“HAC Group”, “we”, “us” or “our” means HAC and its subsidiaries (including Corrie MacColl Limited).
“Personal Data” means any data relating to an individual who can be identified from that data, or from that data and other information which we have or are likely to have access to (and includes information which our representatives or service providers have). In addition to factual information, it also includes any expression of opinion about an individual, and any indication of our intentions (or the intentions of any other person) in relation to such an individual.
HOW WE COLLECT PERSONAL DATA
These are some of the ways in which we collect Personal Data:s the Data Controller. This means that HeveaConnect is responsible for deciding how we hold and use your Personal Data.
information we receive when you contact us through our website by filling in and submitting the Enquiry Form;
information we receive when you subscribe to our mailing list;
if you are a customer or potential customer, information obtained by us through our business dealings;
if you are a shareholder, information provided by you in connection with your shareholding; and
if you are interested in a career opportunity with us, information provided by you in connection with your application.
TYPES OF PERSONAL DATA WE COLLECT
These are the types of Personal Data that we collect:
Information that you provide to us. The nature of your relationship with us, and the kind of communication that you request from us, will determine the type of Personal Data we may ask for. For example, if you contact us through our website by submitting the Enquiry Form, or if you subscribe to our mailing list, we will ask you to provide your email address, first and last names, job title, name of the company you work for, and the country where you are based. If you are interested in joining our team, we may ask for your education and employment history.
Information that is passively or automatically collected when you visit our website. Such information includes how you arrive at our website, the type of browser and operating system you are using, your IP address, and your clickstream and timestamp information (e.g. the pages you have viewed, the time at which such pages were accessed, and the amount of time spent per page).
HOW WE USE PERSONAL DATA
Personal Data may be stored and used by us for the following purposes:
where we have obtained your specific consent;
if you have subscribed to our mailing list, to send you marketing communications (e.g. press releases, sustainability reports, quarterly reports, annual reports and other publications which we think may be of interest to you);
if you are a customer or potential customer, to administer and manage our business relationship (including performance of any legal agreement between us);
if you are a shareholder, to keep in touch with you in connection with your shareholding;
if you are a job applicant, to assess your suitability for a career opportunity in which you have expressed interest; and
to comply with applicable laws and regulations.
However we use Personal Data, we make sure that such use is lawful. The law allows or requires us to use Personal Data for various reasons. These include:
where we need to perform our contractual obligations;
where we have legal or regulatory obligations to discharge;
where we are required to do so under legal proceedings; and
where the use of Personal Data is necessary to pursue our legitimate interests, such as (by way of a non-exhaustive list):
to detect and prevent fraud and other potentially illegal activities;
to protect our network and information security (e.g. prevention of personal data breaches and cyber-attacks);
to establish, exercise or defend our legal rights; and
to conduct analytics on our website traffic, e.g. pages and links clicked, patterns of navigation, time spent at a page, devices used, location of users, etc.
Some of these grounds for using Personal Data may overlap and there could be several grounds which justify our use of Personal Data.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We may also share Personal Data outside of the HAC Group for the following purposes:
where we are required under law or regulation to disclose Personal Data; this may include (by way of a non-exhaustive list) disclosure in response to a court order, or release of information to a government authority, regulator or law enforcement agency;
to the extent mandated by law for the protection of our legitimate interests; and
in the event that our business is sold or integrated with another business, Personal Data may be disclosed to the prospective buyer and its advisors (who will be bound by appropriate data protection obligations), and will be passed to the new owner when it acquires the business.
Please be assured that we will not sell, rent or give away your Personal Data to third parties for commercial purposes without your consent.
INTERNATIONAL TRANSFER OF PERSONAL DATA
HAC Group is a global business. Our customers and operations are located around the world. This means Personal Data is collected on a global basis, and may be transferred to locations outside of the country where it is collected.
We will always ensure that any international transfer of Personal Data is consistent with legal and regulatory requirements, e.g. (by way of a non-exhaustive list):
where Personal Data is transferred to a country outside of the European Economic Area (“EEA”), such country is recognised by the European Commission as providing an adequate level of protection for Personal Data;
where Personal Data needs to be transferred to a recipient based in a country outside of the EEA which is not recognised by the European Commission as providing an adequate level of protection for Personal Data, we will require such recipient to be bound by standard contractual clauses which are approved by the European Commission for the protection of Personal Data;
where Personal Data is transferred from within the European Union to the United States, the recipient is a certified participant in the EU-U.S. Privacy Shield Framework; and
where Personal Data is shared internationally within the HAC Group, such transfer is subject to Binding Corporate Rules which adequately safeguards the protection of privacy.
HOW LONG WE KEEP PERSONAL DATA
In some circumstances, however, legal or regulatory requirements may obligate us to retain Personal Data for a longer period of time.
You have the following rights in relation to your Personal Data:
require us to rectify your Personal Data if it is inaccurate or incomplete; we may seek to verify any new information provided by you before we rectify our existing records;
where the use of your Personal Data is based on your consent (see section 5.1(a)), you can withdraw your consent at any time; however, please note that we may still be entitled to use your Personal Data if we have another legitimate reason to do so, e.g. for a purpose as described in section 5.2;
where the use of your Personal Data is based on our legitimate interests (see section 5.2(d)), you can object to such use if you believe your fundamental rights and freedoms outweigh our legitimate interests; however, there may be circumstances where we have a legal basis to deny your request;
require us to delete your Personal Data, but only where:
you have withdrawn your consent for us to use your Personal Data (where the use of your Personal Data is based on your consent) (see section 5.1(a));
it is no longer needed for the purpose for which it was collected;
you have successfully objected to the use of your Personal Data (see section 9.1(d)); or
we are required by law or regulation to do so.
However, we are not obliged to comply with your request to delete your Personal Data if we are legally entitled to retain it, e.g. for a purpose as described in section 5.2;
require us to retain but not use your Personal Data; note, however, that this right is only available to you where:
you dispute its accuracy, and we are verifying it (see section 9.1(b));
its use is unlawful, but you do not want us to delete it;
it is no longer needed for the purpose for which it was collected, but we still need it to establish, exercise or defend our legal rights; or
you have raised your objection to the use of your Personal Data, and we are verifying whether we have a legal basis to deny your request (see section 9.1(d)).
Nonetheless, we are legally entitled to continue to use your Personal Data following a request by you not to use it, where:
we have your consent;
we need to do so in order to establish, exercise or defend our legal rights; or
we need to do so in order to protect the rights of another natural or legal person;
where you have given us your Personal Data, require us to provide such data to you in a structured, commonly used and machine-readable format, or transmit such data to a third party where this is technically feasible; note, however, that this right is only available to you where:
the legal basis for processing your Personal Data is either your consent or the performance of a contract with you; and
such processing is carried out by us using automated means (i.e. excluding paper files);
where your Personal Data is transferred outside of the EEA, require us to provide information on the safeguards under which such information is shared; and
to lodge a complaint with your national data protection supervisory authority about how we use your Personal Data; we ask that you please speak with us first to resolve any issues, but you have the right to contact your national supervisory authority at any time if you wish to do so.
To exercise your rights, you may contact us at any time using the contact details provided in section 10. We may need to ask you for proof of identity when you contact us, so that we can be sure that your Personal Data is not disclosed to any person who has no right to receive it.
CORRIE MACCOLL LIMITED
Bishopsgate House 5-7
Folgate Street London E1 6BX
The person above is also our Data Protection Officer for the purposes of the Singapore Personal Data Protection Act 2012,
If you have any concerns about how we use your Personal Data, please contact us in the first instance and we will do our best to address your concerns as quickly as possible. You may also lodge a complaint with your national data protection supervisory authority at any time if you wish to do so (see section 9.1(i)).