This is Hackford Data Ltd's Privacy and Data Policy, which details how we handle personal data on our website and in our data products.
This Privacy and Data Policy covers the processing of personal data by Hackford Data Limited ("Hackford", "we", "us") when providing its services to its clients. If you have any questions or comments about this Privacy and Data Policy, please contact us at:
Data Protection Officer: Daniel Robinson
Email address: dan.robinson@hackforddata.com
Hackford Data is dedicated to protecting your privacy. This Privacy and Data Policy outlines how we handle personal data collected from you, public sources, and third parties.
When we determine the purpose or method of processing this personal data, we act as the "data controller." We adhere to all relevant data protection regulations, including the UK GDPR, the Data Protection Act 2018, and the California Consumer Privacy Act (CCPA).
This Privacy and Data Policy covers the following points:
When you contact us through our website regarding our services, any forms you fill out or emails you send may include personal information, such as your full name, email address, the organisation you represent, and the details of your enquiry.
Hackford collects current and historical business information, specifically focusing on business contact details related to individuals operating in the UK financial services sector in a professional capacity. This information is used to compile comprehensive datasets of individuals and business profiles. These curated datasets are provided to our clients—businesses seeking to connect with financial services professionals for B2B sales, marketing, and recruitment purposes.
We also maintain data about your employer, including its name, size, market segment, and website. If you have changed jobs, we may retain information about your previous employers and job titles.
To deliver certain services, Hackford records business email addresses in its database. If a business email address is not available, Hackford may generate one based on the known email structure used by the employer.
We collect personal data from publicly available sources, such as the FCA's Register and Directory, employment and business-oriented social networks, recruitment websites, and company websites.
Individuals included in the Hackford Database can request removal at any time via email or the web. We will process such requests promptly and within any legally required timeframe.
We provide business email addresses in the Hackford Database so that clients can directly approach the individuals to whom those business email addresses relate. Since the communication (by whatever means) of advertising or marketing material directed to particular individuals is defined as "direct marketing" (even if you are not explicitly selling something), you must be compliant with any applicable rules pertaining to email marketing, as well as applicable data protection law. Further, to enable us to support the assessment that the disclosure of such email addresses to you (and your subsequent use of those email addresses) is not unduly prejudicial to the rights and freedoms of the individuals to whom the email addresses relate, you must comply with each of the requirements below.
Clients must use email addresses to contact individuals in a way that is direct and deliberate with content that is relevant to UK financial services businesses.
You must identify yourself in any email you send and include contact details.
You must include in each email a clear and simple way for anyone you email to opt out of your communications.
If someone objects to or opts out of your marketing, you must immediately add them to a 'do not contact' list and stop communications with them. You must screen all your marketing against this list to make sure you don't contact anyone who has opted out.
You must ensure that you are fully compliant with any applicable data protection laws. It is your responsibility to keep up to date with any changes in the law.
Hackford acts as a data controller when collecting and using information about website visitors or when gathering data to create and maintain the Hackford Database and provide services. In no event will Hackford and clients process the Hackford Database data as joint controllers.
When clients use our services, they act as data controllers, responsible for ensuring that the personal information they collect is processed lawfully. In these cases, Hackford acts as a data processor, handling personal information solely according to client instructions. Clients are responsible for determining how they use our services. Clients must ensure that third-party individuals receive appropriate notice about data processing, provide informed consent when needed, and meet all legal requirements for data collection and use.
Clients must also manage data subject rights requests under applicable laws for users and individuals whose data is processed through our services. Hackford's obligations as a data processor are defined in our agreements with clients and are not included in this Privacy and Data Policy.
Where appropriate, Hackford processes your data with your consent. You have the right to withdraw such consent at any time, and we will cease to process data after consent is withdrawn.
Hackford processes personal data where it is in our or our clients' legitimate interest, provided these interests are not overridden by individuals' rights. We have conducted a Legitimate Interests Assessment (LIA) based on guidance from the Information Commissioner's Office (ICO), available upon request.
Our and our clients' legitimate interests include:
We prioritise transparency and respect for individual rights by providing clear privacy information and mechanisms to opt out, ensuring that individuals retain control over their professional data. This processing supports the functioning and growth of the UK financial services sector while balancing individual rights with industry needs.
Hackford may process personal data when it is required to fulfil the terms of a contract with an individual. This processing is essential for meeting our contractual obligations and ensuring that the services or commitments outlined in the contract are delivered.
Hackford may process personal data to comply with legal and regulatory requirements. This includes activities such as preventing, investigating, and detecting crime or fraud, addressing anti-social behaviour, and prosecuting offenders, which may involve collaboration with law enforcement and regulatory bodies.
We may process your personal data for the following purposes:
We may use your personal data within the Hackford Database for the following purposes:
To permanently remove your personal data from the Hackford Database, please contact us using the contact information provided above. We require the details in this form to accurately locate your data within our database and process your request. The information you provide will be used solely for this purpose. We will handle your request as promptly as possible and in accordance with the timelines specified by the UK GDPR.
If you wish to be removed from our mailing list, you can unsubscribe by clicking the "unsubscribe" link at the bottom of any marketing email you receive.
You have the following rights concerning the personal data we process. We aim to respond to your requests without undue delay and within one month at the latest.
To make a request, please contact us using the contact details above, addressed to the Data Protection Officer.
You have the right to request a copy of the personal data we hold about you and to have any inaccuracies corrected. We will make reasonable efforts, as required by applicable law, to provide, amend, or delete your personal data in our records (including notifying any third parties to whom it has been disclosed).
You can request the restriction, cessation of processing, or deletion of your personal data if:
We retain personal data only as long as necessary for the relevant purposes. When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the data, potential risk from unauthorised use or disclosure, the purposes of processing, the feasibility of achieving those purposes through other means, and applicable legal requirements.
We may update this Privacy and Data Policy periodically, especially if required by changes in the law or business practices affecting data protection. Any updates will be posted on our website, and by continuing to use our site, you accept the terms of the revised Policy. We encourage you to review this page regularly.
This Privacy Policy was last updated on 1 November 2024.