Get in touch

Privacy Policy

Protecting personal data

Requests to see your personal data

Automated processing

Sharing personal data

1. Data protection policy

We take our responsibility to protect personal data very seriously. This policy sets out how we handle your personal data. If you’re an employee, you’ll be given access to a data protection policy relating to you and your employment.

This policy doesn’t relate to you.We have appointed a Data Manager who is responsible for ensuring that we are safely and legally processing data.  If you have any questions about this policy or the processing of personal data they would be delighted to help you to answer them.

2. Protecting personal data

  1. We process personal data fairly and lawfully. Grounds for processing personal data include; with consent, to comply with a legal obligation, in the data subject’s vital interests, in the performance of a contract with the data subject or in our legitimate interests. If the personal data is sensitive, additional conditions will be met.
  2. Where we don’t have an alternative lawful basis to process your personal data we’ll ask you for your consent to do so. In particular, we will only send you marketing emails or make contact about marketing initiatives where you have agreed to us doing so.
  3. We will always be transparent about how we’re using your personal data. We’ll provide you with information about who controls your data, how and why it will be used, how it’s protected and how long it’s retained for within a privacy notice (which will usually be found on our website)

3. Requests to see your personal data

  1. If you want us to show you personal data that we hold on you then you need to make a request in writing to the Personal Data Manager at privacy@humanmade.com. We might ask you for more details about the request or give you a template letter to help with your request. Where the request isn’t made in person we will always ask for two forms of identity to confirm that it is you making the request.
  2. We’ll always try and acknowledge your request when we receive it. We’ve got between 30 days and three months to respond in full to your request.
  3. We may ask you to contribute towards the administration fee in processing your request.

4. Automated processing

  • It is required by law (for example, to government bodies);
  • They need to know the information in order to fulfil their contract with us (but provided they will not use your information for their own purposes);
  • Internally where we need to do so to comply with our obligations to you;
  • You’ve been informed and your consent has been obtained (where we have identified it is needed);
  • The third party has adequate security measures in place;
  • The transfer complies with any applicable restrictions on cross-border transfers;
  • A fully executed written contract which contains GDPR compliant clauses has been obtained.

5. Sharing personal data

  1. Generally, automated decision making is prohibited where the decision has a significant or legal effect on an individual. The exceptions to this are where:
    • The data subject has explicitly consented;
    • The automated processing is automated by law; or
    • The automated processing is necessary for performing or entering into a contract.
  2. If a decision is to be based on automated processing, we will inform you of this and let you know of your right to object. We’ll give you information on the logic involved in the decision making and give you the right to request human intervention, or to challenge the decision.
  3. Before any automated processing is carried out, an impact assessment must be carried out.

Let’s Build Something Meaningful Together

Get in touch
Get a free Consultation