Us and our contact details.

Parliament Hill Limited act as data controller and our contact details are Parliament Hill Ltd, Britannia House, 21 Station Street, Brighton BN1 4DE. Contact e-mail address for Data Protection requests is andrew@parliament-hill.co.uk.

Main purpose and lawful basis for processing.

Thank you for contacting us and showing an interest in the benefit schemes we set up and manage on behalf of clients.

Any personal details you pass to us during these exchange of ideas will be used to consider the attractiveness for your organisation to set up a benefit scheme which we would manage for you under contract. It is the hope that the outcome will lead to a contract that is our legal reason for holding, controlling and processing your data. This can include any aspect that might be covered under a Benefit Scheme and some aspects that you yourself may raise. This can include discussing opportunities, opt-in permissions and contact preferences.

Personal data you may pass to us is likely to be the names and contact details and their position within or to your organisation. We would expect that in passing us those personal details, that you have the data subject’s permission to do so. When we pass you personal data, regarding people within our organisation or who we deal with, then we will have obtained their permission to do so. Such exchange of personal data will only be used for the purposes of setting up and evaluating the viability of the benefit scheme including all pre-contract negotiation.

You agree that we can combine the personal data you give us with any other publicly available data, and data you provide us with or data that is made available to us because you have provided us with a log in that gives us access to such data.

Legitimate business interests and legal requirements and those possible recipients or personal data.

Below is an example of our and others legitimate business interests and should not be considered an exclusive list.

We would also be handling some of that data for our legitimate business interests. That could include, but is not limited to, the maintenance of legal records, task management, staff training and monitoring, record keeping and reporting back to gave us your contact details, seeking advice from others and or contacting some specific benefit providers in the hope that a specific benefit/deal might be arranged for your organisation and your members. We may use suppliers who provide basic services to us as a commercial business and in providing their services they may have access to certain data either held by us, which they require in providing their service to us or that might pass through them.

If we discuss setting us benefit web pages then we may involve the person we use to set up parts of the benefit web sites who will be acting as our processor when working under our instructions.

We may use IT services to design and set up a log in process or help us with the design of the benefit web site. We may use copy write services for the production of marketing material and financial promotions. We may obtain sign off of financial promotions and benefit pages from benefit providers. In doing these items we may convey, instructions, comments or opinions given by you to us with an identifier as to the source of such instructions, comments or opinions. We may need to contact Benefit Providers in the management and negotiation of Benefits.

Where consent may be involved and where consent is given or obtained.

We do not place a restriction on the category of personal data you wish to provide us with, but we would generally not expect you to provide us with ‘special category or sensitive’ data. If you do, then by providing us that data, we would treat that as you having obtained adequate consent from the Data Subjects for us to process such data during these discussions.

Automated decision making and sending data outside of the EEA.

We do not send data outside the European Economic Area and if we did then we would first seek you consent. We do not use automated decision systems. Log in systems, if managed by us, may include an automated check of log in details.

The period we may store your data or the criteria we may use for storage.

This data will be stored by us for up to a period of 12 months after discussions have concluded if no agreement is reached, or such other times as may be required by law, or regulatory rules. If the benefit agreement goes ahead then that storage period would normally be for the length of the benefit period plus up to a further seven years or such other times as may be required by law, or regulatory rules if longer. Data stored and processed by other data controllers will be stored and processed at their discretion.

Below are your rights in respect of this data.

General rights. Where the law does allow us to charge a fee then we reserve the right to do so.

• You have the right to request why we are holding your data, the categories of data we hold, the purpose of the processing, the categories of the recipients of such data, how long we may hold that data, if automated processing is involved, and the possible source of the data if we did not collect the data direct from you.
• You can ask if any of your personal data is transferred outside of the EEA by us or a processor acting for us.
• You can ask for copies of personal data undergoing processing, where that does not affect the rights and freedoms of others. If you require further copies we can charge you a reasonable fee.
• You can ask us to rectify inaccurate information or change and update any data that we hold about you.
• You have the right to lodge a complaint regarding our processing of your personal data. You can complain to us at our contact address above. You can lodge a complaint with the Information Commissioners Office (ICO) if you feel that we are infringing GDPR rules when handling your personal data. You can find out details about how to raise issues with the ICO from their web site www.ico.org.uk or via their help line 0303 123 1113.
• You have the right to the rectification of any inaccurate personal data we hold about you or to have’ incomplete data’ made ‘complete’ provided the processing requires such completeness.
• In certain cases, listed below you have the right to request the erasure of personal data we hold about you, but such a request would not override our compliance with any legal obligation we have;
  • it is no longer necessary for us to hold such personal data in relation to the purpose for which it was collected,
  • you gave consent and now wish to withdraw that consent and there is no legal grounds for us to continue processing,
  • on the grounds that we do not have a legitimate interest in processing your personal data and that was the legal basis we were using, and can verify that is the case,
  • where we are using your personal data for marketing purposes,
  • the personal data was unlawfully processed, but you can ask us to continue storage of such data if you wish rather than select erasure.
• You have the right to restrict processing, but not continued storage, where the accuracy of the data is contested whilst we verify the accuracy.
• There may be cases where you can request that we transfer some personal data to another controller.
• You have the right to object to a decision based solely on automated decision making or profiling where this is not necessary for entering into or the performance of a contract between us and you or you have already given us your explicit consent and the process has already taken place, but we will where reasonable and appropriate, review any decision made and consider any point of view you make regarding that decision.
• Were we have given the legal reason for processing as your having given us ‘consent’ to that processing, then you can withdraw that consent and after that withdrawal no further processing will take place, but this does not affect processing which is based on other legal grounds.