PRIVACY STATEMENT AND COOKIE POLICY
Introduction
This Privacy Notice sets out how the Hibiscus Group of companies (“Hibiscus", “we”, “us” or “our”) use and protect any information that you give us when you access or use our website at www.hibiscus.com (the “Website”).
We are committed to ensuring that your privacy is protected. You can be assured that should we ask you to provide certain information by which you can be identified when using this Website that it will only be used in accordance with this Privacy Statement.
We may change this Privacy Statement from time to time by updating this page. You should check this page regularly to ensure that you are happy with any changes.
Definitions
- Personal Data means any information that can identify, directly or indirectly, a living individual.
- Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For the purpose of this Privacy Statement, Hibiscus is the Controller.
- Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
What we Collect
We may collect and process any of the following information, if you provide this to us:
- Your name and/or job title;
- Your contact information including your email address;
- Your demographic information such as postcode;
- Your information that you provide to us when you use the Website; and/or
- Your IP address used at the time of access.
If you have provided us with the Personal Data of another person (including your employer or a referee), by continuing to use our Website you hereby warrant that they consent to the processing of their Personal Data and that you have informed them of our identity as a Controller and you provided them with a copy of this Privacy Statement.
What we do with the information we gather
We require this Personal Data to understand your needs and provide you with a better service, and in particular for the following purposes:
- Our internal record keeping;
- To improve our products and services;
- For market research purposes;
- To customise our Website according to your interests; and/or
- To ensure our Website works as expected.
Under laws which are designed to protect your Personal Data, we need to have what is a called a ‘lawful basis’ or ‘ground’ each time we use, share or otherwise process your Personal Data.
We may rely on one or more of the following lawful basis':
- If you have agreed (provided your consent) to us processing your Personal Data for the relevant purpose; and/or
- Our legitimate interest in the effective delivery of information and any services to you.
Security
We are committed to ensuring that your information is secure. We protect your information by:
- Offering you a secure transmission method to send us personal or company information;
- Only sharing it with staff members and/or third parties who need to access it; and
- Implementing suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
You can protect your data by:
- Enabling security features on your browser; and
- Monitoring the URL of the site you are visiting (secure URLs begin with https:// rather than the normal http://) along with the security symbol of the site your browser (e.g. a broken or incomplete key in your browser) to help identify when you are communicating with a secure server.
How we use Cookies
This Website creates a number of cookies, which are referred to as ‘first party cookies’ as they are specific to the host site that created them. All the first-party cookies which are created do not store any personal or sensitive information, or anything that makes you personally identifiable to us. They are used for essential functionality such as security when processing form data or for analytics which helps us use anonymous visitor data to gain a better understanding of how people use our Website.
In addition to our first-party cookies, you may be served one or more third-party cookies during your visit to our Website. By using our Website we'll assume that you are happy to receive all cookies on our Website, but we have provided information on our dedicated cookie policy page on how you can set your browser to prevent cookies being created.
Third party cookies are cookies created by an external service when you use a page on our Website. These cookies are specific to the third-party's domain and accordingly the data held in them can be seen and managed by the third party and not by us. We control whether or not we use the third-party service with our Website, and how it is integrated and presented on our Website. We do not have control over the cookies themselves. We carefully select third party services to use on our Website; ones that are not likely to abuse your privacy according to the terms of their privacy policies.
Your rights in Relation to your Personal Data
You have certain rights in relation to your Personal Data. Pursuant to the applicable data protection laws, those rights will not necessarily apply in all cases or to all Personal Data which is processed by us. You have the right to request that we:
- Provide you with access to any Personal Data which we hold about you (please refer to ‘Request of Personal Information’ below);
- Update any of your Personal Data which is out of date or incorrect;
- Delete any Personal Data which we hold about you, subject to regulatory compliance which requires certain information to be kept for a defined period of time;
- Restrict the way that we process your Personal Data;
- Consider any valid objections which you have to our use of your Personal Data; and/or
- Provide some of your Personal Data to a third party provider of services (data portability) at your request.
You may choose to restrict the collection or use of your Personal Data in the following ways:
- Whenever you are asked to fill in a form on the Website, you can choose to call instead;
- If you have previously agreed to us using your Personal Data for direct marketing purposes, you may change your mind at any time by writing to or emailing us at the below email address.
Should you require an update or amendment to your Personal Data, please contact us by email using the details below and we shall endeavour to amend your records as soon as is practical and no later than 7 days of receipt of any update.
Request of Personal Data
You are entitled to access the information held about you. Your right to access the Personal Data which we hold about you can be exercised by contacting compliance@hibiscus.com.
Sharing of Personal Data
We may disclose your Personal Data to any member of our Group, this includes Hibiscus (IOM) Limited and Hibiscus Group Limited.
We may disclose your Personal Data to third parties in the following circumstances:
- If we, or substantially all of our assets are acquired by a third party, in which case Personal Data held about our customers or visitors to our Website will be one of the transferred assets;
- If we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation;
- In order to enforce or apply the terms of this Privacy Notice or any other agreements;
- To protect the rights, property or safety of us, our customers or others; and/or
- Where we have received your permission for us to do so.
We will not share your data with third parties for marketing purposes unless we have procured your express consent to do so.
Opting in and out of Promotional Communications
Upon agreeing to this Privacy Notice and opting in to our communications you agree for us to send you marketing and promotional material. This includes both online communications and other communications such as e-mail. If at any time you wish to opt-out you can do so by e-mailing the Data Protection Officer at compliance@hibiscus.com.. Opt-out can also be undertaken utilising the link provided on each promotional communication.
International Transfers of Personal Data
It may in certain circumstance be illegal to transfer any personal data outside the EEA or approved adequate jurisdictions. When we transfer any part of your personal data outside the EEA or adequate jurisdictions we will take reasonable steps to ensure that it is treated as securely as it is within the EEA or adequate jurisdictions. These steps include but are not limited to the following levels of protection:
- Binding corporate rules;
- Model contracts; or
- Any other method deemed appropriate by the Isle of Man Data Protection legislation, or the European GDPR.
For the avoidance of doubt we only transfer your personal data within our wider group of companies who are subjected to the DP Laws. Any further international transfers will be not be undertaken unless we have procured your express consent.
Links to Other Websites
Our Website may contain links to other websites of interest. However, once you have used these links to leave our Website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy statements applicable to the website in question.
Retention
We retain Personal Data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, we take into consideration local laws, contractual obligations, and the expectations and requirements of our customers and website visitors. When we no longer need Personal Data, we securely delete or destroy it.
If you have applied for employment with us and were unsuccessful for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.
Contact Us
If you have any questions, comments or requests regarding the protection of your Personal Data please contact the Hibiscus Compliance Team at compliance@hibiscus.com.
Complaints
If you are not satisfied with the outcome to any complaints, disputes or information provided by Hibiscus regarding the handling of your data, you have the right to make a complaint to the supervisory authority.
The supervisory authority for Hibiscus (IOM) Limited is the Isle of Man Information Commissioner’s Office who can be contacted via the following link:
https://www.inforights.im/complaint-handling/how-to-make-a-complaint-to-the-information-commissioner/data-protection-complaints/
The supervisory authority for Hibiscus Group Limited is the Information Commissioner’s Office who can be contacted via the following link:
https://ico.org.uk/make-a-complaint/
However, please contact us in the first instance as we would appreciate the chance to deal with your concerns before you approach the supervisory authority.
This Privacy Notice was last updated in April 2022.