Skip to navigation Skip to content

Privacy Policy

Privacy policy (non-US)

We have updated these terms as of June 24, 2024
1. PURPOSE OF OUR POLICY

1.1 HSI APAC PTY LTD Trading as Donesafe ACN 165 144 767 (we, us or our) has adopted this Privacy Policy to ensure that we have standards in place to protect the Personal Information that we collect about individuals that is necessary and incidental to:

(a) Providing the system and services that Donesafe offers; and

(b) The normal day-to-day operations of our business.

1.2 This Privacy Policy follows the standards of the Australian Privacy Principles set by the Australian Government for the handling of Personal Information under the Privacy Act 1988 (Cth) (Privacy Act).

1.3 By publishing this Privacy Policy we aim to make it easy for our customers and the public to understand what Personal Information we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their Personal Information in our possession.

2. WHO AND WHAT THIS POLICY APPLIES TO

2.1 Our Privacy Policy deals with how we handle “personal information” as it is defined in the Privacy Act (Personal Information).

2.2 We handle Personal Information in our own right and also for and on behalf of our customers and users.

2.3 Our Privacy Policy does not apply to information we collect about businesses or companies, however it does apply to information about the people in those businesses or companies which we store.

2.4 The Privacy Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.

2.5 If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.

2.6 Our website and services are unavailable to children (persons under the age of 18 years).

3. THE INFORMATION WE COLLECT

3.1 In the course of business it is necessary for us to collect Personal Information. This information allows us to identify who an individual is for the purposes of our business, share Personal Information when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:

(a) Personal Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information defined as “Personal Information” in the Privacy Act that allows us to identify who the individual is;

(b) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;

(c) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;

(d) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and

(e) Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.

3.2 We may collect other Personal Information about an individual, which we will maintain in accordance with this Privacy Policy.

3.3 We may also collect non-Personal Information about an individual such as information regarding their computer, network and browser. This may include their IP address. Where non-Personal Information is collected the Australian Privacy Principles do not apply.

4. HOW INFORMATION IS COLLECTED

4.1 Most information will be collected in association with an individual’s use of Donesafe, an enquiry about Donesafe or generally dealing with us.

(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;

(b) Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;

(c) Supply. When an individual supplies us with goods or services;

(d) Contact. When an individual contacts us in any way;

(e) Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or

(f) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.

4.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.

4.3 Information about is collected when you use our services, including browsing our websites and taking certain actions within the Services.

4.4 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the Australian Privacy Principles.

5. WHEN PERSONAL INFORMATION IS USED & DISCLOSED

5.1 In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected without the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.

5.2 We will retain Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

5.3 If it is necessary for us to disclose an individual’s Personal Information to third parties in a manner compliant with the Australian Privacy Principles in the course of our business, we will inform you that we intend to do so, or have done so, as soon as practical.

5.4 We will not disclose, share or sell an individual’s Personal Information to unrelated third parties without an individual’s consent. For collaboration – the creation of content, which may contain information about you, we do not share information that we collect.

5.5 Information is used to enable us to operate our business, especially as it relates to an individual. This may include:

(a) The provision of goods and services between an individual and us;

(b) Verifying an individual’s identity;

(c) Communicating with an individual about:

(i) Their relationship with us;

(ii) Our goods and services;

(iii) Our own marketing and promotions to customers and prospects;

(iv) Competitions, surveys and questionnaires;

(d) Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or

(e) As required or permitted by any law (including the Privacy Act).

There are some circumstances in which we must disclose an individual’s information:

(i) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;

(ii) As required by any law (including the Privacy Act); and/or

(iii) In order to sell our business (in that we may need to transfer Personal Information to a new owner).

5.6 We will not disclose an individual’s Personal Information to any entity outside of Australia that is in a jurisdiction that does not have a similar regime to the Australian Privacy Principles or an implemented and enforceable privacy policy similar to this Privacy Policy. We will take reasonable steps to ensure that any disclosure to an entity outside of Australia will not be made until that entity has agreed in writing with us to safeguard Personal Information as we do.

5.7 We make collaboration tools. This means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.

5.8 We may utilise third party service providers (such as Gmail from Google, Inc., and MailChimp from The Rocket Science Group LLC) to communicate with an individual and to store contact details about an individual. These service providers are located in the United States of America.

6. OPTING “IN” OR “OUT”

6.1 An individual may opt to not have us collect their Personal Information.

This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:

(a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or

(b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.

6.2 If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.

7. THE SAFETY & SECURITY OF PERSONAL INFORMATION

7.1 We may appoint a Privacy Officer to oversee the management of this Privacy Policy and compliance with the Australian Privacy Principles and the Privacy Act. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.

7.2 We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access.

This includes appropriately securing our physical facilities and electronic networks.

7.3 Donesafe uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.

7.4 We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.

7.5 If an individual suspects any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.

7.6 We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.

8. HOW TO ACCESS AND/OR UPDATE INFORMATION

8.1 Users of Donesafe can update their Personal Information from within their Donesafe account or profile.

8.2 Subject to the Australian Privacy Principles, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information within

28 days of receiving their written request.

8.3 If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.

8.4 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.

8.5 We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.

9. HOW DOES DONESAFE STORE AND SEND DATA

9.1 Our goal is to provide our customers with secure, fast, and reliable services. As a provider of global services, we run our services with common operational practices and features across multiple jurisdictions. Website data is stored in Australia only. We store specific application data in data centres located in the US, AU and EU. Data is stored in the data centre closest to the location of the majority of users accessing an instance. We may also allow employees and contractors located around the world to access certain data for product promotion and development, customer and technical support purposes.

9.2 Can you host my data in the EU? Donesafe offers European hosting, we will optimise where to host customer data based on how it is accessed around the world (rather than upon request). We don’t guarantee that your data will be hosted in a specific location. However, data hosting location determinations are always based on reducing latency and achieving optimal performance for you and your users.

10. COMPLAINTS AND DISPUTES

10.1 If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.

10.2 If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.

10.3 If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.

11. CONTACTING INDIVIDUALS

11.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.

12. CONTACTING US

12.1 All correspondence with regards to privacy should be addressed to:

The Privacy Officer
HSI APAC PTY LTD
4/37-69 Union Street
Pyrmont 2009
NSW, Australia
info@donesafe.com.au

You may contact the Privacy Officer by email in the first instance.

13. ADDITIONS TO THIS POLICY

13.1 If we decide to change this Privacy Policy, we will post the changes on our webpage at https://www.donesafe.com/privacy-policy/ Please refer back to this Privacy Policy to review any amendments.

13.2 We may do things in addition to what is stated in this Privacy Policy to comply with the Australian Privacy Principles, and nothing in this Privacy Policy shall deem us to have not complied with the Australian Privacy Principles.

14. COMPLIANCE WITH GDPR

14.1 We acknowledge that the EU General Data Protection Regulation (GDPR) may apply to certain information that we process. This clause applies to the personal data governed by GDPR. “Personal data”, “process”, “controller”, “processor”, “data subject” and “consent” have the meaning as defined in GDPR.

14.2 As set out in clause 2.2 and clause 4 of our Privacy Policy, we may process personal data as the controller, processor or neither. We represent to adhere to GDPR’s requirements on a controller or processor, as the case may be. To the extent of any inconsistency between our Privacy Policy and GDPR, GDPR shall prevail.

14.3 We will not collect personal data unless with the data subject’s consent. Without prejudice to the data subject’s right under clause 6 of this Privacy Policy, the data subject may revoke the consent to the processing of personal data at any time.

14.4 Every data subject has a right of access (article 15 GDPR), a right to rectification (article 16 GDPR), a right to erasure (article 17 GDPR), a right to restriction of processing (article 18 GDPR), a right to data portability (article 20 GDPR) and a right to object (article 21 GDPR). Data subjects also have a right to lodge a complaint with a supervisory authority (article 77 GDPR).

Privacy policy (US)

Introduction

The privacy of your personal information is important to Health and Safety Institute (HSI), also referred to in this notice as “we,” “us” or “our”), and we are committed to protecting the privacy of such personal information. In order to provide you information about the services we can provide you, however, it is necessary for us to possess certain personal information of yours, the privacy of which may be protected by the laws or regulations of various governments throughout the world.

Without some of this information, we cannot provide you with the services you may request. If you are currently receiving information from us, you may opt-out of receiving further communications at any time.

This privacy statement explains our personal information policies and practices, including, but not limited to, the types of personal information we may collect about you, the purposes for collecting such information, the circumstances under which we may disclose such information to third parties, the measures we take to secure the confidentiality of such information, and the information you will need to contact us or others to address your privacy concerns including the exercise of your rights.

What information is considered personally identifiable information (PII)?

The privacy laws and regulations from various countries throughout the world define this term in different ways and even use different terms in describing personal information which should be protected and kept as private as possible. Some laws and regulations consider only very limited types of information to be protected and private. Others include much broader categories.

We have chosen to adopt the broader approach to what information must be protected and kept as private as possible. In this notice, “Personally Identifiable Information” (PII) refers to data that could be used, alone or in combination with other data, to identify you as an individual. It can include, among others, name, physical address, email address, IP address, date of birth, social security number, passwords, credit card or other financial or payment information.

How we collect, use or process your PII

Collection and uses of personal information: By visiting, contacting, or registering with us we may collect thefollowing personal information:

  • Contact data, such as your address, area (including postal or ZIP code), email address and telephone details.
  • Payment and billing details, if you choose to engage in service with us.
  • Technical data, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions,
  • operating system and platform and other technology on the devices you use to access the site.
  • Usage data, which includes information about how you use the site, and any communications we may receive from you.
  • Marketing and communications data, including your preferences in receiving marketing and other communications from us.

The purpose of processing your personal information may include: marketing and communications, delivery of service, and/or billing and payment.

Our site is not intended for storing or transmitting ‘special categories’ of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or health information. We do not knowingly collect information relating to actual or alleged criminal offences.

Visiting our website: donesafe.com

You may choose to share your PII with us to obtain information about our products or services. We might also record and maintain certain PII from you by recording network traffic, tracking cookies, or through the completion of online web forms.

Use of cookies:

Some of the PII we collect is through the use of third-party automated collection tools on our website(s), such as cookies that capture information sent from your web browser to our website. Information that is collected includes your IP address, the website address that you were at before landing at our website, and information such as the pages you clicked through while at our website. This information is collected to improve your experience and offer services to you. By visiting our website(s), you agree to our use of cookies. You can refuse the use of cookies by selecting the appropriate browser setting. If you refuse the use of cookies, please note that your experience using the site may not be optimal.

From third parties:

From time to time we may receive your business contact information from third parties. This may happen if one of our existing suppliers or customers refers your company to us.

Sharing your PII with third parties:

We do not sell your PII to any third parties.

We may share your PII we possess with our affiliates, business partners and third parties for the purposes of operating our business and delivering and improving the services we provide to you as well as for other legitimate purposes permitted by applicable law including sending marketing and other communications related to our business.

We also share personal information for a variety of purposes including, but not limited to, the following ways:

  • Within HSI and our affiliates and subsidiaries for data processing or storage purpose
  • With business partners and suppliers to provide services and help facilitate transactions including processing orders, marketing communications and customer support.)
  • In response to a request from law enforcement, government authorities, or other third parties as necessary to comply with legal process or meet national security requirements.
  • For any purposes other than which the PII was collected (and other than for the exceptions listed here) only after we have provided you notice and received your consent to share the information for that purpose.

Collecting personal information from minors:We do not offer services and products to minors and do not intend to collect personal information from children under the age 16. We follow all local legal requirements with respect to the collection and processing of a minor’s personal information without the appropriate authorization from a parent or guardian.

Lawful basis of collection and use of your PII

Our collection and use of your PII is lawful.

We will only use your information where:

  • We have a legitimate interest (reasonable purpose) for doing so:
    • We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights.
    • We will use your identity, contact and usage information to keep our records up to date, and to customize our site’s content to you. If you are a current or former user of our services, we may also use your contact and identity details to keep you up to date with our latest news.
    • We will use your technical information to:
      • provide and make improvements to the site, system maintenance, support, reporting and hosting of data, and troubleshooting;
      • ensure that the site is secure;
      • analyze how users interact with the site; and
      • address any issues you may experience with the site.
    • We may also use any or all of the information above to administer and manage HSI in general. If you feel that your interests and fundamental rights outweigh our business purposes, and that we should therefore stop processing your data, please let us know.
  • We need to comply with a legal or regulatory obligation
    • HSI may access and/or disclose your personal information if required to do so by law or in the good faith belief that such action is necessary to:
      • conform to the edicts of the law or comply with legal process served on HSI;
      • protect and defend the rights or property of HSI; or
      • act under exigent circumstances to protect the personal safety of users of HSI services or members of the public.
  • We need it to perform a contract or provide a service that you or your organization has asked for:
    • For example, we may need your contact information to respond to a question you have asked us via our site, and your billing and payment information to process any payments you have requested.
Security of PII

We are committed to protecting your PII from unauthorized access and use. We implement and maintain appropriate technical, physical and administrative safeguards to help accomplish this goal. Access to your PII is restricted to only those employees who need to know that information to provide our services to you.  Our employees receive training to maintain the confidentiality, privacy and security of your PII.

Data storage and retention

Your PII will be retained only for as long as the information is needed to fulfill the purposes for which it was collected and processed. We reserve the right to retain and use your PII for as long as necessary to comply with our legal obligations and business requirements and/or to resolve ongoing disputes and enforce our agreements.

Data Subject Rights

The General Data Protection Regulations (GDPR) of the European Union (EU), along with other national privacy laws, provide certain rights regarding the PII of an individual (described in GDPR as a “data subject”).  This privacy statement is intended to inform you of your rights with respect to your PII under the GDPR (which may also exist with other national privacy laws) and to provide you with the information necessary to exercise those rights.

Individuals who reside in the EU and whose personal data is collected and processed by us have the right to the following:

  • To request access to your PII
  • To rectify your PII
  • To take your PII to another service provider (often described as “portability”)
  • To erase your PII
  • To restrict or object to the processing of your PII
  • To lodge a complaint with a Member State Supervisory Authority

In addition, you have the right to withdraw consent if consent was provided to collect and process you PII. If you withdraw consent, that will not impact your PII that was processed prior to withdrawal of the consent.

International transfers of PII

We may transfer your PII in our possession to other third parties, such as our third-party service providers, in a country other than the one in which it was originally collected. When transferring your PII from one country to another country, we have implemented procedures to ensure that appropriate safeguards are in place to protect it regardless of where it is being transferred.

Changes to this privacy statement

From time to time we may update this privacy statement. If revisions are made to the privacy statement, we will update the statement with a new revision date.

This privacy statement was revised and posted on 8/21/2019.

Questions, concerns or complaints

If you have any questions, concerns or complaints regarding the information in this privacy statement and/or our privacy practices, please contact

Frank Powers, Chief Technology Officer
Health and Safety Institute, Inc
1450 Westec Dr, Eugene OR 97402
dataprivacy@hsi.com
(800) 447-3177

Privacy policy (UK)

Introduction

[HSI APAC PTY LTD] (“HSI”) is committed to protecting your privacy.  This privacy policy gives you information about how HSI (“us”, “we”, or “our”) collects and uses your personal information through your use of our website, including any information you may provide when you purchase goods or services from us. HSI is responsible for any personal information collected by or provided to us in these circumstances. We are therefore termed the ‘controller’ under the UK version of the General Data Protection Regulation (UK GDPR).

This privacy notice does not apply to the extent we process personal information in the role of a processor or service provider on behalf of our customers.

We do not offer services or products to children and do not intentionally collect personal information of individuals under the age 16.

Personal information we collect

We collect and process the following personal information from you:

  • Identity data, including your name, date of birth, title, marital status, employment history and job title;
  • Contact data, including address, telephone number and email address;
  • Business information, including information provided in the course of the relationship between your organisation and us, your feedback and survey responses;
  • Payment and billing details, including bank account or payment card details and other data necessary for processing payment;
  • Technical data, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access our website;
  • Usage data, such as information about how you interact with and use our website, products and services; and
  • Marketing and communications data includes your preferences in receiving marketing from us
How is your personal information collected?

Personal information you provide to us

We collect personal information directly from you, for example when you:

  • browse, complete a form or make an enquiry or otherwise interact on our website;
  • correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our consultants and staff; or
  • when you use our services, including browsing our websites and taking certain actions within the services.

Personal information we collect about you from third parties

We may also collect personal information from third parties such as your employer and other organisations that you have dealings with – for example, where one of our existing suppliers or customers refers your organisation to us. We also obtain information from publicly available records, entities we partner with to sell products and services, and third-party providers of business information. This may include information such as your name, job title, company name, e-mail address.

Personal information we collect when you use our website

We use cookies on our websites. For further information, including the types of cookies that we use and how to manage cookies placed on our websites, please refer to https://www.donesafe.com/uk/cookie-declaration/

We also use tracking technology (such as pixel tags) to enable us to send email messages in a format customers can read and to allow us to see whether emails are opened, replied to, or forwarded and whether links are followed.

How we use your personal information

Purposes for which we use your personal information

We may use your personal information to:

  • process and respond to requests, enquiries or complaints received from you;
  • consider whether we can pursue certain business development initiatives;
  • register your organisation as a new customer;
  • provide goods and services to you/your organisation and to administer and manage our relationship with you/your organisation;
  • send relevant marketing communications and deliver relevant online advertisements to you and measure or understand the effectiveness of the advertising we serve to you;
  • improve our website, services, marketing, customer relationships and experiences;
  • provide and make improvements to the site, system maintenance, support, reporting and hosting of data, and troubleshooting;
  • monitor and analyse how you interact with our website and address any issues you may experience with the website;
  • exercise or defend legal claims; and/or
  • investigate any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity.

Lawful bases for processing your personal information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • it is necessary for the performance of a contract with you or the organisation you work for;
  • where we need to comply with a legal or regulatory obligation that we are subject to; or
  • if we (or a third party) have a legitimate interest which is not overridden by your interests or your rights and freedoms. Such legitimate interests include running our business, the provision of services, to help us improve and develop our products and services; and to carry out marketing.

Retaining your personal information

We will only retain your personal information for as long as is necessary for the purpose for which it was collected. Typically, this means we will delete your personal information once your contract with HSI has ended.

We may need to keep your personal information for longer than this where it is necessary (i) to establish, bring or defend legal proceedings or to comply with a legal or regulatory requirement; or (ii) to preserve records to be able to deal with external or internal audits. Other parties who will have access to your personal information

Your personal information may be disclosed by us to the following third parties:

  • third parties which manage our contact database and deliver communications to you, such as [Gmail from Google, Inc., and MailChimp from the Rocket Science Group LLC to communicate with you and store your contact details];
  • [specific business partners that resell HSI services and/or provide customer support]
  • other service providers including IT suppliers, administration services providers;
  • public bodies, including regulatory bodies, where we are obliged or permitted by law to do so (this may include the Information Commissioner’s Office);
  • our professional advisors including lawyers and auditors;
  • third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets; or
  • other parties where it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights.
Marketing

You can ask us to stop sending you marketing communications at any time by clicking on the “unsubscribe” link located on the bottom of email marketing communications.

Please note that if you opt out of receiving marketing communications, you will still receive important service-related communication such as changes to our terms and conditions and policies.

Data security

We have put in place appropriate security measures to prevent your personal information from being lost, used, accessed, altered or disclosed in an accidental or unauthorised way. We are committed to ensuring that all reasonable and appropriate steps have been taken to protect your personal information which incudes, where appropriate, utilising encryption measures.

International transfers

We may transfer your personal information to countries outside the jurisdiction where you provided it or where we collected it. Some of your personal information may be stored outside of the UK, or your own jurisdiction and managed by a third-party service provider.

We will only share personal information with others outside the UK when we are legally permitted to do so, namely where:

  • the UK government has decided that the relevant country has adequate protective rules in relation to data protection in place;
  • we have entered into the relevant “standard contractual clauses” with the recipient of your personal information (these are a set of obligations about how your data is protected and used); or
  • we can rely on another basis under the law such as that we have to share the personal information because this is necessary for the purpose of a court case, investigation or to protect our legal rights.
Change of purpose

We will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose.

If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. However, we may process your personal information without your knowledge or consent where this is required or permitted by law.

Your data protection rights

Under certain circumstances, you have a number of rights under data protection laws with regard to the personal information we use about you. These are described in the sections below. To exercise any of your rights in relation to HSI please contact us by email at [dataprivacy@hsi.com] or by telephone on [[(800) 447-3177].

Right of access to personal information – You have a right to request a copy of the personal information we hold about you.

Right to rectification – If you believe the personal information we hold about you is incorrect, you can contact us to request for any incomplete or inaccurate data that we hold about you to be corrected. However, we may need to verify the accuracy of the new information you provide to us.

Right to erasure – You have the right to request the deletion or removal of personal information we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to us holding your information, where we may have processed your information unlawfully or where we are required to erase your personal information to comply with law. Although we will consider every request for erasure on its merits, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at that time of your request.

Right to object to processing – You have a right to object to the processing of your personal information where we are using it for the purpose of our legitimate interests. If we agree that your objection is justified we will stop using your information for those purposes. Alternatively, we will explain why we still need to use your information.

Right to restrict processing of your personal information – You have a right to request us to suspend the processing of your personal information in the following situations:

  • for the period it takes us to rectify any inaccurate data about you;
  • where our use of the data is unlawful but you do not want us to erase it;
  • where you want to prevent us from deleting your data at the end of the retention period in the event that you need it to establish, exercise or defend a legal claim;
  • where you have objected to our use of your data, but we need to verify whether we (or a third party) have overriding legitimate grounds to use it.

Right to request the transfer of your personal information to you or to a third party – You have the right to ask us to transfer certain information we hold about you to a third party you have chosen, or directly to you. Where your request is valid, we will provide you with your personal information in a structured, commonly used, machine-readable format.

Right to lodge a complaint

If you have any complaints about how the we handle your personal information, please contact us by email at dataprivacy@hsi.com or by telephone on (800) 447-3177 and we will do our best to assist.

You also have a right to make a complaint to the supervisory authority in your country of residence or employment or place of the alleged infringement. The Information Commissioner’s Office (“ICO”) is the UK supervisory authority for data protection issues. You can contact the ICO:

by Telephone:               0303 123 1113 or 01625 545 745

or in writing to:       Information Commissioner’s Office (ICO)

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

or via their website: https://ico.org.uk/

This Privacy Policy was last modified on April 10, 2024.