LR pixel

Start typing and press enter to search

Get our Free Change Management Guide Book a Meeting

Privacy Policy

How2-Change is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Act 2018 in the acquisition, processing and disposal of your personal data.

How2-Change is the data controller and is responsible for your personal data (referred to as ‘we’, ‘us’, ‘our’ and ‘ours’ in this notice). This privacy policy describes what data will be collected from you through your use of this website or when you contract with us for use or purchase of products and services. It also relates to our use of personal information you provide to us by phone, social media, in written correspondence (including letter and email), by SMS and in person.

It sets out our commitment to the processing, storage, access and disposal of the data in such a way that your personal data is adequately protected.

Please note that this website is not intended for anyone under the age of 18 and we do not knowingly collect data relating to children through this channel

If you want to request information about our privacy policy or provide feedback regarding this policy, please email our Data Controller at info@how2-change.com or write to The Data Controller, How2-Change, 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB. If you wish to make a Data Subject Access Request, please see the relevant section below for more details.

Your Personal Data

By contacting us, for example by completing a website form, you are showing interest in our products and / or services and consenting to us collecting some personal data from you. We ask for certain relevant information so that we can provide the most suitable and valuable experience for you as we handle your enquiry.

The data we collect about you includes the following, organised by categories:

  1. Identity: Your name
  2. Contact: Your email address and phone number
  3. Company: Your company name, job title and areas of interest
  4. Usage: how you use our website, products and services
  5. Transactional: details about payments from/to you and details of any and all products or services you have purchased from us
  6. Technical: includes the internet protocol (IP) address used when accessing our website
  7. Marketing and communications: your preferences for whether and what type of marketing and communication you’d like to receive from us

All information you provide to us is stored securely on our server and CRM system. Security provisions include antivirus protection, password protection, encryption of laptops/storage devices, dual factor authentication, user access tracking and the ability to wipe data/withdraw access remotely.

Collecting Data

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You are or have expressed an interest which suggests you may become a customer or client of ours
  • You are or have expressed an interest which suggests you may become a supplier or subcontractor to us
  • You’ve made an enquiry to us, whether online or offline by telephone, social media, SMS or other form of written communication including letter and email
  • You’ve expressed interest in attending, or have attended, an event which we’ve organised or promoted
  • You’ve subscribe to a newsletter or indicated that you’d like to receive communications from us.
  • You have applied for a job, associate relationship, apprenticeship or internship with us

We may also receive personal information indirectly, such as in the following scenarios:

  • An employee, associate, apprentice or intern of ours gives your contact details as an emergency contact or a referee
  • A person or legal entity known to us provides us with your information. This might be to support us with client work or because they believe you’d have an interest in our products, services or communications.
  • Where your information is publicly available, and we have reason to believe you might be interested in our products, services or communications.

Use of Data

To the extent permissible under applicable law, we may use your information to:

  • Provide you with information that you have requested about products or services
  • Provide, maintain, protect and enhance our products and services
  • Manage your use of our products and services
  • Monitor measure and improve our content, website, products and services
  • Manage our relationship with you
  • Deliver relevant information which may be useful to you
  • To assist detection, prevention, investigation or remedy any illegal activity

We will only process personal data for the purpose for which it is collected. The purpose is dependent on whether you use our website and / or use our products and services as a client.

We will obtain your specific consent to any other use, unless otherwise required or permitted by law or professional standards. We will not disclose your personal data except as required and permitted by applicable law.

You can request that we stop sending you marketing messages at any time by using the opt-out links and process on any of the marketing messages we send to you.

We will collect and use data in different ways depending on the purpose or activity. For clarity, this is summarised below:

Purpose/Activity Data Basis
Registration of customers, and users of products and services • Identity
• Contact
• Company		 Contractual Performance
Processing and delivery of products and services:
a) Managing payments, fees and charges
b) Collection and recovery of monies owed to us		 • Identity
• Contact
• Company
• Transactional
• Marketing and Communications		 Contractual Performance

To recover past due payments / debts (legitimate interest)
Relationship Management, including:
a) Notifying you about changes to our terms & conditions, cookie policy or privacy policyb) Asking you for feedback		 • Identity
• Contact
• Company
• Marketing and Communications		 Contractual Performance

Legal or Regulatory Compliance

Monitoring of usage of products and services and for the purposes of business development (legitimate interest)
Surveys • Identity
• Contact
• Company
• Usage
• Marketing and Communications		 Contractual Performance

Monitoring of usage of products and services and for the purposes of business development (legitimate interest)
Business Administration (including website management, collection, processing and storage of data) • Identity
• Contact
• Company
• Technical		 Legal & Regulatory Compliance (legitimate interest)

Managing and growing our business (legitimate interest)
Provision of relevant information and analysis of marketing effectiveness • Identity
• Contact
• Company
• Usage
• Technical
• Marketing and communications		 Consent
Data Analysis • Technical
• Usage		 Consent
Products and Services Recommendations • Identity
• Contact
• Company
• Technical
• Usage
• Marketing and communications		 Business Development, and Customer Relationship Management (legitimate interests)

Basis for processing

We will only process your data (which may include providing it to a third party) if we have identified a valid and lawful basis to do so. These are as follows:

  • Consent – whenever possible we will seek to obtain your consent to process your data outside our contractual obligations (as above) unless we have identified a legitimate interest (as below)
  • Contractual – where processing is necessary for contractual performance
  • Legal / Regulatory Compliance – where processing is necessary to comply with the law and / or regulations
  • Legitimate interest – where processing of your data does not, in our reasonable opinion, affect your rights and is appropriate for our interests, e.g. providing updates on products and services or soliciting your feedback 


Sharing Data

We will keep your data within our organisation except where disclosure is required or permitted by law or when we choose to use a third-party service provider (data processors) to supply and support our products, services and communications.

We have contracts in place with all our data processors. They cannot do anything with your personal data unless we have instructed them to do so. They will not share your personal data with any organisation apart from us. They will hold it securely and retain it as instructed. 

Service provider categories where which may receive your personal data

  • Identification and verification providers
  • Banks
  • Accountants
  • Solicitors
  • IT Service Providers
  • 3rd party professionals (e.g. medical professionals)
  • Recruitment service providers

In addition, third parties may provide us with personal data and they should only do so where the law allows them to.

Data Storage

Your data is held by us and our processors in the UK, EEA or in a country where an adequacy decision has been made by the European Data Protection Board (EDPB). Should we choose to transfer your personal data outside of the EEA, we will ensure that all appropriate measures are in place to provide your data with the levels of protection as required under Data Protection Laws.

Applying for work with us

If you apply to work for or with us (directly or indirectly) in any capacity, we may receive data about you from third parties. In addition, we will keep the details of your application and any additional information provided to us by you or others during your application so that we can keep you informed of future opportunities that may be of interest to you. If you do not wish for us to keep your details for this reason, please let us know by contacting us using the details provided in this policy

Data Retention

We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we review the personal data that we hold on an annual basis and remove data that we no longer have a legitimate business interest in maintaining.

Rights

Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (EU) 2016/679, you have the rights as an individual which you can exercise in relation to the information we hold about you.

The GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

How2-Change will endeavour to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage individuals to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body that oversees data protection law – www.ico.org.uk/concerns

To request deletion of your personal data, you should submit a request to info@how2-change.com.

Access

How2-Change tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Act or the Regulation.

You can make a subject access request verbally or in writing. If you make your request verbally, we recommend you follow it up in writing to provide a clear trail of correspondence.

To exercise your right of access, follow these steps:

  1. Identify what personal data you want to access
  2. Make your request directly to How2-Change with the following information
    1. Your name and contact details
    2. Any information used by How2-Change to identify or distinguish you from other people with the same name
    3. Any detail or relevant dates that will help identify what you want
  3. Keep a copy of your request and proof of delivery

You can ask an organisation for access more than once. However, How2-Change may be able to refuse access if your request is ‘manifestly unfounded or excessive’, as defined under the Regulation.

If you are thinking of resubmitting a request, you should think about whether:

  • It is likely that your data has materially changed since your last request
  • Enough time has passed for it to be reasonable to request an update on how your data is being used or the organisation has changed its activities or processes recently.

If you are unhappy with how How2-Change has handled your request, you should make a complaint to us in the first instance.

Having done so, if you remain dissatisfied you can make a compliant to the ICO or the courts.
If an organisation reasonably needs more information to help it find your data or identify you, it has to ask you for the information it needs. It can then wait until it has all the necessary information before dealing with your request.

When it responds to your request, the organisation should provide you with a copy of your data either electronically or in another format, if this is possible.

You are also entitled to be told the following things:

  • What it is using your data for
  • Who it is sharing your data with
  • How long it will store your data, and how it made this decision
  • Information on your rights to challenge the accuracy of your data, to have it deleted, or to object to its use
  • Your right to complain to the ICO
  • Information on where your data came from
  • Whether your data is used for profiling or automated decision making and how it is doing this
  • An organisation may refuse your subject access request if your data includes information about another individual, except where:
  • The other individual has agreed to the disclosure, or
  • It is reasonable to provide you with this information without the other individual’s consent

In deciding this, the organisation will have to balance your right to access your data against the other individual’s rights regarding their own information. In any case, the organisation will need to tell you and justify its decision.

Disclosure

In many circumstances we will not disclose your personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.

Third-parties

Our website links to other social media platforms like Twitter and LinkedIn. If you follow a link from our website to another site or service or allow them to post content on your behalf from our website, this privacy notice no longer applies. We are not responsible for the information handling practices of third party sites or services and we would encourage you to read the privacy notices appearing on those sites.

Changes to this policy

By using this website and associated subdomains, you signify your acceptance of this policy. If you do not agree with this policy, please do not use our website. . Continued use following the posting of changes to this policy will be deemed as acceptance of those changes.

We keep our privacy notice under regular review. This privacy notice was last updated on 17/06/2020

 

Other terms, conditions and policies are below:

Modern Slavery Statement

Cookies Policy

Terms and Conditions

Frequently Asked Questions