘forename.surname@company.com’ or employees’ business telephone numbers.

WHAT IS SENSITIVE PERSONAL DATA?

Sensitive personal data includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Hayley Sampson Research does not collect sensitive personal data, however may process this type of information on behalf of another organisation. We will adhere to the processing and protection of these data as stipulated by the data controller of organisations entrusting such data to us and as set out in a data processing agreement or contract between us.

WHAT ABOUT BUSINESS DATA?

The GDPR still applies, even if the individual is acting in a professional capacity, for example the name and phone number of a business contact, or their email address identifies them (eg. initials.lastname@company.com).

WHO WE ARE?

Hayley Sampson Research is a business providing data research, data management, and analytical services. We provide these services to small and medium-sized businesses (SMEs), local and unitary authorities, and large organisations delivering publicly-funded business support services and/or services to individuals within the UK. Our registered address is in the county of Cornwall, UK.

Our website address is: https://www.sampsonresearch.co.uk.

Hayley Sampson Research (“We”) are committed to protecting and respecting your privacy.

This Policy (together with our Terms & Conditions of Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website you are accepting and consenting to the practices described in this policy.

INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following information about you:

• Information you give us. You may give us information about you corresponding with us by phone, e-mail or other forms of communication electronic or otherwise. This includes information you provide when you subscribe to our services and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone &/or mobile number.

• Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:

    • technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

INFORMATION ENTRUSTED TO US

We may receive information about you from the following:

  • Information we receive from other sources. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
  • Information processed on behalf of other organisations (“outsourced”). In the course of carrying out data management, customer research, or similar services, we may receive information about the customers or clients of other organisations who have commissioned data services from us. Such information sent to us by other organisations will only be enough to enable us to carry out the services they have requested from us and we will adhere to restrictions placed upon us by the sharing organisation. These restrictions will be in the form of a written agreement between us setting out our obligations governing the use of that data, as well as the storage and security of the data whilst it is entrusted to us, and when such data will be erased from our systems on conclusion of our engagement with the contracting organisation.

COOKIES

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy.

USES MADE OF THE INFORMATION

We use information held about you in the following ways:

  • Information you give to us. We will use this information:
    • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
    • to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
    • to provide you with information about goods or services we feel may interest you. If you are an existing customer and give your consent, we will only contact you by electronic means (eg. e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, we will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, you can notify us by emailing us ;
    • to notify you about changes to our service;
    • to ensure that content from our site is presented in the most effective manner for you and for your computer.
  • Information we collect about you. We will use this information:
    • to administer our site and for internal operations, including troubleshooting and testing
    • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
    • to allow you to participate in interactive features of our service, when you choose to do so;
    • as part of our efforts to keep our site safe and secure;
    • to measure or understand the effectiveness of our website content we serve to you and others.
  • Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
  • Information processed on behalf of other organisations (“outsourced”). Our services include carrying out data research and data management activities on behalf of other organisations, in other words activities outsourced to us. When necessary, other organisations may share personal information with us in order for us to carry out the services they require. The services we perform include data quality checking, data cleansing, and data set merging operations, as well as carrying out customer research or project evaluation activities.

Information about individuals shared as part of outsourced data research and management activities will only be shared with us and processed in accordance with instructions set out in a formal data processing contract between Hayley Sampson Research and the organisation commissioning such services from us. Once we have completed the activities specified in the data processing contract, all data shared with us will be returned to the originating organisation and deleted from our systems.

We make no attempt to identify any individual from anonymised/pseudonymised information shared with us.

GOOGLE ANALYTICS

We do not use Google Analytics, a third party service (or similar third party service providers), to collect standard internet log information and details of visitor behaviour patterns of people visiting a website.

DISCLOSURE OF YOUR INFORMATION

We may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Hayley Sampson Research or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms & Condition of Use and other agreements; or to protect the rights, property, or safety of Hayley Sampson Research, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We do not use advertisers or advertising networks and do not select and serve adverts to you or others.

WHERE WE STORE YOUR PERSONAL DATA

Your information will be stored electronically in a Customer Relationship Management (CRM) system hosted locally and/or on Cloud-based servers operated by carefully chosen suppliers.

We endeavour to use suppliers located, and/or have servers located, within the UK and/or European Economic Area (“EEA”) or which have adequate safeguards in place for the protection of personal data if it is likely to be transferred outside of the the UK or European Union.

However, the data that we collect from you may be transferred to, and stored at, a destination outside the UK or European Economic Area (“EEA”). It may also be processed by staff operating outside the UK or EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict technical and organisational safeguards, procedures and security features to try to prevent unauthorised access, unlawful processing, and against accidental loss, destruction or damage, using appropriate technology and physical means.

YOUR RIGHTS

We do not process your personal data for marketing purposes. You have the right to ask us not to contact you for any reason. You can exercise this right at any time by emailing us. In these circumstances we retain a ‘do not contact’ (data suppression) list containing the minimum information necessary to ensure that we comply with your wishes. It reduces the risk of us inadvertently contacting you again in the future against your wishes.

Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

ACCESS TO INFORMATION

The Act gives you the right to access information held about you by emailing us. Your right of access can be exercised in accordance with the Act. We may need to ask for further information in order to verify your identity before we release information to you.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.

CONTACT

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to hayley@sampsonresearch.co.uk.