Privacy and Cookie Policies
Hidden Disabilities Sunflower Scheme Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
1. Information About Us
Hidden Disabilities Sunflower Scheme LimIted.
Registered in England and Wales under company number 12285749
Registered address: Unit 10 Coldharbour Pinnacles Estate, Lovet Road, Harlow, CM19 5JL
Address: Unit 10 Coldharbour Pinnacles Estate, Lovet Road, Harlow, CM19 5JL
VAT number: 355 9344 70
Data Protection Officer: Rob Kelly
Email address: email@example.com
Telephone number: 01279 444 535
Postal Address: Unit 10 Coldharbour Pinnacles Estate, Lovet Road, Harlow, CM19 SJL
2. What Does This Notice Cover?
This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
3. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 5, below.
4. What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 11.
- The right to access the personal data we hold about you. Part 10 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 11 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 11 to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 11.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
5. What Personal Data Do You Collect?
We may collect some or all of the following personal data (this may vary according to your relationship with us):
- Email address;
- Telephone number;
- Business name and nature;
- Job title;
- Payment information;
- Information about your preferences and interests;
6. How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:
- Providing and managing your account.
- Supplying our products and services to you. Your personal details are required in order for us to enter into a contract with you.
- Personalising and tailoring our products and services for you.
- Communicating with you. This may include responding to emails or calls from you.
- Supplying you with information by email that you have opted-in to (you may unsubscribe or opt-out at any time by contacting us to remove your details).
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and telephone with information, news, and offers on our products and services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
7. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- No fixed period, we store data until requested, by you, for it to be removed from our systems.
8. How and Where Do You Store or Transfer My Personal Data?
We will only store or transfer your personal data in the UK. This means that it will be fully protected under the GDPR.
9. Do You Share My Personal Data?
We may sometimes contact with the following third parties to supply products and services to you on our behalf. These may include payment processing, delivery, and marketing. In some cases, those third parties may require access to some or all of your personal data that we hold.
- Sage – Accountancy Purposes.
- MailChimp – Email Marketing Purposes.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 8.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR, as explained above in Part 8.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
10. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 14 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
11. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following:
Email address: firstname.lastname@example.org
Telephone number: 01279 444 535
Postal Address: Unit 10 Coldharbour Pinnacles Estate, Lovet Road, Harlow, CM19 SJL
12. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available on our website, via a link at the bottom of the web page.
Date published: 15.09.2020
Effective: October 6, 2020
At The Sourcing Group (“TSG”), we place a high priority on maintaining the privacy and confidentiality of our customer’s personal information. In order to provide our services to you, we may collect, use and transfer personal information. This notice intends to help you understand our commitment to protecting this information at all times. We are providing this information to describe the information that we may process, and the situations where we may disclose that information to another party. Any questions or comments may be addressed to any member of our senior leadership team at 646-572-7520.
Information we collect
TSG will process our customer’s information for purposes of printing and mailing documents which may or may not contain personally identifiable information as described by the HIPAA standards. We may store certain aspects of this information on a short term basis for purposes of reporting, reconciling, or augmenting the data as part of our standard service offering to our clients. We may keep and present on a temporary basis, composed documents for viewing by authorized representatives of our customers for purposes of review and approval to release the printed output into the mail. In the process of doing so we may have information specific to a medical service or condition of a person and their family, association with providers, financial standing, enrollment status, and other documents as mandated by city, state, and federal authorities. As a print broker, we may enter into contractual relationships with print shops that we will transmit this data to for actual processing. These shops are held to the same exacting standards and agreement that we commit to our customers. All of this information is only collected and used on an as needed basis for the business benefit of our customers and their constituents.
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
Personally Identifiable Information
Personally, identifiable information refers to information that can be used to identify you, such as your name, email address, phone number, address, billing information such as credit card number and billing address etc. In many cases, we ask for this information to provide the service you wish to use. The amount of personally identifiable information that we know about you is entirely up to you. We will only know personally identifiable information if you choose to share this information about yourself; however, some features or services may not be available unless we obtain a certain amount of personally identifiable information.
We may also collect from you the following personal information about your contacts: Name and email address. When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at email@example.com.
How we use the information
We may use this information to Fulfill your order, send you an order confirmation, assess the needs of your business to determine suitable products, send you requested product or service information, send product updates or warranty information, respond to customer service requests, administer your account, send you a catalog, send you a newsletter, send you marketing communications, respond to your questions and concerns Improve our website and marketing efforts, or display content based upon your interests. We may retain your information for as long as your account is active or as needed to provide your services, comply with our legal obligations, resolve disputes and enforce our agreements.
Use of tracking technologies
How we protect your information
In accordance with applicable laws and corporate policies, TSG has a responsibility to protect the privacy of all our customer’s information. We maintain security standards and processes including physical, electronic and procedural safeguards to ensure that any access to personal information is on a need-to-know basis and limited to authorized employees or designees in the performance of fulfillment services which we are contracted for. Some of the procedures we implement are limiting unnecessary printing of documents containing personal information, utilizing secure file transfers mechanism, routine and frequent vulnerability assessments, encryption of any transactional data or output, utilizing locked cabinets for storage of records, and document shredders for proper destruction and disposal of such items when they are no longer needed. We also guard against malicious and unauthorized access by utilizing secure websites as certified by recognized Internet security authorities for our applications, and obtaining and maintaining proper digital certificates to indicate such. If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
Who may receive the information
By entering into a Business Associate Agreement with our clients, we are authorized to use and disclose under the appropriate policies and supervision, any personal information required to provide the fulfilment services we provide. We do not and will not resell any of this information, or provide to a third party for any purposes, unless instructed by our customer in writing to do so. Any and all parties who may see any portion of this information may only do so if it is needed for the performance and quality assurance of their provided function. Any such use will ensure the minimum amount of information is displayed and to perform the function. Any information beyond a name and mailing address that is needed will be encode in such a way as to be illegible to the human eye (e.g. barcodes). Such parties may consist of digital print centers and their supporting staff of QA, Indexers, print operators and inserter operators, offset printers and their staff, mail expeditors, and USPS Postal employees.
TSG is bound by Service Level Agreements, and full transparency to our customers, to disclose any accidental disclosure of personal information that runs counter to the stated goals of this policy. Any disclosure notification will be followed up by a root cause analysis within three days or as defined by an SLA with the customer, whichever is more restrictive. In certain situations, TSG may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Accidental disclosures may occur due to bad data feeds, malfunctioning equipment or faults in programming logic. These can occur at the customer site, or at the print factory. Regardless, of whether a customer believes that they were at fault or whether TSG and its authorized representatives were, TSG will always engage in a root cause analysis for purposes of developing a remediation strategy to avoid the scenario in the future. This is our commitment to our customers for providing a quality service.
Updating, correcting, and deleting personally identifiable information
We strongly believe in providing you with the ability to access, edit, or opt-out of providing personally identifiable information to us. Upon request, TSG will provide you with information about whether we hold any of your personal information. Accordingly, at any time, you may amend, update or delete the information about you contained in any registration profile you have completed with us, including any and all personally identifiable information, by contacting us at the contact information below and we will respond to your request in a timely manner.
The Sourcing Group
TSG RESERVES THE RIGHT AT ANY TIME TO MODIFY THIS DOCUMENT IN ANY WAY TO INCORPORATE OR REMOVE PROVISIONS AS DEEMED NECESSARY TO COMPLY WITH APPLICABLE LAWS, AND TO MAINTAIN A POLICY WHOSE INTENT IS TO OFFER THE BEST OF BREED IN MAINTENANCE OF PRIVACY.