DATA & PRIVACY POLICY

Cookies

A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website.

We will use the persistent cookies to enable our website to recognise you when you visit.

Google Analytics Cookies

We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google stores this information.

The following table describes each cookie set by gtag.js.

Infinity Call Tracking Cookies

Below is an outline of each cookie stored by our call tracking software to enable us to track the marketing source of inbound calls.   

The following data is stored as a json object under the local storage key _its.{installationId} (replacing {installationId} with the current installation ID).

HubSpot Cookies

These are non-essential cookies controlled by the cookie banner. You can opt out of these cookies by not giving consent via our Cookie banner.

__hstc

• The main cookie for tracking visitors.
• It contains the domain, hubspotutk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
• It expires in 6 months.
• hubspotutk
• This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
• It contains an opaque GUID to represent the current visitor.
• It expires in 6 months.

__hssc

• This cookie keeps track of sessions.
• This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
• It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
• It expires in 30 minutes.

__hssrc

• Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.
• If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
• It contains the value “1” when present.
• It expires at the end of the session.

Sharing of Information

In the standard operation of our business and to enable us to provide products and services to our customers, we may disclose your personal information to the following (who may be within or outside the European Economic Area):

• our associated companies including any member of the Opus companies
• successors in title to our business
• our third-party service providers
• professional advisors
• credit agencies
• any organisation or person expressly instructed by you
• any relevant regulatory, governmental or law enforcement authority as required by law
• third parties necessary to provide the products and services requested by you or necessary to protect the rights, property, or safety of our other customers, our employees, agents, consultants, contractors or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction

We require that organisations outside of our Group of companies who handle or obtain personal information as service providers, acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with the Data Protection Legislation and this policy.

Security of Information

We take the safeguarding of your data very seriously. All personal information in our possession is held securely. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. Details of these measures may be obtained from [email protected]

We do not currently store or transfer your personal data outside the European Economic Area, but should we do so in the future we will ensure our Suppliers deal with the data with in GDPR process and protocol. By providing your data to us, you agree to this transfer and storage. However, we will ensure that reasonable steps are taken to protect your data in accordance with this privacy notice.

Special measures such as access restrictions are in place to ensure the security of sensitive personal data.

In line with GDPR, we have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your Duty to Inform us of Changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a customer of Opus we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

Your Rights of Access, Correction, Erasure and Restriction

Under certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below)
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are improperly processing your personal information for direct marketing purposes
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
• Request the transfer of your personal information to another party

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact [email protected] in writing.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact [email protected]

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Questions and Complaints

If you have any questions concerning our Privacy Policy, would like to change your personal information, or would like to make a complaint concerning any action of ours which you consider is in breach of our policy please contact our Compliance Manager directly at [email protected]

We would hope to be able to deal with any complaint you may have to your satisfaction, but you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Policy Amendments

We may update this privacy policy from time-to-time by posting a new version on our Shared Drive. You should check this folder occasionally to ensure you are satisfied with any changes.