Digital Privacy & GDPR Notice: Hoffman UK
The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.
This privacy notice tells you what to expect when you visit our websites, email us or contact us via social media and what happens to any information we collect about you.
It covers information that could identify you (“Personal Information”) and information that can’t. It also explains :
- what we do with that information
- who sees it and
- what it is used for (‘lawful bases for processing’)
Who we are:
Hoffman UK is registered in the UK as Company number 04290404.
Our registered office is at Quay House, River Road, Arundel, West Sussex BN18 9DF.
Email addresses ending in hoffmaninstitute.co.uk, hoffmanireland.com or hoffmanprocess.co.uk are monitored by members of the Hoffman team. This includes employees, teachers and contactors working on our behalf, who are all bound by our confidentiality agreement.
You can contact us by email: firstname.lastname@example.org or by phone on +44(0)1903 88 99 90
All visitors to our website are entitled to know that their Personal Information will not be used for any purpose unintended by them, and will not accidentally fall into the hands of any third party.
Hoffman UK takes your privacy and confidentiality seriously. We undertake to preserve the confidentiality of any information provided to us and to comply with UK law, including the EU General Data Protection Regulation (GDPR)
Hoffman UK does not sell or lease information to third parties. We do not share or disclose any information collected through our website, except in the course of our own marketing and to deliver our products and services to you, as set out below.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently (‘functional cookies’), as well as to provide information to the owners of the site.
Hoffman websites use both types of cookies, but we do not use the information collected to find out the individual identities of people visiting our website. If we do want to collect personally identifiable information, we will be upfront about it – we’ll make it clear when we collect personal information and will explain what we intend to do with it.
Here we explain the non-functional cookies we use and why.
Universal Analytics (Google)
The cookies collect information in an anonymous form, including the number of visitors to our websites, where visitors have come to the sites from and the pages they visited. We use the information to help us improve the website and to see whether we have been mentioned in articles or on referring sites that we otherwise might not have been aware of. Click here to read Google’s overview of privacy and safeguarding data
We occasionally run online advertising campaigns to attract visitors to specific pages, events and content on our website. These cookies allow us to display ads that are relevant to specific users and to track whether our campaigns are attracting visitors. Click here to read Google’s overview of privacy and safeguarding data
We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information. Read more at YouTube’s embedding videos information page.
Social Website Cookies
So you can easily “Like” or share our content on the likes of Facebook and Twitter, we have included sharing buttons on our site which may install cookies. The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.
When you make a booking or buy an item from our website, Hoffman UK does not see any of your payment information. To allow payments to happen, we use secure, PCI and GDPR compliant, encrypted third-party services and software that may install cookies: our event booking system (Event Espresso) our payment gateways (Worldpay via Cloudswipe) and shop checkout (PayPal).
Most of these cookies are just required for the payment process to work and don’t remain on your browser once you have left the site. Others do remain on your internet browser. Read more here:
How can I disable cookies?
You can accept, decline, or set your browser to alert you when cookies are sent to your web browser. There are links below that may help if that’s what you want to do – but be aware that certain functions of our site may not work properly if you turn stuff off:
Encryption of Data
We use SSL certificates to verify our identity to your browser and to encrypt any data you give us. Whenever data is transferred between us, you can check that it is done using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
We use a third party provider, Constant Contact, to deliver our regular e-newsletters and marketing emails. You can subscribe to our mailing list by filling in a form online, by calling the office, or by signing up at an event. If not submitted online, your email address will be processed by a member of the Hoffman team. Email addresses and mailing preferences will be stored securely in our Constant Contact account and on Hoffman UK’s database of contacts. We process this data under the legal basis ‘consent’ and use it to market our products and services.
Each marketing email we send offers you the chance to unsubscribe from our mailing lists, and you are always welcome to contact the office and ask to be removed manually.
Event Bookings via SagePay/Barclaycard
The majority of our event booking is done using a hosted software called ‘Event Espresso’ with payment being taken via the payment gateway ‘SagePay’. Event Espresso will ask for the information it needs for your booking to be processed, and your payment details are then taken by SagePay. SagePay services are compliant to PCI DSS level 1; read more here. Once SagePay has processed the payment, your funds are transferred to our merchant account. Hoffman Institute UK merchant accounts are supplied and assessed for PCI/DSS compliance by Barclaycard, and we are registered with their Data Security Manager scheme to ensure our ongoing compliance.
We do not have access to your payment details and they are not stored by us. The information we do see includes your contact details to allow us to process your booking. We collect and process this data under the legal basis ‘contract.’
Purchases via PayPal
Books, Graduate Journal purchases and some event bookings are payable via PayPal. When you pay by PayPal, we do not have access to your payment details and they are not stored by us. The information we do see includes your contact details to allow us to process your purchase. We process this data under the legal basis ‘consent.’ We may also give you the option to sign up for newsletters (see above).
Information collected via online forms
When you register for the Hoffman Process, and for some of our other workshops, we will send you a link to a secure online form, where we ask you to provide further information. These forms are created by us using a form building software called Formstack. Click here to read more about Formstack’s security features.
The information you provide on these forms will be used to help us deliver our courses and training to you, and will be available to members of the Hoffman team and to our teaching team until you have completed the course. Due to the nature of the courses we provide, some of this information may be classed as ‘Sensitive Personal Data’ under GDPR guidelines. We process this data under the legal basis ‘contract.’
We also share information with freelance consultants who we engage for specific services such as finance and marketing. Where this happens, those consultants are contractually bound by confidentiality agreement to Hoffman in order to protect your information. Wherever possible, we will attempt to minimise the sharing of Sensitive Personal Data.
Disclosure of Personal Information
Client confidentiality, safety and integrity is of utmost importance to us and is only ever breached in accordance with the law and in exceptional circumstances, for example if there is reason to believe that children or vulnerable adults may be at risk of harm, or if there is a perceived risk of significant self-harm or suicide.
If you send us a private or direct message via social media, the message will be read by a member of the Hoffman team. All other uses of social media will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.
Use of our websites by children
We do not sell products or provide services for purchase by children, nor do we market to children. If you are under 18, you should use our website only with consent from a parent or guardian.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Our email is run via Gsuite from Google. To read Gsuite’s security policy, click here.
Your data rights
You have rights as an individual which you can exercise in relation to the information we hold about you. They include:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Complaints or queries
Hoffman UK tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Hoffman’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the registered address above.
Access to personal information
We aim to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998 and GDPR guidelines 2018. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to Hoffman UK for any personal information we may hold, please put the request in writing to the address provided above.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes or permanently delete your information.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 2 August 2019.