In order to deliver a membership service like the Knowledge Hub, we must be able to contact you with respect to service issues and changes. For that reason we will store your membership and contact information for the life of your membership, and use them in relation to your membership. This and other uses of your data are covered by the new GDPR regulations.
This page outlines Highpoint’s use of personal data, outlines your rights under the General Data Protection Regulation (GDPR), and tells you how to exercise your rights. There is a lot here, so you can skip straight to any section
What is GDPR and why does it matter
Highpoint’s use of personal data
Highpoint, as a business-to-business organisation, mainly holds and processes records of business contacts for individuals as representatives and agents of its business customers. These are personal data for the purposes of GDPR. In addition, Highpoint has online services and sales platforms that requires business contact information, and payment details Potentially individuals may elect to use personal (as opposed to business) contact details.
Highpoint’s use of any personal data must be legitimate either because it is used exactly and only in the way you would expect for us to carry out a contract, process a sale or the delivery of services (these would be considered as contract or legitimate interest under the GDPR definitions of lawful basis), or because you have explicitly and separately consented to us using your data for a particular purpose, for example a mailing list for receiving emails from us.
Example 1: Holding your contact details in order to communicate with your during the execution of a consultancy project is considered as a legitimate interest, in that we are using your details only and exactly as you would expect for us to carry out our work. If however we want add you to our newsletter mailing list, we would require a separate and explicit consent from you.
Example 2: if we were to share your data with another organisation, we would need your consent, unless it is as expected in order to carry out a process. For example, if you are purchasing a training manual through our online shop, sharing your data to process a credit card sale with an online card provider would count as legitimate interest, that is, it is necessary to carry out the expected transition, and does not compromise your privacy. However sharing your contact details with a marketing company would require an explicit consent from you for that purpose.
Example 3: If you purchase something from our online shop, or you join our membership site, we may need to contact you to tell you about your purchase, or tell you that a website will be changing or unavailable. These would both be legitimate interest uses of your email address and would not need further consent.
Giving us consent
You may find that if you are already on one of our contact lists, you will receive an email asking you to update your contact preferences, even if you previously did this. This is to ensure that we have your consent to do so. We hope you will want us to keep in touch, and that you trust our respectful use of your data to do so, but the choice is yours. If you do consent to joining our list, you can always opt out by clicking a link on one of the emails, and remove your consent.
Your rights under GDPR
This is a summary of your rights under GDPR and how they relate to Highpoint.
More extensive definitions are to be found at the ICO.
Your right to be informed – this page summarises that way we are approaching use of data, and giving you control of it.
Your right of access – to have access to the information we hold about you, and the lawful basis under which it is used. We can provide you with a copy of data held about you. There will be no charge for individual data access requests, but where demands are unfounded, excessive or repetitive, we will review this.
We will comply within one month. A self-service access to your data will not exist for most of our systems.
Your right to rectification. If we hold inaccurate or incomplete data, you can request that we amend this.
Your right to erasure. You may request that we remove your data. If doing so will compromise our ability to deliver a service you expect us to, or conflicts with other obligations and laws, we will endeavour to have a discussion with you about this.
Your right to data portability – we will provide your data if needed in a format
Your right to object, if you think the lawful basis and justification we use to process your data is unfounded or does not take into account your particular needs for privacy
How to contact us
If you want to ask us anything about how we use your data, or to exercise your rights under GDPR, please contact us at firstname.lastname@example.org
and clearly mark your email GDPR in the subject.