Privacy Policy

Harbottle Hughes, trading as Cascade-Risk Management (Harbottle Hughes and references to we, us, and our mean the same) are committed to protecting and respecting your privacy in accordance with all applicable data protection laws, including the EU’s General Data Protection Regulation (GDPR) (referred to collectively in this privacy notice as “Data Protection Law”). Please note that we collect various personal data (meaning any information about you from which you can be identified) from you or about you when you visit our website, procure or use our products and services, and/ or otherwise interact with us. We are a registered with the Information Commissioner’s Office (www.ICO.org.uk).

WHAT’S IN THIS PRIVACY NOTICE?

This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It also explains what rights you have in relation to the personal data we hold about you.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it. You can also page through below to the section most relevant to you:

What personal data will we collect and process from/about you?
What will we do with your personal data?
What cookies does our website use?
Who will we disclose your personal data to?
Security of your personal data
How long do we keep your personal data?
Your rights
Links to other websites
Changes to this privacy notice
Contacting us and complaints

WHAT PERSONAL DATA WILL WE COLLECT AND PROCESS FROM/ABOUT YOU?

Information you give us: You may give us information about you (and/or third parties who you are acting on behalf of, for example, if you are booking a training course for your staff) by corresponding with us by phone, e-mail or otherwise (including in person) or filling in forms on our website. This includes information you provide when you: (i) make an enquiry about any of our services or products or carry out a search of our website; (ii) purchase services or products from us (either for yourself and/or on behalf of third parties); (iii) register for our newsletters and other electronic and postal communications; and (v) report a problem with our website. The information you give us may include your (or a third party’s):

Identity Data: name, profession or job, employer, personal description
Contact Data: address, e-mail address, phone number (including when you contact us by these means).
Financial Data: bank account, and credit/ payment card information and other financial information
Transaction Data: details about your payments to and from you and other details of products services you have purchased from us..

Information we collect about you: With regard to each of your visits to our website we may automatically collect the following information (including through use of cookies):

Technical Data: technical information, including the Internet Protocol (IP) address used to facilitate your connection to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
Usage Data: information about your visit to or use of our websites and traffic patterns, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time); services and/or products you viewed or searched for; length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Information we receive from other sources: We may receive information about you if you are referred to us by CGE Risk Solutions, because we are a VAR of CGE Risk Solutions. In this case, CGE Risk solutions will have informed you when they collected that personal data that it may be shared internally with their partners.

WHAT WILL WE DO WITH YOUR PERSONAL DATA?

We will only use your personal data where Data Protection Law allows us to. Data Protection Law says we can collect and use personal data in the following (applicable) circumstances:

it is necessary for us to be able to perform a contract with you;
it is necessary for our legitimate interests (and your interests and fundamental rights do not override those interests);
if we have your consent (which you can withdraw at any time); or
to comply with a legal obligation (i.e. rules laid down by courts, statute or regulation).

Accordingly, we lawfully use your personal data in the following ways:

To deliver our services

To carry out our obligations arising from any contracts entered into between you and us we need your Identity and Contact Data to register you as a new customer and to manage our relationship with you, and, your Financial and Transaction Data (as applicable) to process and deliver your request. Therefore, we use this data on the basis that it is necessary for us to be able to perform our contract with you (i.e. the terms and conditions of the relevant services) and for our legitimate interests of delivering the services in this way.

Business development

We use your Identity, Contact, Usage and Transaction Data in order to develop an understanding of the services and products that may be of interest to you (including by reference to those that you have already purchased or enquired about). Therefore, we use this data on the basis that it is necessary for our legitimate interests in developing and improving our services and to inform our business strategy and provide you with relevant information. We also use certain Usage Data to measure and analyse the behaviour of visitors to our website and traffic patterns by using cookies, and we will seek your consent to such use where we are legally required to do so. We use certain third-party applications to help us do this. For example, we use Google Analytics (http://google.com/analytics), a service which analyses website traffic data and webpage usage. Google Analytics does not identify individual users or associate your IP address with any other data held by Google (see www.google.com/policies/privacy/partners/ for more information).

Marketing and other communications

We may also wish to provide you with the information about services or products we feel may interest you. We will always give you the option to provide opt-in consent to receive different kinds of marketing communications from us or third parties or you can decide not to do so.

OPT-ING OUT: You can withdraw your consent or opt-out of any type of marketing communication from us at any time by following the instructions provided to you in the relevant communication (for example, the ‘unsubscribe’ link in an email) or you may contact us at in.fo@cascade-risk.com

Note that even if you do not provide your consent, or subsequently withdraw it, in respect of marketing communications we will still need to send you communications in respect of our services and your contracts with us.

Website/ business administration

We use Identity, Contact and Technical Data to maintain our website and for internal operations, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. We use this data on the basis that it is necessary: (a) for our legitimate interests: running our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and (b) to comply with a legal obligation.

We also use Technical and Usage Data to improve our website to ensure that content is presented in the most effective manner for you and for your computer and allow you to participate in interactive features of our service, when you choose to do so.

Other purposes

We could have to use your personal data in connection with legal and regulatory matters such as our maintenance of business records, compliance with external reporting requirements and internal policies and procedures and responses to requests by government, law enforcement, regulators, courts, rights holders or other third parties including in respect of the use or misuse of intellectual property, such as our brand or media rights, or those of our licensees/ commercial partners or their parties. Therefore, we use this data on the basis that it is necessary both for our legitimate interests in protecting, defending and enforcing rights and interests in this way and also so that we can comply with legal obligations.

What if you do not want to share your personal data?

Unless otherwise specified above, generally we only collect your personal data on a voluntary basis.

WHAT COOKIES DOES OUR WEBSITE USE?

Our website uses cookies to helps us improve our business, services and our website which also helps us to provide you with a good and tailored customer experience. For detailed information about cookies and the purposes for which we use them see our Cookie Policy.

WHO WILL WE DISCLOSE YOUR PERSONAL DATA TO?

We will not provide your data to third parties for direct marketing purposes. Nor will we provide your personal to third parties, unless this is necessary for performing the agreement you have made with us or is required by law.

Business sale: we may have to share certain personal data if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

Notwithstanding anything else in this privacy notice, we may share aggregated or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual and individuals cannot be re-identified.

SECURITY OF YOUR PERSONAL DATA

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.

Once we have received your personal data, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (a Data Security Breach). In addition, we limit access to your personal data to those within the company who have a business need to know. They will only use your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Data Security Breach and will notify you and any applicable regulator where we are legally required to do so.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

In accordance with the principle of data minimisation and storage limitation, we try to ensure that we don’t process more personal data than we need, and that we don’t store it for longer than we need it.

If you have provided us your contact data because you are interested in our products or services, we will keep this information for that purpose, until you ask us to remove your data.

To determine the appropriate retention period, we review – in addition to the purposes of use and how we can achieve them – other relevant factors such as the nature and scope of the personal data, the potential risks to the individuals to whom the information relates from a Data Security Breach, and the applicable legal requirements, for example the limitation period for which legal claims can be made in court. For example, we need to keep basic information about our customers (including identity, contact, financial and transaction information) for at least six years after they cease to be customers.

YOUR RIGHTS

Under Data Protection Law, you have certain rights (depending on the circumstances) in connection with your personal data:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are using it lawfully, provided always that this does not adversely affect the rights and freedoms of other people.
Request correction of the personal data that we hold about you. Where any of the information we hold about you is incorrect or incomplete we will act promptly to rectify this, including where you have requested us to do so.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to our use (see below).
Object to use of your personal data where we are relying on our legitimate interests and there is something about your particular situation which makes you want to object to our use on this ground.
Withdraw your consent to our use of your personal data. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Request the restriction of use of your personal data. This enables you to ask us to suspend the use of personal data about you, for example if you want us to establish its accuracy or the reason for using it.
Request the transfer of the personal data you have provided, on the basis of consent or for a contract with us, to you or a third party where technically feasible.

LINKS TO OTHER WEBSITES

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. The owners and operators of those Other Sites are responsible for their collection or use of your personal data and you should check their respective privacy policies/ notices if you follow a link to any of these Other Sites.

CHANGES TO THIS PRIVACY NOTICE

This privacy notice was last updated in Sep 24. Any changes we may make to this privacy notice in the future will be posted on this website and notified to you as otherwise required by Data Protection Law.