BakerHicks is committed to protecting and respecting your privacy. When we say “we”, “our”, “us” or “BakerHicks” in this privacy notice, we are referring to Baker Hicks Limited, BakerHicks AG, BakerHicks GmbH, BakerHicks ApS, and BakerHicks SA, (trading as BakerHicks) as the context requires, which are part of the Morgan Sindall group of companies.
Baker Hicks Limited (Kent House, 14-17 Market Place, London W1W 8AJ) is the “data controller” for the purpose of data protection legislation. This notice is provided to explain the basis on which any personal information we collect from you, or which you provide to us, is processed. Baker Hicks Limited is committed to protecting and respecting your privacy in accordance with its privacy notice.
Morgan Sindall Group’s Information Security team oversees our compliance with data protection laws. They guide the content of this privacy notice. Please direct any complaint or query relating to how we have processed your personal information to email@example.com or to the Head of Information and Security, Morgan Sindall Group, Kent House, 14-17 Market Place, London W1W 8AJ.
We ask that you do not provide any sensitive personal data. This is data revealing information about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union memberships, and includes genetic data, biometric data (for the purpose of uniquely identifying an individual), data concerning health, or data concerning a natural person's sex life or sexual orientation.
Whose personal information do we process and how do we collect it?
(a) Accessing our website
When you access this website, the browser used on your device automatically sends data to the server of our website, which is temporarily stored in a log file. This log file data includes: IP address of the requesting browser, date and time of access, website from which the access occurs, browser type and version, operating system of the accessing device, access provider, country and language settings. We process this personal data to ensure a stable and secure connection to our website as well as for technical administration reasons. In doing so, we rely on our legitimate interest in providing you with a functioning website service.
(b) Personal data processing when directly interacting with us
We collect and process the personal information of individuals enquiring about BakerHicks’ services. This is collected by an online contact form and includes an individual’s name, email address and telephone number if supplied.
(c) Other data processing situations
How your personal information is used
We use information held about you for the purpose of responding to online enquiries, based on our legitimate interest in client management and responding to online enquires (see Article 6(1)(f) of the GDPR).
We never sell your data to third parties or allow third parties to contact you without your permission.
Where do we store your information and for how long do we keep it?
Your personal information is retained by us on our website’s content management system. Our data retention periods vary depending on the nature and context of the personal information that we have in our care and are calculated taking into account the following factors:
guidance from official bodies;
how long we need to keep the information to fulfil the original purpose for which it was collected;
legal obligations to which we are subject, eg under tax or accounting law; and
legitimate interest in keeping personal data, for example in order to respond to your enquiry, provide you with a service you requested, or for documentation or data security purposes or in order to be able to defend or enforce legal claims.
Who do we share your information with?
We may disclose your personal information with the following categories of recipients:
Our IT service provider and our website provider (acting as data processors);
to any competent law enforcement body, regulatory, government agency, court or other third party (acting as independent data controllers) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
Sending data outside the EEA
This section tells you about the safeguards that keep your personal information safe and private, if sent outside the European Economic Area (EEA). Your personal data may, during the course of some of our data processing, be transferred to recipients within but also outside of the EEA or Switzerland, including to our providers and their sub-providers and staff operating outside the EEA, potentially globally.
When we do this, all appropriate technical and legal safeguards are put in place to ensure you are afforded the same level of protection as within the EEA. For data transfers between the United Kingdom and the European Union, the adequacy decision by the European Commission ensures an adequate level of protection. For data transfers to third countries that are not part of the EEA, your personal data will be transferred on the basis of the applicable EU’s Standard Contractual Clauses for this purpose, a copy of which can be found here. In certain cases, we may transfer data without such safeguards, for example if you have provided consent to the disclosure, or if it is necessary in relation with a contract or to defend, exercise or enforce legal claims.
Subject to some conditions and restrictions under applicable data protection law, you have certain rights in relation with your personal data:
You have the right to access and can request a copy of your personal data and further information about our data processing;
You can object to our data processing;
You can correct or update incorrect or incomplete personal data;
You also have the right to receive the personal data you have provided to us in a structured, common and machine-readable format, to the extent that the corresponding data processing is based on your consent or is necessary for the fulfillment of the contract;
If we process data based on your consent, you can withdraw consent at any time. Withdrawal only applies going forward, and we may continue some processing based on another legal ground in the event of revocation.
If you wish to exercise such a right, please contact us at the address indicated above. We will respond to any request received from you within one month from the date of request.
If you are not satisfied with the way that we have treated your data or responded to a rights request, note that you have the right to make a complaint at any time to the competent data protection authority:
In the UK, the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk);
In Switzerland, the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch);
In Germany, the German data protection authorities, a list of which can be found here and you have the right to file a complaint with a supervisory authority;
In Austria, the Austrian Data Protection Authority (www.dsb.gv.at);
In Belgium, the Gegevensbeschermingsautoriteit (https://www.gegevensbeschermingsautoriteit.be); and
In Denmark, Datatilsynet, Carl Jacobsens Vej 35 2500 Valby, phone + 45 33 19 32 00, firstname.lastname@example.org.
We would, however, appreciate the chance to deal with your concerns before you approach an authority, so please contact us in the first instance.
Links to third party websites
We are not responsible for the content, reliability, privacy and data protection practices of third party websites, plug-ins and applications that you may link to from our website. As such, we recommend that you review the privacy and data protection policies of any third party websites before making further use of their services.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments.