Data Protection Framework
Hartham Park has completed applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) for all activities related to this website, and these are available upon request from Hartham Park’s Data Manager (see Section 10).
1. Customer and Citizen Data
You may decide to send us your personal information via this website if you are seeking more information, requesting to use our facilities, attend one of our events, or for other similar purposes. Your decision to disclose your personal data to us is entirely voluntary, and by doing so, you are confirming that you provide us with specific consent to use your personal data only for the purposes for which you have disclosed it to us.
Hartham Park may access and use your personal data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) make contact with you, (c) provide services to you, or (d) maintain the operations and security of the website and related services that we provide to you. We will not use your personal information for any other purposes unless we have your specific consent to do so.
We will always handle and store your personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security. This includes the activities and procedures undertaken by our own personnel and authorised third parties (see Section 5 and 6), and the technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our applications, supporting computer systems and premises.
2. Sensitive Personal Data
GDPR specifies a set of personal data categories which are considered to be “sensitive”, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) are available upon request from Hartham Park’s Data Manager (see Section 10).
3. Children’s Personal Data
This website, and any services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact Hartham Park’s Data Manager (see Section 10) immediately so that we can take appropriate action.
4. Customer and Citizen Data Rights
As prescribed within the EU General Data Protection Regulation, you have several rights connected to the provision of your personal data to Hartham Park using this website. These include your rights to request that Hartham Park:
confirms to you what personal data it may hold about you, if any, and for what purposes
changes the consent which you have provided in relation to your personal data
corrects any inaccurate or incomplete personal data which may be held about you
provides you with a complete copy of your personal data for you to move elsewhere
stops processing your personal data, whilst an objection from you is being resolved
permanently erases all your personal data promptly, and confirms to you that it has done so (unless there is a valid reason why we are unable to do this)
To contact Hartham Park, please see Section 10 below.
If Hartham Park does not address your request, or fails to provide you with a valid reason why it is unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via www.ico.org.uk or by telephone on 0303 123 1113.
5. Declaration of Data Sharing
To make an informed decision on whether to provide your personal data to Hartham Park using this website, we need to make you aware of three organisations that comply with a formal Data Sharing Agreement to use your personal data solely for the purposes of delivering services to you:
Hartham Park Limited, who maintains the property and facilities, and the maintenance thereof, and provide serviced office space to tenants.
Hartham Park Management Limited, who provides the supporting services which are available to users of Hartham Park, including reception, catering, IT services and hospitality.
Corsham Institute Limited, a not-for-profit entity which focuses on education and research in the digital society, and provides a digital platform to Hartham Park Limited and Hartham Park Management Limited, which is used by users of Hartham Park.
The activities within which each of these organisations participate have been recorded within the applicable Hartham Park Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) and these are available upon request from Hartham Park’s Data Manager (see Section 10).
6. Declaration of Sub-Processing
To make an informed decision on whether to provide your personal data to Hartham Park using this website, we need to make you aware of three data sub-processors which we use for specific activities related to the operation of Hartham Park and its services, and the details of each are included below.
Squarespace Inc is a provider of website content management services, based in New York, USA. Squarespace has been validated by Hartham Park as compliant with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the EU to the United States.
Salesforce.com Inc is a provider of customer relationship management (CRM) services, based in California, USA. Salesforce has been validated by Hartham Park as compliant with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the EU to the United States.
Docusign Inc is a provider of digital signature and authentication services, based in California, USA. Docusign has been validated by Hartham Park as using Standard Contractual Clauses (SCC) in order to ensure the adequate protection of Personal Data from the UK being processed in the United States, which meets the requirements of the 1995 European Data Protection Directive.
The activities within which each of these Data Processors participate have been recorded within the applicable Hartham Park Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) and these are available upon request from Hartham Park’s Data Manager (see Section 10).
7. Website Cookies
Cookies are small text files sent by us to your computer, or from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or until they expire.
8. External Links
This website may include relevant hyperlinks to external websites not controlled by Hartham Park. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences caused by your use of them.
10. Contacting Hartham Park
The Data Manager
Hartham Park Limited
This version 4.0 was finalised on 17.01.2018.
You are advised to print and retain a copy of this document for your reference.