The privacy and security of your personal information is extremely important to us. Please read this privacy notice carefully, as it explains how and why we use your personal data, to make sure you stay informed, so you can be confident when you share your information with us.
The purpose of this privacy notice is to inform you on how your personal data is used by us here at Parliament Hill when you visit or use our website parliament-hill.co.uk, when you make an online enquiry, engage with us on behalf of your employer or business, or when we engage with you about working together on a business to business basis or engage with us or express an interest in our services.
In this notice whenever you see the words ‘we’, ‘us’, or ‘our’, it refers to Parliament Hill Ltd, a subsidiary of the Civil Service Motoring Association Limited and we are authorised and regulated by the Financial Conduct Authority (308448) and registered with the Information Commissioners Office under registration number Z8868557.
If you have any questions in relation to this privacy policy or how we use your personal data, you can contact us in any of the following ways:
Email: info@parliament-hill.co.uk
Post: Parliament Hill, Britannia House, 21 Station Street, Brighton BN1 4DE
Telephone: 0207 710 9494
We also have a Group Data Protection Officer who will be happy to answer any questions or concerns you might have. You can contact him directly at dpo@boundless.co.uk.
Our services and products are intended for UK residents only and we do not knowingly collect personally identifiable information from anyone under the age of 13. This website is not intended for use by children and we do not knowingly collect data relating to children. If we become aware that we are holding any information about children under the age of 13, we will take any actions necessary to comply with data protection legislation, including, if appropriate, deleting the information. If you become aware that your child (under 13) has provided their personal information to us without your consent, please let us know as soon as possible so that we can take appropriate action.
Our online service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Personal data is any information that can be used to identify an individual personally, that is collected, stored and used by us. We’ll only collect the personal data that we need, and when we do we are subject to UK legislations such as the Data Protection Act 2018 and UK General Data Protection Regulations and The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. We are responsible for your data as a ‘controller’ of any personal data we collect for the purposes of those laws.
3a) Personal Data Provided by you
We will collect information directly from you - this includes information you give when interacting with us, for example when you complete our online form to request information from us or to make an enquiry and may include:
If using our website, we may collect technical information such as including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform and, if you access our website via your mobile device, we will collect your unique phone identifier
Personal data you may pass may also include the names, contact details and their position within or to your organisation. We would expect that in passing us those personal details, that you have the data subject’s permission to do so. When we pass your personal data, regarding people within our organisation or who we deal with, then we will have obtained their permission to do so. Such exchange of personal data will only be used for the purposes of setting up and evaluating the viability of the benefit scheme including all pre-contract negotiation.
3b) Personal Data Automatically collected
We may automatically collect the following information from your use of our website:
Our primary goal in collecting personal information from you is to either respond to your enquiry, to provide you with information about Parliament Hill and how we can support you as an employer or Membership Group and what we can offer your employees or Members. We’ll only use your personal data on relevant lawful grounds as permitted by UK Data Privacy Legislation.
Under these data-protection laws, we can only use your personal data if we have a proper reason for doing so, such as:
If we are asked by the police, law-enforcement agency or any other regulatory or government authority investigating suspected illegal activities, we may need to disclose and exchange information with that authority to comply with our legal and regulatory obligations.
Below are the key times and purposes we will process your data and under what lawful basis:
Ref |
Personal data processed |
Purpose of processing |
Lawful basis for processing |
i |
Name, email address, contact number |
When completing an online form or contacting us. |
Legitimate interest – responding to your request for information |
ii |
Name, contact details |
When collected from a public place, to offer further information about working together. |
Legitimate business interest – business interest in providing a service to your business |
iii |
Name, email address |
Sending emails to provide information about us. |
Consent – you can change your consent at any time |
iv |
Technical and usage data |
To use data analytics to improve our website, marketing and experience. |
Legitimate interest |
We would also be handling some of that data for our legitimate business interests. That could include, but is not limited to, the maintenance of legal records, task management, staff training and monitoring, record keeping and reporting back to give us your contact details, seeking advice from others and or contacting some specific benefit providers in the hope that a specific benefit/deal might be arranged for your organisation and your members. We may use suppliers who provide basic services to us as a commercial business and in providing their services they may have access to certain data either held by us, which they require in providing their service to us or that might pass through them.
If we discuss setting up benefit web pages, then we may involve the person we use to set up parts of the benefit web sites who will be acting as our processor when working under our instructions.
We may use IT services to design and set up a log in process or help us with the design of the benefit web site. We may use copy write services for the production of marketing material and financial promotions. We may obtain sign off of financial promotions and benefit pages from benefit providers. In doing these items we may convey, instructions, comments or opinions given by you to us with an identifier as to the source of such instructions, comments or opinions. We may need to contact Benefit Providers in the management and negotiation of Benefits.
We do not use any personal data of, nor use, any automated decision making or profiling decisions.
We want you to remain in control of your personal data. If at any time, you want to update or amend your personal data you can use the following methods to contact us:
You can also submit a request to our Group Data Protection Officer if required.
Cookies are small text files stored on your computer when you visit certain websites. We use first-party cookies (cookies that we have set, that can only be read by our website) to personalise your online experience. We also use third-party cookies (cookies that are set by an organisation other than the owner of the website) for the purposes of website measurement and targeted advertising.
In order to comply with the rules around cookies and other related tracking, our websites have a cookie management tool through Cookie Script, which places the control of data collection in your hands. Further information can be found in our cookie policy.
We use Hotjar on our website in order to better understand a user’s needs and to optimise the service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback should you choose to provide it. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device's IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website).
Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy You can opt-in to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites through our cookie management tool.
We will retain your personal information only for as long as is reasonably necessary to satisfy the purposes for which it was collected, and for the purposes of satisfying any legal, accounting or reporting and regulatory requirements. These legal and other requirements require us to retain certain records for a set period of time. In addition, we retain certain records in order to resolve queries and disputes that may arise from time to time. The retention of employee records is further subject to other laws which require us to keep records for specific time periods, namely:
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
Information system and data security is imperative to us to ensure that we are keeping our members safe. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. We have taken technical and organisational measures to secure your data, including:
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
When we allow third parties acting on behalf of Parliament Hill to access your information, we will always have complete control of what they see, how long they see it and what they are allowed to do with it by imposing strict contractual obligations on them such as data-sharing agreements. We do not sell or share your personal information for other organisations to use.
We use a number of third parties, whom provide their services to us for various reasons, such as IT Support providers. In these circumstances, we will remain the controller of any personal data and they act as a data processor and suitable contracts, data processing agreements and terms will be agreed between both parties.
Personal data collected and processed by us may be shared with the following groups where necessary:
Also, under strict contractually controlled conditions:
We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or cookie policy and other agreements; or to protect the rights, property, or safety of Parliament Hill, our members, clients and employees. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
Information system and data security is imperative to us to ensure that we are keeping our members safe.
Your data may be held at our offices, third-party agencies, services providers, representatives and agents as described earlier.
If we transfer data outside the UK into the European Economic Area (EEA), we will implement appropriate suitable safeguards to ensure that such personal data will be protected as required by applicable data protection law and for the subsequent transfer from the EEA back to the UK.
You have the following rights, which you can exercise free of charge:
Access |
The right to be provided with a copy of your personal information (the right of access) |
Rectification |
The right to require us to correct any mistakes in your personal information |
To be forgotten |
The right to require us to delete your personal information—in certain situations |
Restriction of processing |
The right to require us to restrict processing of your personal information—in certain circumstances, for example, if you contest the accuracy of the data |
Data portability |
The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
To object |
The right to object: —at any time to your personal information being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal information, for example, processing carried out for the purpose of our legitimate interests. |
Not to be subject to automated individual decision-making |
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
Right to withdraw consent |
If you have given us your consent to use your personal information, you can withdraw your consent at any time. This might impact our ability to provide goods and services to you |
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
If you have any queries, concerns or wish to make a complaint you should contact our Data Protection Officer with any query or concern about the use of your information.
The Data Protection Act 2018 gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns/ or telephone: 0303 123 1113 .
Because of these ongoing changes, changes or amendments in the law we will need to update this notice from time to time. If and when our data practices change, we will notify you of the changes via this page where the current version of the Privacy Policy will be published.
Where appropriate, we will notify you of any significant changes usually by email, but occasionally in another more appropriate format such as letter. We encourage you to check this page frequently also.