Privacy Notice
The Hawkins Group is formed of Hawkins & Associates Limited, Hawkins & Associates (Trustees) Limited, Hawkins (International) Limited, Hawkins Forensics Limited, Hawkins Forensics (Europe) Limited, Hawkins Forensics (Ireland) Limited, Hawkins and Associates (Singapore) PTE Limited and Hawkins and Associates (Hong Kong) Limited. This Privacy Notice explains how we collect data from you and how the data is used.
Data Protection Officer-Contact Details
Data Protection Officer
88 Leadenhall Street
London
EC3A 3BP
What information do we collect about you?
- Marketing data including visitors to our website
- Operational data (assignments we are appointed on by our clients)
- Human Resources data
- Shareholder data
- Supply chain partner data
What categories of Personal Data do we hold about you?
The following is a list of the types of personal information held by the Hawkins Group, we will not hold all types of information on each individual.
Clients (Marketing and Operational)
- Name
- Job Title
- Address
- Email address
- Telephone number
- CCTV footage if visiting one of the Hawkins Group premises
- Analytical marketing data from visits to our website, interaction with emails and call to action
Client customers (Insured), Insured’s employees, other claim related third parties, members of the public (Operational)
- Name
- Address
- Email address
- Telephone number
- Gender
- Marital status
- Date of birth
- Insurance policy number
- Claim reference number, policy coverage, details of the claim and possible cause of loss
- Medical records such as health history, personal habits (such as smoking or alcohol consumption) and any information voluntarily provided to us
- Criminal record data
- Photographs and video images
- Relationship to Insured
- CCTV footage (at Hawkins premises or received during an investigation)
- Digital recordings (taken by our employees, via conference call or on site)
Human Resources
- Name
- Address
- Email address
- Telephone number
- Date of birth
- Gender
- Emergency contact details
- Financial, payroll and tax information
- Employment contract records
- Absence records
- Health records
- Performance records
- Recruitment records
- Business travel records
- Training records, compliance with policy and risk monitoring
- Termination of employment records
- Due diligence records (including criminal records check)
- CCTV footage and access control system data at the Hawkins Group premises
- Lone working and International SOS location monitoring
- Microsoft Analytics
Shareholders
- Name
- Address
- Email address
- Telephone number
- Shareholding records
- Bank account details
Supply Chain Partners
- Name
- Address
- Email address
- Telephone number
- Qualifications of employees
Visitors to our Website and Cookies
- Analytical marketing data from visits to our website
- Interaction with emails
- Call to action
Hawkins has a separate Notice which sets out similar information in relation to the cookies that we use on our website, which can be found here: https://www.hawkins.biz/cookie-policy/
How do we collect data about you?
Clients (Marketing and Operational)
- Directly from you when you register for marketing purposes with Hawkins directly or via a third party subscription service
- Submission of Contact Us Form, E-Newsletter and/or Training Forms on Hawkins' websites
- Entry into a competition
- Registration for a webinar
- Directly from you when you place an assignment with us
- Directly from you when you engage with our website and email communications
- CCTV footage from Hawkins’ premises
Insured, Insured’s employees, other claim related third parties, Members of the public (Operational)
- Supplied to us by our client
- Supplied to us by another third party related to the assignment we are appointed on
- Directly from you
- Digital recordings (telephone, conference call or dictation machine)
- Social media platforms
- Digital devices such as: Mobile telephones, tablets, kindles, laptops/desktop computers CCTV, Sat Nav, Wi-Fi routers, USB storage, games consoles, smart watches, social media, GPS devices, smart appliances, motor vehicles, drones.
Where the personal data is provided by our client this will typically be subject to the terms and conditions of your insurance policy, failure to allow us to process the data may lead to you being in breach of the terms and conditions of your insurance policy.
Human Resources
- Directly from you
- Supplied to us by a recruitment agency
- Agencies carrying out due diligence
- Previous employer for reference purposes
- Medical practitioner
- Social media platforms
- Digital recordings (Teams) for training purposes
- Microsoft Analytics
- Business travel agency
- CCTV footage from Hawkins’ premises
- Lone working and International SOS monitoring services
Shareholders
- Directly from you
- By a privileged relation
Supply Chain Partners
- Directly from you
- From your employer
- CCTV footage from Hawkins’ premises
What is our lawful basis for collecting information about you?
For personal data to be processed lawfully in most countries, they must be processed on the basis of one of the lawful grounds stipulated by the applicable law. When sensitive Personal Data is being processed additional conditions must be met.
Depending on your relationship with us, the legal basis for us processing your Personal Data is one of the following:
- Processing is necessary for the legitimate interest of the Hawkins Group to carry out its activities
- Processing is necessary for the performance of a contract (insurance or employment, for example)
- Processing is necessary for compliance with a legal obligation
- Processing is necessary for an insurance purpose
- Processing is necessary for the purpose of legal proceedings
- Processing is necessary for compliance with employment law
- Preventing or detecting an unlawful act
What is our purpose for processing the information and how will we use that information?
Clients (Marketing and Operational)
Data held for marketing purposes is used to make contact with those who may be interested in our services and if you have previously appointed us, to make you aware of other services that we provide. We may analyse your interaction with our website and email communications to provide better marketing and focused communications.
If you are an attendee at one of our webinars we may record these sessions. If a webinar is being recorded we will always notify you in advance. Your name will be shared during the session and will be captured in the recording. You have the option of sharing your image and audio during the session. If you choose to do so, this will be captured in the recording. For recorded events we will email you a link when the event has ended. We may publish the recording on our website and social media channels. If an event recording will be published we will notify you of this.
If we hold your data for marketing purposes you have the right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the Hawkins Group. If you no longer wish to be contacted for marketing purposes please email [email protected].
Client data held for operational purposes is used as part of an assignment we are appointed on.
Human Resources
Data held by our Human Resources team is used to:
- Facilitate our recruitment process
- Manage the day to day operations of our business
- Check you have the legal right to work for us
- Monitor diversity and equal opportunities
- Provide you with access to business services for your role
- Process your salary, pension and other employment related benefits
- Process the administration of statutory and contractual leave entitlement
- Assess performance, training and development needs
- Comply with our legal obligations which includes ensuring the health, safety and wellbeing of our employees
- Assessing compliance with corporate policies and procedures
- Ensure the security of our premises, IT systems and employees
Microsoft analytical data is processed solely for employee personal use to help with productivity, prioritise wellbeing with actionable recommendations such as reserving time for focused work. Analytics data will not be used by Hawkins for any other purpose. As a Viva Insights user, you can opt in and opt out at any time.
Client customers (Insured), Insured’s employees, other claim related third parties, Members of the public (Operational)
Operational data is held to analyse as part of an assignment we are appointed on by a client.
Shareholders
CCTV Footage
CCTV data held by Hawkins’ Group premises is held for security and crime prevention purposes only.
CCTV data may be held to analyse as part of an assignment we are appointed on by a client.
Supply Chain partners
Supply chain data is held for operational purposes and to mitigate any potential risks for Hawkins.Â
Automated decision making or profiling / Artificial Intelligence (AI)
AI is an umbrella term for a range of technologies and approaches that often attempt to mimic human thought to solve complex tasks.Â
Hawkins uses AI and machine learning for data loss prevention purposes. Hawkins may also use generative AI for generic purposes via a chat function in a fully controlled manner. When used in this way, access is only given to data on the public web not data belonging to Hawkins. Data in the chat history is not retained and is not used to train the underlying model.
An AI decision can be based on a prediction, a recommendation or a classification. It can also refer to a solely automated process, or one in which a human is involved.Â
The Hawkins Group does not use any form of automated decision making or profiling for any purposes. A human will always consider the AI outputs and act (make a decision) based on this.Â
Marketing
If we hold your data for marketing purposes you have the right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the Hawkins Group. If you no longer wish to be contacted for marketing purposes please email [email protected].
Who might we share your Personal Data with?
Personal Data may be shared with the clients and suppliers of The Hawkins Group and other assignment related third parties.
- Other members of the Hawkins Group
- Clients
- Other assignment related third parties
- Third party service providers to provide and support our Information Technology and Business Support services
- Auditors and professional advisors
- Training providers
- Employee benefits providers
- Law enforcement or other government and regulatory agencies
International Data Transfers
Due to the global nature of our business, we may transfer personal data to third parties that have a different data protection regime than found in the country in which you are based. For example, we may transfer personal data internationally to our Group companies, service providers, business partners, government and public authorities in order to perform the services.
We rely on legally provided mechanisms to lawfully transfer personal data across borders. In most cases we will use the UK/EU approved Standard Contractual Clauses. These Clauses ensure that any third parties have the appropriate safeguards and/or contractual obligations in place to ensure the safety and confidentiality of Personal Data.
If Standard Contractual Clauses are not applicable then Hawkins will ensure that additional safeguards are in place or an exemption applies.
How do we ensure security of Personal Data?
The Hawkins Group has auditable policies and processes in place meaning that personal data is processed in a manner that ensures security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. This means that we have appropriate security in place to prevent the personal data we hold being accidentally or deliberately compromised.
Hawkins is Cyber Essentials Plus Certified. Cyber Essentials is an effective, government-backed scheme aimed at helping to protect our organisation against a whole range of the most common cyber attacks. This is important as vulnerability to these types of attacks can mark us out as target for more in-depth unwanted attention from cyber criminals and others.
What are my Rights?
Access to your information and correction
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of the personal information that we hold about you please either email us at [email protected]Â or write to us at:
Data Protection Officer
88 Leadenhall Street
London
EC3A 3BP
We want to ensure that your information is accurate and up to date, you may ask us to make corrections to your data.
Right to erasure
In certain circumstances you have the right to request us to erase your personal data. If you would like some or all of your personal data erased from our system please either email us at [email protected] or write to us at:
Data Protection Officer
88 Leadenhall Street
London
EC3A 3BP
Right to restrict processing
In certain circumstances you may request the restriction of your personal data. If you would like to make such a request, please either email us at [email protected] or write to us at:Â
Data Protection Officer
88 Leadenhall Street
London
EC3A 3BP
Right to object
In certain circumstances you may request that we stop processing your personal data (for marketing purposes, for example, as detailed above). The right is not absolute and will be considered on a case-by-case basis. If you would like to make such a request, please either email us at [email protected] or write to us at:Â
Data Protection Officer
88 Leadenhall Street
London
EC3A 3BP
How long will you retain my Personal Data?
The retention period for personal data will be assessed depending on the nature of the information held, why we hold it and what we are obliged to do by the regulator or the law. In most cases, we will keep your personal data for between three and seven years but this can be for longer if there is a legal, contractual or regulatory requirement to retain it for a longer period.
How do I lodge a complaint with the supervisory authority?
You have the right to lodge a complaint with the supervisory authority if you are not satisfied by the way in which we store and process your personal information.
Details of the supervisory authorities relevant to the jurisdictions in which the Hawkins Group operate are detailed below.
In the UK the supervisory authority is the Information Commissioner’s Office (ICO). The contact details for the ICO are:
0303 123 1113
Address:
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
In Ireland the supervisory authority is the Data Protection Commission (DPC). The contact details for the DPC are:
(01) 765 01 00 (Monday to Friday 9:30am to 1pm) or 1800 437 737 (Monday to Friday 2pm to 4pm)
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland
In Hong Kong the supervisory authority is The Office of the Privacy Commissioner for Personal Data. The contact details are:
2827 2827
Sunlight Tower
248 Queen’s Road East
Wanchai
Hong Kong
In Singapore the supervisory authority is the Personal Data Protection Commission. The contact details are:
#03-01 Mapletree Business City
Singapore
117438
There is no national authority in the UAE. A single national data privacy regulator will be established and known as the UAE Data Office. Further information will be available in due course.
Changes to this Privacy Notice
This Privacy Notice is regularly reviewed and may change from time to time. This Privacy Notice was last updated on 5th July 2024 and is Version 15.0.
DATA PROTECTION REQUEST
Please complete this form and a relevant Hawkins team member will respond within one business day.
