<img alt="" src="https://secure.office-information-24.com/785633.png" style="display:none;">

Privacy Notice

Introduction

This Privacy Notice relates to the personal data we hold in relation to our customers, potential customers, visitors of our website, research participants and other parties with whom we do or want to do business or interact with.

We are committed to protecting the privacy of these parties, and the information we hold about them. We hold information about individuals in order for us to provide, improve or develop our products and services, which may involve, for example:

  • Communications relating to product updates, for example core software and calculations releases, annual allowance guidance, etc.
  • Communications relating to feedback and future developments.
  • Communications relating to our corporate website and our Altair or other product portals.
  • Invitations to training sessions, conferences, webinars, roundtable discussions and/or other events, held ‘in-person’ or via the Internet.
  • Information about our products and services, (both new and existing).
  • Opportunities to complete surveys, take part in research or enter competitions or other promotions.

Information that we hold about customers and other parties with whom we do business will be used only in accordance with this Privacy Notice.

We are committed to complying with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”). This Privacy Notice sets out your rights, and the basis by which we collect, use and disclose personal data. We will always be transparent about how we process personal data.

Heywood Limited, registered at Second Floor, 3 Barrington Road, Altrincham, WA14 1GY, is the Data Controller for your personal information.

The person with ultimate responsibility for Data Protection is Chris White, Head of Standards and Compliance, who can be contacted via dataprotection@heywood.co.uk.

If you are a job applicant – please visit here for our Privacy Notice for your data.

How do we collect information?

We collect information about you in various ways, including:

  • Information that we ask for, and you provide to us, that is necessary for us to supply your business with our software, support, and other related services.
  • When you opt to submit personal information, in order for us to send you further information or email alerts; when you request to view certain content, such as white papers, or when you register for an event, conference or webinar.
  • Information which is collected and stored during normal use of our websites and portals, such as your IP address and the pages you visited.

What information do we collect, why and what is the lawful basis?

Personal information collected

Purpose

Lawful basis

Your basic identification and contact details – e.g. your name, company name, job title, address, telephone number, email address and any other information that you may provide to us.

This may also include contact information provided to us by a pension fund customer for certain services e.g. if your business is an administered employer of that fund.

We may have this information for our customer or business relationship management purposes, business development or marketing, or for monitoring use of our products and services.

Legitimate interests.

 

Information about your relationship with us such as information about events you have attended and feedback you have given us.

To monitor your activity with our business and for marketing purposes.

Legitimate interests.

Details of your visits to our website and online portals, the pages you view and resources you access or download.

 

We analyse browsing data to understand how you use the features and functions of our website and portals, to identify improvement so that we can provide you with a better online experience.

We analyse how you interact with certain content to enable us to provide you with more relevant content.

Legitimate interests.

Details of the actions you take within emails we have sent you, for example, which content you click through to read on our website.

We analyse how you interact with email content to enable us to provide you with more relevant content.

Legitimate interests.

Information that you choose to provide by filling in a form on our website, including when subscribing to bulletins and other communications or registering for events.

 

To fulfil your requests for products, services and information.

Legitimate interests.

If you contact us with an enquiry, or for information, we may keep a record of that correspondence.

To respond to your requests for more information, such as bulletins and other notifications, registration for events, release documentation, white papers, etc and to monitor enquiries/responses.

We may hold such contact information included for marketing purposes.

Legitimate interests.

Your responses to any surveys you’ve completed following our request, or any data you provide during any research activity.

For surveys or research questionnaires to help improve our products and services or knowledge of the topic.

Consent or legitimate interests. 
If you provide your contact details to take part in research, we will provide further information and a consent form.

We may collect personal information when we meet you face to face or when you contact us either on the telephone or in writing.

We may also obtain contact information from publicly available sources or third party sources.

To monitor your interactions with our products, services and offerings.

To contact you for marketing purposes.

Legitimate interests.

User log in details for our systems where we can control the authentication process.

To manage the authentication process for our systems. 

Legitimate interests.

Member data, usually anonymised or pseudonymised, following customer permission.

To improve our processes and systems/


To provide analytics on how to improve data quality and accuracy by obtaining information from third parties including credit reference agencies.

 Legitimate interests.

Member analytic data following cookie permission on member-facing sites. This data is usually pseudonymised.

To improve our processes and systems.

Legitimate interests.

Your rights

You are entitled to know whether we hold personal data about you and, if we do, you will have the following rights:

  • the right of access to copies of your personal data;
  • the right to rectify any of your personal data you think may be inaccurate;
  • the right to have your personal data deleted in certain circumstances;
  • the right to restrict the processing of your personal data in certain circumstances;
  • the right to object to processing in certain circumstances;
  • the right to data portability in certain circumstances.

You can also choose to manage any marketing communications you receive by following the opt-out instructions contained in emails that we send to you. In such cases, we will retain the minimum personal data necessary to record that you opted out, in order to avoid contacting you again.

Please contact dataprotection@heywood.co.uk if you’d like to:

  • find out more about your rights and your personal data;
  • object to us processing your personal data; and/or
  • opt out of certain communications, such as marketing communications.

Who will the information be shared with?

We will not share your personal information with any third party that intends to use it for their own direct marketing purposes, unless we have specifically informed you and you have given us specific permission to do this.

We may use third parties, such as service providers, agents or contractors to provide us with administration systems, such as those used to provide customer relationship management services, data centres, software support services, finance and billing services, marketing platforms, software development tracking services, training programmes, event registration services, and online advertisements.

These third parties may come into contact with your personal information in the course of providing their services to us. They must provide equivalent levels of security for your personal information as Heywood and, where required, be bound by a data processing or sharing agreement to keep your personal information private, secure and to process it only at our specific instruction.

Where might you transfer my information outside the UK/EEA?

Most of our systems that would store your information are based in the UK/EEA however certain third-party suppliers that we use may store certain personal information outside of the UK/EEA.  Where this is the case, we will always ensure that all relevant Data Protection laws including the UK GDPR are complied with, and that appropriate measures are in place to keep your personal data secure.

How long do you keep hold of my information?

We have a Data Retention Policy which mandates how long records, including personal data, are retained. Retention periods are determined by legislation and our business requirements. At the end of any retention period, we will delete your personal data.

In most cases we will hold your data for up to three years after last contact, unless we have a legitimate business need or regulatory obligation which requires that we hold this data for a longer period of time. For example, if your business has a contract with us, we will retain the necessary information, including contact details, for 7 years following the end of any such contract in line with HMRC requirements and our legitimate business need to hold all information in the event of a contractual claim.

All information will be stored securely on our systems. Our Data Retention policy is available upon request via dataprotection@heywood.co.uk.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Heywood is certified to ISO 27001, an independent security standard which sets a framework for establishing, operating, reviewing and improving Information Security Management. Protecting information is vital, and achieving the high standards required for ISO 27001 reaffirms our commitment to do so.

Google Analytics

We may use Google Analytics to collect information about visitor behaviour on our website. This stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This data does not contain personally identifiable information and so you cannot be identified from it. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

You can choose to opt-out of Google Analytics by notifying us using the ‘Contact Us’ form on our website.

Social media

Our sites include social media features, such as Facebook, Google and Twitter 'Share' buttons. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing them.

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

The right to complain

If you have any concerns or complaints regarding the processing of your personal data, or our compliance with the UK GDPR and DPA 2018, you should contact our Head of Information Security and Quality via dataprotection@heywood.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office. Their contact details are:

  • www.ico.org.uk
  • 0303 123 1113
  • Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Changes to our Privacy Notice

We may change this notice from time to time.

This Privacy Notice is effective from February 2024.

 

Job Applicant Privacy Notice

Introduction

Heywood Limited is the data controller for the information you provide during the job application process, unless otherwise stated.

The person with ultimate responsibility for Data Protection is Chris White, Head of Standards and Compliance, who can be contacted via dataprotection@heywood.co.uk.

Purpose and lawful basis for processing

Our purpose for processing this information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.

The lawful bases we rely on for processing your personal data as a job applicant are:

  • where necessary to perform a contract or to take steps at your request, before entering a contract;
  • where it is in our legitimate interests;
  • as required by our legal obligations e.g., to carry out right to work checks or under the Equality Act 2010 where you provide any information about reasonable adjustments.

The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious, sexual orientation or ethnicity information is that necessary for the purposes of our obligations in employment legislation and the safeguarding of your fundamental rights such as health, safety and welfare.

What will we do with the information you provide?

All the information you provide during the process will be used only for the purpose of progressing your application, or to fulfil legal or regulatory requirements, if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes, or store any of your information outside the European Economic Area. The information you provide will be held securely by us and/or our data processors, whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role for which you have applied.

What information do we ask for and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we request is used to assess your suitability for employment. You need not provide the information that we request, but it might affect your application if you do not.

How do we obtain your information?

We will receive your information if you apply for a position as listed on job boards, or if you have provided details to a recruitment agency that we work with. You may also provide information via our website or by way of a referral from a current Company employee.

Application stage

When you apply for a position, we may ask you for your personal details, including name and contact details. We may also ask you about your previous experience, education, and for answers to questions relevant to the role for which you have applied.

Assessments

We might ask you to: complete tests and/or to attend an interview, or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by Heywood Limited.
If you are unsuccessful following assessment for the position for which you have applied, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we will endeavour to proactively contact you should any further suitable vacancies arise.

Conditional offer

If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to secure your offer. We are required to confirm the identity of our employees, and their right to work in the United Kingdom.

We may use third party providers for this, SVS (Security & Vetting Solutions) and Yoti. If we do so, we will share your name and email address with them for this purpose. Their privacy policies are available at:

https://www.security-vetting.co.uk/privacy-policy/

https://www.yoti.com/privacy/

You will be asked to provide various documentation to confirm your identity and right to work directly to us or our providers. We will take copies or be provided with copies and will retain these in line with our Data Retention Policy.

Your referees will be contacted, using the details you provide, directly to obtain references and any educational information may also be verified.

We will ask for further information should you accept our offer. This is outlined in our employee privacy notice, which will be sent with your contract and will include, for example:

  • Bank details;
  • Emergency contact details;
  • Medical information (where necessary for reasonable adjustments).

How long is your data held for, where is it stored and who has access?

If you are unsuccessful, we may hold your data for a period of up to six months, after which your data will be deleted or disposed of. If you are successful and become an employee, you will be provided with an employee privacy notice for the data you share during the course of your employment.

We store the data on your application record, in HR management systems and on other IT systems (including email).

Our HR team will have access to all information provided. Interviewers, managers, and IT staff will also have access if necessary for the purpose of the application process or their roles.

Your rights

You are entitled to know whether we hold personal data about you and, if we do, you will have the following rights:

  • right of access to copies of your personal data;
  • right to rectify any of your personal data you think may be inaccurate;
  • right to have your personal data deleted in certain circumstances;
  • right to restrict the processing of your personal data in certain circumstances;
  • right to object to processing in certain circumstances;
  • right to data portability in certain circumstances.

Please contact dataprotection@heywood.co.uk if you’d like to find out more about your rights and your personal data.

Use of data processors

We may use data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with all of our data processors, and your personal data will only be processed in line with our instructions.

Use of job boards and recruitment agencies

We may use job boards and recruitment agencies to advertise/manage our vacancies. Any applications made by you through these boards and agencies are governed by their privacy notices and the terms and conditions as specified by them. Once you apply via a job website and submit your CV/an application, we will have access to any personal data submitted. Recruitment agents will submit your details and CVs to us in line with their own procedures.

Automated decision making

We generally do not undertake any solely automated decision making. If you apply via LinkedIn and Indeed, for example, you will usually be asked to confirm whether you have a right to work in the UK. If you select no, your application will not be taken further as we cannot provide visa sponsorship or work opportunities to those who do not have the right to work in the UK. 

The right to complain

If you have any concerns or complaints regarding the processing of your personal data, or our compliance with the UK GDPR and DPA 2018, you should contact our Head of Standards and Compliance via email dataprotection@heywood.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office. Their contact details are:

  • www.ico.org.uk
  • 0303 123 1113
  • Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Changes to our Privacy Notice

We may change this notice from time to time.

This Privacy Notice is effective from March 2024.