Privacy Policy

Our privacy policy complies with the new GDPR legislation that begins on 25th May 2018. Our aim is to give you peace of mind and confidence knowing that we will manage your data correctly and explain clearly and in detail how and why we use and collect your data, and your rights. We do not sell or share your private information with other parties.

Privacy basics

The privacy policy sets out how H3Uni (Scottish Charity SC047900 and Guarantee Company SC507088, 18 North Street, Glenrothes KY7 5NA), hereafter referred to as H3Uni, uses and protects any information that you provide to us when using any of our products and services or information that we otherwise obtain about you through the provision of those services.

H3Uni takes seriously our obligations to protect your data and we fully comply with the EU General Data Protection Regulation (GDPR) and other applicable national regulations including the UK Data Protection Act 2018.

What kinds of information do we collect?

Personal information that we collect

We receive or collect a limited set of personal data for the following purposes:

  1. identifying you as a client;
  2. contacting you to offer services;
  3. sending you information and/or newsletters relevant to our services;
  4. providing our services to you;
  5. to carry out our obligations arising from any agreements entered into between you and us;
  6. internal record keeping.

Information about payments.

If you purchase any services from us we collect information necessary to make the purchase or transaction. We record the payment confirmation to indicate your eligibility for that particular service. We do not store credit card details or any other personal financial information. Payments are processed via external payment systems (see section below on How is this information shared). If you purchase services from us using Eventbrite, then they process your payments without us seeing your personal financial information – you can see Eventbrite’s privacy policy here.

How this information is used:

Where is your information held?

We use an International hosting company that is an industry acknowledged leader in secure hosting environments, it is SOC II Compliant with PCI DSS Certification. (Achieving SOC IIcompliance means a company have established a process and practices which required levels of oversight across their organisation).

How long do we keep your information for?

We will only retain your data as long as we are able to provide a service to you. As we provide an ongoing service, this will usually require us to retain your personal data until you request to be removed. In case only of legal requirement, we may hold certain data for legal or regulatory purposes after your removal as a client.

Security

In order to prevent unauthorized access or disclosure we have put in place security measures and managerial proceducres to safeguard and hold secure the information we hold.

Sharing With Third-Party Partners and Customers

We transfer information to vendors, service providers, and other partners who globally support our business. These services include the provision of technical infrastructure services (e.g. web site hosting), provision of customer service, facilitation of payments or provision of email services. These partners adhere to strict confidentiality obligations in a way that is consistent with this Data Policy and the agreements we enter into with them. We never share information with other customers or to third partiesother than as necessaryto provide you with the services defined herein. 

Transfers outside of the EU

Our data is stored with an international hosting company and is therefore likely to be stored on servers outside of EU, primarily the USA. 

Legal obligation

We may also release your personal information to regulatory or law enforcement agencies if required by law to so do.

How can I access my rights to obtain, correct or delete information about me?

You can withdraw your consent to the use of your personal information at any time. This will affect the services that we are able to supply to you. For more information on your rights you may visit the ICO website www.ico.org.uk

Providing there is no legal exemption then you are entitled to the following:

  1. Request a copy of your personal information
  2. Request to erase your personal data
  3. Place restrictions on our processing your data
  4. Correct any data inaccuracies

We never engage in automated decision making or profiling. Any questions or requests in respect of the above rights can be requested by contacting us at the Data Controller Address as defined below.

How will we notify you of changes to this policy?

We’ll notify you before we make changes to this policy and give you the opportunity to review the revised policy before continuing to use our Services. This notification will be by email using the contact information held by us at that time.

Data Controller Information

Ian Kendrick is the Data Controller for any information you supply to us or is otherwise held by us.

Requests and information can be obtained from:

Email address: ian.kendrick (at) h3un (dot) org