« Back

Privacy notice

This Privacy Notice describes how we collect and process the personal data you may provide us when you interact with us through our websites, or by any other means. It also explains how we’ll store and handle that data, and keep it safe.


HR Wallingford Limited is a company registered in England under number 02562099. Our registered office is at Howbery Park, Wallingford, Oxfordshire OX10 8BA, United Kingdom. 

For simplicity, throughout this Notice, "we", "us", "our" refers to HR Wallingford Limited, our parent company, our subsidiary companies and affiliates.

We are committed to respecting your privacy and recognise your need for appropriate protection and management of any personal data you share with us.

We keep our Privacy Notice under regular review and we will publish updates on this web page. This Privacy Notice was last updated 21 May 2018.

How to contact us

If you have any questions regarding your personal data and how we may use it, including any queries relating to this Notice, please contact dataprotection@hrwallingford.com.



From 25 May 2018, our data processing activities will be governed by the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"). For the purpose of the GDPR, we are the 'Data Controller' of all personal data obtained by us as set out in this Notice, because we ultimately determine how your personal data will be handled by us. We are also usually the Data Processor as we will usually process all your data ourselves. Sometimes we may sub-contract some of the data processing and in this case our sub-contractors, who would be our 'Data Processors'.

'Personal data' is any information that can be used to identify you, including your name, e-mail address, IP address, or any other data that could reveal your physical, physiological, generic, mental, economic, cultural or social identity.

If we handle your personal data then you are a "Data Subject". This means you have certain rights under the GDPR in relation to how your personal data is processed, which are set out in this Notice.


How do we collect your personal data?

We may obtain personal data from you in a variety of ways, including when you:

We may also collect personal data while we are establishing a business relationship or providing our services or products through a contractual arrangement.
In addition, we may collect personal data indirectly from public sources, for example news articles or internet searches, and from our clients and partners.


What categories of personal data do we collect?

We may collect the following categories of personal data, either through direct interactions, or from information provided by our clients and partners:


Why do we need your personal data?

We aim to be clear about the personal data we collect and tell you why we need it. This might typically include: 


How do we process your personal data?

We will only process your personal data where we have a legal basis for doing so, as outlined in this Notice, or as we explain to you at the time we collect it. Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.

Your personal data may be shared with third parties, including (but not limited to) the following:

Third parties provide certain services on our behalf. We may provide personal data that we have collected to third party service providers to help us deliver products and services or to manage our mailing lists or surveys.

We are committed to protecting your personal data from loss, misuse, disclosure, alteration, unauthorised access and destruction and to keeping your data secure. We take all reasonable precautions to safeguard the confidentiality of your personal data.

We have strict procedures and security features to prevent unauthorised access of your personal data.


Do we transfer your personal data outside the EEA?

We operate globally and have offices and subsidiaries in locations such as the USA, China, Australia, Italy, India, UAE and Malaysia. For specific situations we may from time to time transfer your personal data from within the European Economic Area (EEA) to our offices outside of the EEA or to other people or companies To safeguard your personal data we ensure that all our offices, subsidiaries and affiliates enter into a group data protection agreement which will apply, where your data is transferred to one of them and which puts provisions in place to make sure that when your data is transferred it will be protected in the same way as it is protected before the transfer by us and we aim to put in place a data processing agreement with any third parties which will also ensure similar protection for your personal data. We may also transfer your personal data to countries outside of the EEA to other people or companies for one of the legal bases for processing your personal data as indicated above.
We take steps to ensure that any third parties with whom we share your personal data keep your personal data secure.


What legal bases do we use to process your personal data?

There are four main legal bases that we rely on when it comes to processing your personal data. These are:


What if you don’t supply your personal data?

You are under no obligation to supply your personal data to us. If you choose not to provide the personal data we request when visiting our websites, you will still be able to access parts of the site, but you may not be able to access certain features or services, for example creating an account or submitting an order or enquiry.

If you chose to have a relationship with us, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship, in accordance with this Notice and any additional contractual terms agreed with you.

How do you access and update your data?

Where we collect personal data from you, we want to provide a way for you to contact us should you need to update or correct that information. 

All our marketing emails will contain a link where you can update your details or unsubscribe. Otherwise you can send updates and corrections about your personal data to dataprotection@hrwallingford.com and we will incorporate the changes to the personal data that we hold and do so as soon as practicable.


How long do we retain your personal data?

Different personal data is collected for a variety of reasons, so we cannot definitively set out how long we will retain all personal data in this Notice. 

We will retain your personal data on our systems only for as long as we need it, given the purposes for which it was collected, or as required to do so by law.

We keep contact information (such as mailing lists) until a user unsubscribes or asks us to delete their information. If you choose to unsubscribe from a mailing list, we may keep certain information about you so that we can honour your request.


Website visitors

By using our websites or providing us with personal information, you are agreeing to this Notice along with our usage terms and conditions.

You can browse our websites without telling us who you are. If you want to contact HR Wallingford without sharing your personal information, please contact us by post or by telephone.

We may use the personal information you give us via our websites and contact you for marketing purposes by email, where it is in our legitimate interests or if you have specifically provided your consent for us to do so. We will never share your details with other organisations outside of our Group to use for their own purposes, including marketing purposes.

All of our marketing emails provide a clear route for you to opt out and should you wish to change your communication preferences, you can do this at any time, either via the links provided on our marketing emails, or by emailing dataprotection@hrwallingford.com.

Where you receive a marketing email from us, we may collect information to determine whether you have visited our site and which sections you have viewed to enable us to make our communications more relevant for you.

If you do not want us to collect information that shows if you visited our site using links in our email communications, you will need to unsubscribe. We will automatically log this information on our database, and your preference will be maintained on a ‘marketing suppression list’.


Cookies are small text files that are placed on the user’s device (computer or mobile phone) by websites that they visit. We may use ‘cookies’ to identify visits to our websites and track information on how visitors use a site. 

We use Google Analytics (_utma, _utmb, _utmc,_utmz) cookies to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Click here for an overview of privacy at Google.

Payment card information

If you use your credit or debit card to make a payment for an online purchase, for example to register for an event, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. 

Online payments on our websites are carried out using a 'payment gateway’, which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us. Your payment card information is handled by the bank and not processed or held by us. We use WorldPay as our payment gateway.

Payments made by telephone will be processed by staff authorised and trained to see your card details and process payments. All card details and validation codes are securely destroyed once your payment has been processed. 

If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. 


Our websites contains links to third party websites. When you visit external websites please read their privacy policies carefully. We accept no responsibility for external websites.

Automated decision making

We don’t make decisions based solely on automated decision-making.


Your rights

As a Data Subject, you have the following rights in relation to your personal data:

If you would like to exercise any of these rights, please contact dataprotection@hrwallingford.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
You may contact the UK Information Commissioner’s Office at ico.org.uk to report concerns you may have about our data handling practices.


About HR Wallingford