We, Heruon Limited ("HERUON"), do not sell goods or provide services for monetary consideration directly through our website. In using our website, you agree to take notice of the following:
To use the website in any manner to promote advertising or to raise money from advertising.
************************* End of Terms of Use **********************************
This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.
By the nature of our business and the fact that we are not providing services to the general public, there is not likely to be very much personal information, other than the contact details you choose to share with us, arising when a potential client, invariably a business or public sector body, makes contact with us or decides to use our services. Should the contact lead to an engagement or agreement between us, this privacy policy may be supplanted in part or in whole by the terms of such agreement.
In the course of our business, we rely on several of the legal bases set out in article 6(1) of the GDPR and UK-GDPR for processing data:
This is the legal basis, applicable in UK and EU, on which the details below rest.
Heruon Limited is the controller for the personal information we process where you use this site or make direct contact with us, unless otherwise stated.
There are many ways you can contact us, which may include by phone, email, live chat and post.
Our postal address: 7 Balloo Court, Bangor BT19 7AT
Telephone number: 028 9189 7576
Email: info@heruon.com
For general contact please use: info@heruon.com.
Our Data Protection Officer is Francis Howard. You can contact him at francis@heruon.com or via our above address. Please mark the envelope 'Data Protection Officer'.
Under UK and EU data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
You have the right to ask us for copies of your personal information. This right applies with very few exceptions.
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
You have the right to ask us to erase your personal information in certain circumstances.
You have the right to ask us to restrict the processing of your information in certain circumstances.
You have the right to object to processing if we are able to process your information because the process is not in our legitimate interests.
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Please contact us at info@heruon.com if you wish to make a request, or contact our helpline on 028 9189 7576.
Our policy is to store your data only for as long as we have need of it. If, for example, you notify us that you have retired, we would, normally, delete your personal data. The only exception to this is where we are required by law to keep data for specified periods of time where, of course, we would not be able to delete data before the expiration of such periods. We regularly review our data retention to identify opportunities to delete superfluous data so that we are not keeping data for unnecessarily long periods. We do not share (except as may be required by law), market or sell your data.
We may use data processors who are third parties who provide elements of services for us. If this arises, we will have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
In some circumstances, we are legally obliged to share information. For example, under a court order or where we are obliged to cooperate with authorities in handling complaints or investigations. In any scenario, we'll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.
Where we provide links to websites of other organisations, or where we act as a processor for other data controllers this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at info@heruon.com and we'll respond within 30 days.
If you are dissatisfied you may complain to the ICO
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Helpline number: 0303 123 1113
They also have a contact page on their website: ico.org.uk
We'll tell you:
Most of the personal information we process is provided to us directly by you for one of the following reasons:
We don't audio record any calls, but we might make notes to help us answer your query. Other staff may also listen in during your call to assist or for training or quality assurance purposes. We would normally inform you when other parties are able to listen to your call.
We may hold statistical information about the calls we receive for a number of years, but this does not contain any personal data.
If you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry. We suggest you familiarise yourself with the privacy information of that platform.
Transport Layer Security (TLS) encrypts and protects email traffic. Most webmail such as Gmail and Hotmail use TLS by default.
We'll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.
You may send us personal information by means of postal delivery that needs a response from us, we may process it in our case management system as an enquiry. We suggest you familiarise yourself with the privacy information of that platform.
We meet visitors at our offices, including:
If your visit is planned, we'll send your name and visit information to reception before your visit – so that we may print a personalised badge for your arrival.
If you arrive without an appointment, you may be given a generic visitor badge.
You should wear a pass throughout your visit. Personalised badges will be destroyed when you leave the premises.
We may ask all visitors to sign in and out at reception and show a form of ID. The ID is for verification purposes only, we don't record this information.
If we do collect personal data through our website, we'll be upfront about this. We'll make it clear when we collect personal information and we'll explain what we intend to do with it.
We use a cookies tool on our website to gain consent for the optional cookies we use.
Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.
You can read more about how we use cookies, and how to change your cookies preferences, on our Cookies page.
We use a third-party web application firewall from Fortinet to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected.
The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users.
What are your rights? - please see 'Your rights as an individual' above.
As we are processing your personal data for our legitimate interests as stated above, you have, nonetheless, the right to object to our processing of your personal data.
Closed-circuit television (CCTV) operates both inside and outside the building for security purposes. The information is viewed by us is on a live feed and we don't normally record it.
The purpose for processing this information is for security and safety reasons.
We have Wi-Fi on site for the use of visitors. We'll provide you with the address and password.
We record the device address and will automatically allocate you an IP address whilst on site. We may also log traffic information in the form of sites visited, duration and date sent/received.
We don't ask you to agree to terms, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don't ask you to provide any of your information to get this service.
The purpose for processing this information is to provide you with access to the internet whilst visiting our site.
We sometimes record audio and video of training sessions delivered by external training providers for distribution to staff not in attendance. We don't do this without the prior agreement of the training provider and no recordings are shared externally.
For information about how long we hold personal data, see our retention policy.
When you contact us to make an enquiry, we may collect information, including your personal data, so that we can respond to it and fulfil any regulatory responsibilities.
We need enough information from you to answer your enquiry. If you telephone us (or we telephone you), we won't make an audio recording of it and we won't necessarily need to take any personal information from you. But in certain circumstances we may make notes to provide you with a further service as required.
If you contact us via email or post, we'll need a return address for response.
We'll set up a case file on our case management system to record your enquiry and so we can get it to the correct area of the business to be dealt with. We'll also keep a record of our response. We use the information supplied to us to deal with the enquiry and any subsequent issues that may arise, and to check on the level of service we provide.
For information about how long we hold personal data, see our retention policy above.
We are acting in our pursuit of our lawful business interests to respond to your enquiry, so you have the right to object to our processing of your personal data. Please see 'Your rights as an individual' above.
Do we use any data processors? Only in terms of those providing internet services and data storage services.
This explains the purpose and lawful basis for processing any data that you provide.
Our purpose for processing this information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.
If you provide us with any information about reasonable adjustments you require under the Equality Act 2010, the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.
The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the UK GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA 2018 which again relates to processing for employment purposes.
We process information about applicant criminal convictions and offences. The lawful basis we rely upon to process this data are Article 6(1)(e) for legitimate business interests. In addition, we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).
What will we do with the information you give us?
We'll use information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide with any third parties for marketing purposes.
We'll use the contact details you give us to contact you to progress your application. We may also contact you to request your feedback about our recruitment process. We'll use the other information you provide to assess your suitability for the role.
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.
The information we ask for is used to assess your suitability for employment. You don't have to provide what we ask for but it may affect your application if you don't.
We will use any feedback you provide about our recruitment process to develop and improve our future recruitment campaigns.
You can submit your application to us without the need to create an account.
We may ask you for your personal details including name and contact details. We'll also ask you about previous experience, education, referees and for answers to questions relevant to the role. Our recruitment team will have access to all this information.
You may also be asked to provide equal opportunities information. This is not mandatory – if you don't provide it, it won't affect your application. We won't make the information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics.
Our hiring managers may shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.
We may ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by us.
If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we may proactively contact you should any further suitable vacancies arise.
If we make a conditional offer of employment, we'll ask you for information so that we can carry out pre-employment checks. You must successfully complete preemployment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in the United Kingdom, and seek assurance as to their trustworthiness, integrity and reliability.
You must therefore provide:
We'll contact your referees, using the details you provide in your application, directly to obtain references.
We'll also ask you to complete a questionnaire about your health to establish your fitness to work.
We'll also ask you about any reasonable adjustments you may require under the Equality Act 2010.
If we make a final offer, we'll also ask you for the following:
Some roles require a higher level of security clearance – this will be clear on the advert or job description (or both). If so, you may be asked to submit information to the appropriate public body that checks people for this purpose. We are a certified Commercial and Government Agency Entity (CAGE and NCAGE), and we are required to take certain measures to conform to that status.
If you are not cleared by that body, we will not be told the reasons but we may need to review your suitability for the role or how you perform your duties.
Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest If you complete a declaration, the information will be held on your personnel file. You will also need to declare any secondary employment.
We may offer opportunities for people to come and work with us on a secondment basis. We accept applications from individuals or organisations who think they could benefit from their staff working with us.
Applications are sent directly to us. Once we have considered your application, if we are interested in speaking to you further, we'll contact you using the details you give.
We may ask you to provide more information about your skills and experience or invite you to an interview.
If we do not have any suitable work at the time, we'll let you know but we may ask if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you say yes, we'll keep your application for six months.
If you are seconded to us, you will be expected to adhere to a confidentiality agreement and code of conduct, which will be agreed with your organisation.
We do not provide services directly to children or proactively collect their personal information.
To develop, test and improve our products, services and website: we will use your information about how you use our products, services and website to improve the user experience for our users, for example to ensure we are offering appropriate features, supporting appropriate browsers and devices and to ensure our website content is presented in the most effective manner. We do this on the basis of your consent to our use of cookies and in accordance with our legitimate interests of developing our existing products, services and website, understanding how we can continue to improve them, and creating new products and services.
Monitoring and enforcing our rights: we may use your information to ensure that you are using our products and services in accordance with the terms on which they are supplied, and to enforce those terms, our website terms of use, or other relevant agreements that we have with you, in accordance with our legitimate interests of being able to enforce our rights.
Legal requests: we may need to use your information to comply with a legal obligation such as to respond to a court order or a request from a supervisory authority or government, or to prevent fraud.
Notifications: we will use your information to send you communications which are required by law or to notify you of changes to our terms or this privacy policy, or changes (permanent or temporary) to our products or services. Such messages will not include any promotional content. Depending on the nature of the communication we may do this on the basis of performing our contract with you or complying with our legal obligations.
Surveys and feedback requests: we may use your information to invite you to participate in surveys run by us on our own behalf, for example to invite your feedback on our products, services and website. These communications will not contain any promotional content and will be sent on the basis of our legitimate interests of improving our products, services and website. However, if you would prefer not to receive such communications, please contact us at: info@heruon.com.
Marketing: we may use your information to provide you with information about our products and services, offers and events that we consider may be of interest to you. This information will relate to our own products and services only, and we will not provide your information to third parties for marketing purposes. We send these communications either on the basis of your consent (where you have specifically consented to receiving such communications) or in accordance with our legitimate interests of growing our business.
You may stop receiving marketing communications from us at any time. To withdraw your consent or to opt-out of receiving marketing communications, you may contact us at info@heruon.com or follow the unsubscribe instructions contained in the communication itself.
Legal Basis. If you have any questions about or require further information concerning the legal basis on which we collect and use your information, including regarding our legitimate interests, please contact us.
We will only disclose your information in the circumstances below:
Our service providers: we may disclose your information to our third party service providers. In each case we have agreements in place with the service provider to ensure that they provide appropriate protection for your information and to ensure that they are only permitted to use your information in accordance with our instructions and as necessary to provide the relevant service to us.
For example, we may engage third parties to provide the following services:
Professional advisers: we may need to disclose your information to our professional advisers, including our lawyers, bankers, auditors and insurers.
Compliance with legal obligations and enforcement of our rights: we may also have to disclose your information if this is reasonably required to:
comply with any applicable law, regulation or legal process or to respond to a request from a government or a regulatory body.
enforce our agreements, policies and website terms of use.
protect the security or integrity of our products and services.
Other users within your organization: where your organization purchases products or services from us covering multiple authorized users and contacts, we may disclose your information to other users within your organization, for example to verify licensing and billing information.
This privacy policy covers our products, services and website. Our website may contain links to and from third party websites. The information practices and the content of such other websites are governed by the privacy policy of that website. If you click on a link to those websites, you will leave our website to go to the website that you selected. Please note that we cannot accept responsibility or liability for any use of your personal information by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as us. We encourage you to review the privacy policies of any third party before you submit any personal data to them.
If you wish to update, amend, correct or request deletion of your personal information you may do so by emailing bence@heruon.com. We will respond to your request within one month.
Your right to access - at your request we will provide you with information about whether we hold any of your personal information and provide a copy of this information to you. To request this information please contact bence@heruon.com. You may update, amend, correct or request deletion of your personal information as described above.
If you are from the EEA or the UK you may have the right to exercise additional rights available to you. Please refer to the section Your Rights as an Individual above.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. In the UK, this is the Information Commissioner's Office. https://ico.org.uk/ A list of EU Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
We will retain your information for as long as needed to provide our products or services or otherwise fulfil the purposes described in this policy, including for the purposes of satisfying any legal, accounting or reporting requirements. If you wish to delete your personal information at any time, please contact bence@heruon.com. If we are unable to comply with that request, for example because we need to retain some or all of your information to comply with a legal obligation, we will let you know and will explain why.
We take the security of your information extremely seriously and our information security policies and procedures follow industry best practice.
All information that you provide to us is stored on secure servers. When you enter personal information within a customer login area of the site, we encrypt that information using transport layer security (TLS). Where you use a password to access certain areas of our website and services you are responsible for keeping this password confidential.
Your information may also be processed by some of our third party service providers which may operate outside of the EEA or the UK and therefore in countries which may not provide for the same level of data protection as the EEA. Whenever we transfer your information out of the EEA or the UK, we ensure that a similar degree of protection is afforded to it, for example by putting in place appropriate contractual terms including where relevant standard contractual clauses.
We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will post a notice on the homepage of our website, the login screens for our services, and/or we will send an email notification to our account holders. We will also keep prior versions of this policy in archive for your review.
Last updated 5 July 2023