Definitions

We, us, our, Honeystone – means Honeystone Consulting Ltd

“Personal data” (1)  - means data which relate to a living individual who can be identified – (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.  More information can be found at the Information Commissioner’s Office (ICO) website. 

“Data processor” (1) - in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

”Data controller” (1) - means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed

“Sub-processor” (1) – means a third party data processor engaged by the data controller who either has or potentially has access to data which may include personal data.

“Processing” (2)- in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:

a) organisation, adaptation or alteration of the information or data,

b) retrieval, consultation or use of the information or data,

c) disclosure of the information or data by transmission, dissemination or otherwise making available, or Data controllers and data processors 20140506 Version: 1.0 5

d) alignment, combination, blocking, erasure or destruction of the information or data

“IaaS” - Infrastructure as service - is an internet cloud computing service which provides visualised computing resources such as web servers.

“PaaS” - Platform as a service – is a cloud computing model whereby a provider delivers both hardware and software tools, normally to enable users to develop applications over the internet.

“SaaS” - Software as a service – is where a third-party provider hosts software applications to make them available over the internet to customers.

“the Services” - services operated and provided by Honeystone Consulting Ltd (the Service) including the following websites.

  • honeystone.com

This excludes websites and services where the mechanism is provided by Honeystone but the service is operated by one of our customers.

Applicable Data Protection Law for GDPR

For the purpose of the General Data Protection Regulation (EU) 2016/679, the data controller is Honeystone Consulting Ltd, a private limited company registered in England and Wales with company number is 4895357 whose registered office is Courtleigh House, Westbury Leigh, Westbury, Wiltshire, BA13 3TA, United Kingdom.

Our use of your personal data is governed by the EU General Data Protection Regulation (GDPR), relevant UK and EU legislation, our duty of confidentiality and your preferences.

We are committed to preserving the privacy of all users of the Services. Please read the following privacy policy carefully to understand how we use and protect information that you provide to us.  If you have any queries about the information we hold about you, please write to or contact our Data Protection Officer on 01373 710 810 or info@honeystone.com.

By using the Services you agree to our collecting, using and disclosing of your information under the terms of this privacy policy. Please be aware that if you follow a link from one of our websites to another website this policy may no longer be applicable. Honeystone Consulting Ltd is not responsible for the information and data handling practices of other websites and we encourage you to read the privacy policies displayed on those websites.

If you do not agree with this privacy policy you should not use the Services.

Changes to this policy

We keep our privacy policy under regular review, and we endeavour to notify of any updates here. This privacy policy was last updated on the date displayed below this policy.

This policy is subject to change at any time without prior notification and your continued use of the Services, following such changes, will be deemed your acceptance of those changes.

How we use your information

Our primary goal, in collecting your personal information, is to provide you with a smooth, efficient and personalised experience and to help us develop better services and products.

We will only collect information about you if we have a proper reason for so doing, for example:

  • To comply with legal regulations
  • For our legitimate interests
  • When you have given consent

We may, with your consent, also collect some anonymous information about you. This information may be collected for a variety of reasons. Most commonly, it is used in conjunction with third-parties, such as Google, to generate statistics about how visitors use our website, which we use to help improve your experience and MailChimp to help develop mailing lists and send out newsletters.

Most web browsers accept cookies by default, but normally, this can be turned off.

Information we may collect about you

We do not automatically collect any personal information, but you may choose to provide us with personal information for many reasons. You may, for example, choose to; subscribe to our newsletter, register an account on our website, respond to a survey or fill out a form. Any personal information you voluntarily provide us, through our website, for any reason, will be collected. 

This may include the following:

  • Information provided through your completion of our on-line website forms, website registration or from any email you send to us, including; your full name, company, job title, home or work address, contact telephone numbers and email address.
  • Information relating to the matter on which you are seeking our services or the work we are undertaking for you
  • Information provided when subscribing to our the Services, email notifications or newsletters, including; your full name and email address
  • Information provided through job applications, such as your CV
  • Demographic information, including; your location, preferences and interests
  • We may collect information about you if you contact us offline, for example by telephone, fax, email or post
  • We may obtain a record of website statistics about use of the Services but not in a format which identifies any individual
  • Any other information you choose to provide us.

Cookies

Cookies are small text files which are transferred from a website and stored on your computer’s hard drive. They enable a website to remember who you are and correctly load any preferences you may have previously stored, or automatically log you into your account.

Cookies also enable us to analyse your usage of our website, so that we can generate statistical data to help us improve your experience. All data collected with the aid of these 'tracking cookies' is completely anonymous.

Our cookie policy covers the cookies we use and their purposes in more detail.

Your information

Honeystone Consulting Ltd is entered in the Register of Data Controllers and our registration number is Z8294686

We will allow third party providers who supply IaaS, PaaS and SaaS to us or who process such information on our behalf incidental access to your information.

It is your right to opt out of receiving any marketing material from us at any time.

We will disclose your information when required to do so by law. We may disclose your information to law enforcement and/or government agencies.

Where purchases are made from Honeystone Consulting Ltd via shopping cart, download IaaS, PaaS or SaaS service, and paid for online any credit or debit card details will be collected directly by a payment provider and passed to your card issuer and/or bank. We will also use the relevant information you provide to us to fulfil your order but we do not directly collect or hold credit or debit card details.

We primarily store your data electronically but in some cases may also store your information on paper at our offices.

The information (including personal data) that you provide us may be transferred to, and/or stored at, a location outside the European Economic Area (EEA).

It may also be accessed by support (or other) staff located outside the EEA who work for us or one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing outside of the EEA.  

We will take all reasonable steps to ensure that your data is treated in accordance with this privacy policy and is only transferred in full accordance with UK and/or applicable EU data protection law.

The Services and websites are inherently accessible via the internet and may potentially be accessed by any user around the world including from outside the EEA. Therefore your data could be accessed from anywhere around the world and a transfer of your data outside of the EEA may be deemed to have occurred. By using the Services you therefore consent to such a transfer of your data.

In the event that personal data pertaining to an EU citizen is transferred outside of the Europe Economic Area it will be processed only by entities located in a country or territory recognised as having an adequate level of protection by the European Commission or have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or other binding corporate or contractual rules.

Where you have been given or have created a password to access the Services or websites it is your responsibility to keep this password secure and confidential. Do not share any password with anyone including us.

We take security seriously and have procedures and practices in place to try and keep your data secure, as possible. However we cannot foresee all potential breaches and vulnerabilities and therefore cannot guarantee absolute security of your data.

By providing us with your personal information you are accepting responsibility and the data is provided at your own risk.

Right of erasure

You have the right to request that we erase your personal data verbally or in writing. We will respond within one month. 

The right is not absolute and only applies in certain circumstances.

IaaS (Infrastructure as service), PaaS (Platform as a service) SaaS (software as a service) and sub-processors

We only use IaaS, PaaS and SaaS vendors who operate in countries covered by the EU GDPR directive or the EU-US Privacy Shield.

Links to the privacy policies of the IaaS, PaaS and SaaS vendors we use regularly or occasionally can be requested at the contact details above.  For security purposes we will carefully consider if the request is appropriate and will respond within one month.

In some cases data vendors will access data directly or decide how that data is processed or presented within the IaaS, PaaS or SaaS. For the purposes of GPPR data vendors should therefore also be considered as data processors or sub-processors.

Third party and linked websites

The Services contain links to and from third party websites partners, suppliers, networks, forums advertisers, affiliates and other sites. When following a link to any such website, please be aware that they have their own privacy policies. You are responsible for checking the privacy policy of any third party websites we link to.  We do not accept any responsibility or liability for the content or privacy practices of any such third party websites.

Data breaches

Data beaches will be reported to the Information Commissioners Office (ICO)  where these result in risk to the freedom and/or rights of individuals within 72 hours. Serious breaches which warrant public notification will be notified without delay.

ICO sourced definitions

Source - Information Commissioner’s Office, [https://ico.org.uk on 9th May 2018], licensed under the Open Government Licence.

Source - Information Commissioner’s Office, [Data controllers and data processors 20140506 Version: 1.0, on 9th May 2018], licensed under the Open Government Licence.

Updated 18th May 2018