Sarah Hall is the data controller responsible for your personal data (referred to as “we,” “us,” or “our” in this privacy policy). This means we determine the purposes and means of processing your personal data.
If you have any questions about this privacy policy, concerns about how your personal data is processed, or wish to exercise your rights, please contact us using the details below:
Email: team@sarahhall.co.uk
We aim to respond to all queries promptly and within any legally required timeframes. However, if you are not satisfied with our response, you can contact the ICO.
Purpose of this Privacy Policy
This privacy policy explains how we handle your personal data when you interact with us, including through this website and other channels. Specifically, it covers:
What personal data we collect: The types of data we collect about you and how we obtain it.
How we use your personal data: The purposes for which we process your data and the legal basis for doing so.
Who we share your data with: The parties with whom we may share your personal data and why.
Your privacy rights and how to exercise them: The rights you have under data protection laws and how to make a request.
How we ensure the security of your personal data: The measures we take to protect your data from unauthorized access, loss, or misuse.
This policy applies to data collected via this website and other interactions you may have with us, such as email correspondence, event participation, or casework inquiries.
It supplements other notices or privacy policies that may appear on this website (e.g. during newsletter sign-ups, surveys, or petitions) or in other contexts where we collect personal data. In cases where additional privacy notices are provided, those notices should be read alongside this policy and will not override it unless expressly stated.
We are committed to keeping this policy up to date. If we make significant changes, we will notify you via this website or through other appropriate channels.
The Data We Collect About You
We collect, use, store, and transfer various types of personal data depending on your interactions with us. This includes:
Identity and Demographic Data
Full name (including maiden or previous names)
Title and honorifics (e.g., Dr., Ms.)
Date of birth and age
Gender and pronouns
Marital status
Nationality
Language preferences
Unique identifiers, such as user IDs or account names
Contact Data
Residential or business addresses
Email addresses
Telephone numbers (landline and mobile)
Social media profiles and public handles
Financial and Transaction Data
Bank account details
Payment card details
Donation history, including amounts and methods
Records of payments, donations, or purchases
Details of products, services, or memberships acquired
Date, time, and location of transactions
Participation in fundraising events or campaigns
Technical and Cookies Data
Internet Protocol (IP) address
Browser type, version, and operating system
Device type and platform
Time zone settings and approximate location
Metadata from website interactions (e.g., timestamps, referral sources)
Data collected through cookies, beacons, pixels, tags, and other tracking technologies Details of website use (e.g., pages visited, links clicked)
Time spent on specific pages and interactions with multimedia content
Login attempts, successful or unsuccessful (to monitor suspicious activity)
Insights into the timing, frequency, and length of engagements with newsletters, surveys, or petitions
Heatmaps or clickstream analysis from website navigation patterns.
Profile Data
Preferences, interests, and hobbies
Feedback, reviews, or responses to surveys
Attendance at events or meetings
Membership in organisations or affiliations
Records of ongoing engagement history (e.g., number of times contacted, types of issues raised, resolution status).
Historical correspondence with individuals or organisations relevant to the MP’s office.
Constituency mapping to identify common trends or regional concerns.
Marketing and Communication Data
Preferences for receiving communications and marketing material
Responses to email campaigns (e.g., open rates, clicks)
Opt-in/opt-out preferences for communications
Special Category Data
Special category data, such as political opinions or health information, is subject to heightened protections. We only process this data when:
You have explicitly consented to the processing.
The processing is necessary for democratic engagement or casework purposes.
We are legally obligated to process it under electoral laws or public interest considerations.
We may process sensitive data (known as “special category data”) for specific purposes, including:
Political opinions or affiliations
Racial or ethnic origin (voluntarily shared or inferred for inclusivity analysis)
Religious or philosophical beliefs (where relevant to campaigns or events)
Membership in trade unions or political parties
Accessibility needs (e.g., related to disabilities)
Health-related data for event planning
Data related to sexual orientation (only where voluntarily shared)
Electoral roll data (e.g., voting history, absent voter status)
Casework and Correspondence Data
When you contact us for assistance, we may collect:
Details about your query or issue, including supporting documents (e.g., letters, invoices, or records)
Correspondence via email, social media, written communication, or telephone
Information about third parties involved in your case
Any additional information you voluntarily provide
Event and Campaign Data
Attendance records at events or rallies
Photographs, videos, or audio recordings from events (where participants are visible or identifiable)
Dietary preferences or accessibility needs for event planning
Preferences for session participation during multi-part events or conferences.
Logs of interactions during events or webinars, such as questions asked or polls responded to.
Social Media and Online Data
Publicly available data from social media platforms (e.g., posts, likes, shares, follows)
Comments or messages directed to us on social platforms
Engagement with our online content (e.g., retweets, shares)
Political Engagement Data
Responses to petitions or campaigns
Survey and consultation responses
Voting intentions, historical voting patterns, and likelihood of voting
Petition signatures and comments
Recorded levels of political support or engagement during canvassing or events
Canvassing and Electoral Data
Data collected during canvassing, such as responses during doorstep or telephone interactions
Notes from campaign volunteers or activists
Electoral roll data, including your name, address, ward, and voter status
Updates to your registration status provided by the Electoral Registration Office
Availability, skills, and areas of interest for volunteering
History of roles undertaken or events attended
Labour Party membership details, such as membership number and constituency branch
Voluntary Contributions or Submissions
User-Generated Content: Data from content you voluntarily provide, such as blog comments, discussion forums, or personal stories shared with Sarah Hall.
Media Contributions: Any images, videos, or audio recordings submitted by individuals (e.g., as part of campaigns or competitions)
Written Submissions: Information submitted for public inquiries, consultations, or policy discussions
Recruitment and Job Application Data
When you apply for a role with us or send your CV, we may collect and process the following data:
Identity and Contact Data: Name, address, email address, and phone number.
Professional Data: Employment history, education details, qualifications, and references.
Special Category Data: Information about disabilities or health conditions, if shared voluntarily or necessary for accommodations during the recruitment process.
Recruitment-Specific Data: Responses to interview questions, results of assessments, and records of communications during the hiring process.
Criminal Background Checks: If applicable, we may request and process information related to your criminal history where permitted by law.
Phone Call Recordings: If phone calls are recorded, we may collect the following:
The audio recording of the conversation.
Associated metadata, such as the phone number, date, time, and duration of the call.
Notes or summaries created based on the call content.
Regulatory and Legal Compliance Data
Data to comply with election laws (e.g., donation amounts, transparency records)
Records required under the Representation of the People Act or Political Parties Elections and Referendums Act (PPERA)
Complaint or Grievance Records: Logs of complaints raised against the office, campaigns, or staff
Evidence for Legal Proceedings: Data gathered to address or defend or act e.g complaints, disputes, or investigations
Regulatory Correspondence: Records of communications with regulatory bodies like the Information Commissioner’s Office (ICO)
Emerging Technologies
Chatbot Interaction Logs: Data collected during automated interactions with AI-based systems on the website or other platforms.
Aggregated Data
Aggregated data, such as statistical trends or demographic summaries, may be derived from your personal data but is not considered personal data unless it can directly or indirectly identify you.
Children’s Data
Our website and services are not intended for children. However, we may collect limited data about individuals under 18 if required to respond to their queries or provide assistance. This will always be done with appropriate safeguards and, where necessary, parental or guardian consent.
Third-Party Data
We may collect data about you from external sources, such as:
Public records (e.g., Companies House, electoral registers)
Social media platforms where you interact with our content
Data-sharing agreements with organisations aligned with our goals
Information provided by other constituents or referrals for casework
Office Visitor Data:
Visitor logs (name, contact details, reason for visit) and CCTV footage (if applicable).
How We Collect Your Data
We collect your personal data using the following methods:
1. Direct Interactions
You may provide data to us directly in various ways, including when you:
Fill out forms on our website (e.g., to register as a supporter, sign a petition, or subscribe to a newsletter).
Contact us via email, phone, or postal correspondence (e.g., to raise an issue or provide feedback).
Provide details during face-to-face interactions, such as at events, public meetings, or while canvassing.
Submit responses to surveys, questionnaires, or consultations we conduct.
Make a donation or payment through our website or affiliated platforms.
Volunteer or register to participate in campaigns, events, or other political activities.
We collect job application data directly from you when you:
Submit a CV, cover letter, or job application via email or our website.
Participate in an interview or recruitment-related communication.
Provide references or consent to background checks.
Phone Call Recordings: Calls may be recorded when you contact us, or we contact you, for specific purposes, such as casework or quality assurance.
2. Automated Technologies or Interactions
As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns. This is done using:
Cookies: Small files stored on your device to track your preferences and improve your online experience.
Log Files: Records of website activity, including IP addresses, timestamps, and pages visited.
Web Beacons, Tags, and Pixels: Tools used to monitor interactions with email campaigns or digital content.
Session Tracking: Information about how you navigate and engage with our website.
3. Data Provided by Third Parties
We may receive personal data about you from external sources, including:
The Labour Party: Information shared under data-sharing agreements or in alignment with mutual goals.
Government or Public Bodies: Data provided to facilitate constituency casework (e.g., Electoral Registration Officers, public inquiries).
Affiliated Organisations: Data from organisations that align with Sarah Hall MP’s campaigns or objectives.
Event Partners or Co-Hosts: Details shared by third parties managing joint events or campaigns.
Social Media Platforms: Publicly available data from your interactions with our profiles or posts.
We may also collect data from third-party sources such as recruitment agencies or publicly available platforms (e.g., LinkedIn) where you have shared your profile.
4. Publicly Available Sources
We may collect data from publicly accessible sources, such as:
The full or open electoral register, as permitted by electoral law.
Social media platforms where you engage with our content or campaigns.
Public records, such as those from Companies House or government databases.
5. Observation or Recording
Data may be collected during attendance at events, meetings, or public gatherings, including photographs, videos, or audio recordings where you are identifiable.
Notes may be taken during canvassing, meetings, or interviews to record your feedback or concerns.
Photos, videos, or audio recordings taken during events or office visits.
6. Cookies and Similar Technologies
Data is collected automatically when you interact with our website or digital platforms through:
Session cookies, persistent cookies, and tracking technologies that monitor your browsing behavior.
Analytics tools to understand website performance and user interaction (e.g., Google Analytics).
Legal Basis for Data Collection
We only collect and process your data when there is a lawful basis to do so. These bases include:
Consent: When you provide explicit consent for specific purposes, such as receiving newsletters or marketing communications.
Public Task: When processing is necessary to perform Sarah Hall duties as an elected representative and public figure, including casework and constituency support.
Legitimate Interests: When processing is required to achieve our legitimate interests (e.g., improving campaigns) without overriding your fundamental rights.
Legal Obligation: When processing is necessary to comply with legal obligations, such as electoral laws or transparency regulations.
Contract: When processing is required to fulfill a contract, such as processing a donation.
Substantial Public Interest: When processing special category data for democratic engagement, campaigning, or ensuring inclusivity.
Transparency and Your Rights
Whenever we collect your data, we aim to be transparent about how and why it is used. If your data is obtained indirectly (e.g., via third parties), and you request it, we will inform you where and provide details about its source.
How We Use Your Personal Data
We will only use your personal data for the following purposes:
1. To Support Political and Democratic Engagement
To register you as a supporter of Sarah Hall MP or the Labour Party.
To engage with you regarding political campaigns, events, and initiatives aligned with Sarah Hall’s objectives.
To enable your participation in petitions, surveys, or consultations.
To gather feedback and insights that inform political strategies or policy development.
2. To Communicate with You
To provide updates on Sarah Hall’s work, campaigns, and events.
To send newsletters, promotional materials, or political updates tailored to your preferences.
To respond to your enquiries, feedback, or complaints.
3. To Manage Donations and Financial Transactions
To process and record financial contributions, such as donations.
To ensure compliance with transparency laws, including those governing political donations and financial reporting.
4. To Provide Casework Support
To assist with individual cases brought to Sarah Hall as part of her role as a Member of Parliament and public figure.
To liaise with third parties (e.g., government agencies, local authorities) on your behalf.
To store records of correspondence and case outcomes for future reference.
5. To Ensure Safety and Security
To safeguard individuals at risk or promote public safety during events and campaigns.
To monitor and manage any potential threats to security or safety at events.
6. To Improve Campaigns and Outreach
To personalise communications based on your preferences, interests, or engagement history.
To perform analytics or profiling to better understand voter demographics and campaign effectiveness.
To produce aggregated and anonymised insights for research or statistical purposes.
7. To Comply with Legal and Regulatory Obligations
To comply with electoral laws, such as the Representation of the People Act and Political Parties Elections and Referendums Act (PPERA).
To ensure transparency and accountability for financial donations or political funding.
To provide information to regulatory bodies (e.g., the Electoral Commission) when required.
8. To Enable Participation in Events
To process registrations and manage attendance at events, rallies, or meetings.
To tailor event planning to individual needs, such as dietary or accessibility requirements.
9. To Manage Volunteer Activities
To coordinate volunteer efforts, such as campaigning, canvassing, or event support.
To record and track volunteer roles, skills, and availability.
10. To Conduct Research and Polling
To gather insights through surveys, polls, or focus groups on political topics.
To understand public sentiment and inform future policies or campaigns.
11. To Facilitate Advocacy and Represent Your Interests
To advocate on your behalf with government bodies, local authorities, or other organisations when you request assistance or support.
To present anonymised or aggregated case studies to highlight issues affecting constituents or to advocate for policy change.
12. To Enhance Transparency and Public Accountability
To publish reports or summaries of campaign activities, public consultations, or events, ensuring individual data is anonymised where appropriate.
13. To Develop and Manage Digital Platforms
To administer and improve our website, applications, or other digital services.
To diagnose technical issues or analyse trends to enhance user experience.
To ensure the security and stability of our online platforms, including fraud detection and prevention.
14. To Support Educational and Outreach Activities
To create and distribute educational materials on political, social, or community issues.
To run workshops, training sessions, or seminars, and manage related registrations.
15. To Maintain Historical Records
To archive records for historical or research purposes where appropriate, in accordance with legal and regulatory requirements.
To preserve significant correspondence or data for future reference in public interest or democratic accountability.
16. To Promote Accessibility and Inclusivity
To analyse accessibility needs and ensure our campaigns, events, and digital content are inclusive and meet diverse user needs.
To gather feedback to improve inclusivity efforts across all platforms and initiatives.
17. To Monitor and Analyse Public Sentiment
To analyse public opinion through social media engagement, surveys, and feedback to adapt campaign messages or priorities.
To understand broader trends in voter engagement or campaign effectiveness.
18. To Manage Risks and Prevent Misuse
To detect and prevent activities that may pose a risk to the integrity of our campaigns or public safety, such as fraudulent activity, spam, or harassment.
To respond to any complaints or legal disputes in an informed and efficient manner.
19. To Address Emergencies or Critical Situations
To assist in responding to emergencies where public safety is at risk (e.g., contacting relevant authorities in cases of immediate danger or harm).
To provide support or escalate issues to relevant agencies for vulnerable individuals identified during casework or campaign activities.
Escalating issues to emergency services or authorities to ensure public safety or address immediate risks.
20. To Administer Surveys, Polls, and Feedback Mechanisms
To distribute and analyse surveys, polls, or consultation feedback forms to better understand constituent priorities and concerns.
To report back on the results of consultations in a transparent manner, ensuring that individual responses are anonymised.
21. To Coordinate with Third Parties
To share relevant information with service providers, contractors, or technology platforms who assist in delivering campaign activities or services (e.g., event management systems, mailing services, or payment processors).
To coordinate activities with aligned organisations, such as advocacy groups or non-profits, while maintaining data protection obligations.
22. To Build and Maintain Relationships with you
To thank supporters for donations or other contributions and keep them informed about the impact of their support.
To invite you to join new campaigns, events, or initiatives.
23. To Tailor Content and Communications
To adapt the tone, language, or style of communications to suit your preferences or engagement history (e.g., using localised references for constituents in specific areas).
To create customised content for targeted outreach campaigns, improving relevance and engagement.
24. To Provide Proactive Updates on Local or National Issues
To inform you about important developments affecting your constituency, even if you haven’t specifically requested the information.
To notify you of legislative or policy changes that align with Sarah Hall MP’s campaigns or focus areas.
25. To Manage Recruitment and Hiring Processes
Assess your suitability for the role applied for.
Communicate with you throughout the recruitment process.
Verify the information provided, such as qualifications and references.
Ensure compliance with legal obligations, including right-to-work checks or background screening, if applicable.
Maintain records of applications for internal auditing and legal compliance.
26.Event Management: Organizing and facilitating participation in events, managing registrations, and tailoring events to participant needs (e.g., dietary or accessibility accommodations)..
Organizing and facilitating participation in events
Managing registrations, and tailoring events to participant needs (e.g., dietary or accessibility accommodations).
27.Safeguarding and Supporting Vulnerable Individuals:
Providing accommodations or escalating concerns to appropriate authorities to ensure safety and well-being.
We process your data based on legal grounds, including your consent, our legitimate interests, compliance with legal obligations, or the performance of tasks in the public interest.
Sharing Your Data
We will never sell your personal data. However, we may share your data with third parties in specific circumstances to achieve the purposes outlined in this privacy policy. These include:
1. The Labour Party and Affiliated Organisations
We may share your data with the Labour Party or affiliated organisations to support coordinated campaigning efforts, research, or events. When this happens, your data will be subject to their privacy policy.
2. Data Processors and Service Providers
We use trusted third-party service providers to help us deliver our services and manage our operations. These may include:
Payment Processors: Organisations like Stripe, PayPal, or similar services to process donations or other financial transactions.
Mailing Services: Providers used to distribute newsletters, updates, or marketing materials.
Event Management Platforms: Tools for event registration or ticketing.
Technology and Hosting Providers: Companies that provide secure data storage, website hosting, and IT support.
All such providers act as data processors under strict agreements to ensure your data is protected and used only for the agreed purposes.
3. Research and Academic Partners
We may share your data with research institutions, universities, or academic partners to contribute to studies on social, political, or community issues.
4. Campaigns and Organisations with Aligned Values
We may share data with campaigns, movements, or organisations that share Sarah Hall’s values and objectives, particularly in cases where such collaboration enhances democratic engagement or advocacy efforts. Data sharing will be limited and purpose-driven.
5. Legal and Regulatory Authorities
We may disclose your personal data where required to comply with legal obligations or regulatory requirements. This includes:
The Electoral Commission for compliance with political donation laws.
Courts, tribunals, or other governmental bodies when legally obliged.
Law enforcement agencies where necessary to prevent or investigate unlawful activities.
6. Constituency Casework
When assisting with your case, we may need to share your data with third parties such as:
Government agencies or departments.
Local authorities, housing associations, or healthcare providers.
Private organisations relevant to resolving your issue (e.g., utility companies).
We will only share what is necessary to address your enquiry or issue.
7. Event and Campaign Partners
If you attend events co-hosted with other organisations, we may share registration details or attendance data with the event partner to facilitate the event.
8. Social Media Platforms
To deliver targeted advertisements or communications, we may use your data to create audiences on social media platforms (e.g., Facebook, Instagram, Twitter). These platforms process your data under their own privacy policies.
9. Auditors and Compliance Reviewers
In the course of audits or reviews, we may provide access to your data to external auditors, regulators or legal advisors to ensure compliance with applicable laws and ethical standards.
10. Emergencies or Critical Situations
We may share your data with relevant organisations in emergencies to protect your vital interests or the interests of others, such as in cases of public safety risks.
11. Volunteers and Activists
For campaign activities, limited data may be shared with volunteers or activists (e.g., canvassing data or event planning information). Safeguards are in place to ensure data is used responsibly.
12. Petitions
Data may be shared publicly (e.g., signatory names) or with Parliament and relevant authorities to support campaign goals.
13. With Your Explicit Consent
In all other circumstances, we will only share your data with third parties if you have explicitly agreed to the sharing and understand its purpose.
14. Recruitment Data Sharing We may share your job application data with:
Recruitment Agencies: If we engage third parties to assist with hiring.
Assessment Providers: For administering aptitude or skills tests.
Legal and Regulatory Authorities: To comply with legal obligations (e.g., right-to-work checks).
Referees: To verify your references with your consent.
Ensuring Compliance
We ensure that any transfers of your data comply with legal and regulatory requirements. This includes:
Establishing data processing agreements with third parties to ensure your data is used responsibly.
Using safeguards such as encryption or pseudonymisation where appropriate.
Restricting access to data only to individuals or organisations who need it for the specific purposes described.
Interactions with Third-Party Platforms
Our website may include links to third-party websites, platforms, or plug-ins (e.g., Facebook, Twitter, or event registration services). When you interact with these third parties by clicking on links, sharing content, or using plug-ins:
The third-party platform may collect, use, or share your personal data according to their own privacy policy.
We are not responsible for the data practices of these external platforms.
We recommend reviewing their privacy policies to understand how your data is handled.
Cookies
Cookies are small text files placed on your device when you visit a website. They help us improve your experience by enabling essential website functionality, tracking usage patterns, and tailoring content to your preferences.
How We May Use Cookies
We may use cookies to:
Ensure Website Functionality: Enable core features such as page navigation, access to secure areas, and user authentication.
Enhance User Experience: Remember your preferences and settings to provide a more personalised browsing experience.
Analyse Website Usage: Track visitor interactions to help us improve the structure, performance, and content of our website.
Support Marketing Activities: Deliver relevant advertisements and measure their effectiveness.
Types of Cookies We May Use
We categorise the cookies on our website as follows:
Essential Cookies These are necessary for the website to function and cannot be switched off in our systems. Examples include:
Session management cookies.
Security-related cookies.
Performance and Analytics Cookies These cookies collect anonymised data about how visitors use our website. They help us understand user behaviour and improve our website’s performance. Examples include:
Tracking the most visited pages.
Monitoring errors or loading times.
Functional Cookies These cookies enable enhanced functionality and personalisation, such as remembering your preferences or settings. They may be set by us or third-party providers. Examples include:
Language preference cookies.
User-specific display settings.
Targeting and Advertising Cookies These cookies may be set by us or third-party advertising networks to display ads that are relevant to you. They also help measure the effectiveness of advertising campaigns. Examples include:
Cookies used for audience targeting on social media platforms.
Retargeting cookies to show relevant ads based on your browsing history.
Managing Your Cookie Preferences
You have control over how cookies are used on our website:
Cookie Consent Banner: When you first visit our website and when cookies are active, you’ll see a banner allowing you to accept or manage your cookie preferences. You can update these preferences at any time.
Browser Settings: You can configure your browser to block or delete cookies. However, disabling certain cookies may affect your ability to use some features of the website.
For more information on managing cookies, visit AboutCookies.org.
Third-Party Cookies
We may use third-party cookies provided by external services, such as:
Analytics providers (e.g., Google Analytics) to track and report on website traffic.
Social media platforms (e.g., Facebook, Twitter) for audience targeting and campaign performance.
Payment processors (e.g., Stripe, PayPal) to manage secure transactions.
These third-party providers have their own privacy policies, and we encourage you to review them.
Data Collected Through Cookies
Cookies may collect the following types of data:
IP address
Browser type and version
Operating system
Device type
Referring website or source
Pages viewed and time spent on our site
Interaction data (e.g., clicks, downloads)
Legal Basis for Using Cookies
We rely on the following legal bases for processing data collected through cookies:
Essential Cookies: Legitimate interest, as these are necessary for the operation of the website.
Performance, Functional, and Advertising Cookies: Consent, as required by law. You will be asked for your consent before these cookies are placed on your device.
Updates to Our Cookie Policy
We regularly review our use of cookies and may update this policy accordingly. Any significant changes will be communicated via updates on this page or a notice on our website.
Your Legal Rights
Under data protection laws, you have several rights in relation to your personal data. These rights empower you to have greater control over how your data is handled. Below is an overview of your rights and how you can exercise them.
1. Right to Access Your Data
You can request a copy of the personal data we hold about you, free of charge, to check that we are processing it lawfully. This is often referred to as a “Subject Access Request” (SAR). You can ask for:
The types of personal data we process.
The purposes of the processing.
Any third parties with whom we share your data.
The source of your data (if not provided directly by you).
To exercise this right, please contact us with proof of your identity.
2. Right to Rectify Your Data
If the personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct or update it. Examples:
Correcting misspellings or typos in your name.
Updating your contact details if they have changed.
We may ask you to provide evidence to support your request for accuracy.
3. Right to Erase Your Data
You can ask us to delete your personal data in certain circumstances, also known as the “Right to be Forgotten”. You can request erasure if:
Your data is no longer necessary for the purposes for which it was collected.
You withdraw consent (if processing is based on your consent).
You object to the processing and there is no overriding legitimate interest.
Your data has been unlawfully processed.
We are required by law to erase your data.
Note: This right is not absolute, and we may retain your data if we are legally required to do so or if it is necessary to defend or exercise legal claims.
4. Right to Restrict Processing
You can ask us to temporarily suspend or limit how we process your personal data in certain circumstances. This applies if:
You contest the accuracy of the data and we are verifying it.
The processing is unlawful, but you do not want the data erased.
We no longer need the data, but you want us to keep it to establish, exercise, or defend legal claims.
You have objected to processing, and we are considering whether our legitimate interests override your rights.
When processing is restricted, we will store your data but will not actively process it without your consent.
5. Right to Object to Processing
You have the right to object to the processing of your data when it is based on:
Legitimate Interests: If you believe the processing impacts your fundamental rights and freedoms.
Direct Marketing: You can object to receiving marketing communications from us at any time.
If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds or a legal obligation to continue.
6. Right to Data Portability
You can request the transfer of your personal data to another provider in a structured, commonly used, machine-readable format. This right applies if:
The processing is based on your consent or a contract.
The processing is carried out by automated means.
We will provide your data in a format that makes it easy to transfer, such as a CSV file.
7. Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw it at any time. For example:
You may withdraw consent to receive marketing emails.
You may withdraw consent to process sensitive data you provided voluntarily.
Withdrawing consent does not affect the lawfulness of any processing carried out before your withdrawal.
You can withdraw your consent for processing at any time by contacting us at team@sarahhall.co.uk. Please note that withdrawing consent may limit our ability to provide certain services or support.
8. Right to Lodge a Complaint
If you believe we have not handled your data in accordance with data protection laws, you have the right to file a complaint with the Information Commissioner’s Office (ICO) in the UK. Contact details for the ICO:
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We encourage you to contact us first to address your concerns.
How to Exercise Your Rights
To exercise any of these rights, you can contact us at:
Email: team@sarahhall.co.uk
Please include:
A clear description of your request.
Proof of identity (e.g., a copy of your ID or other identifying details, we may request additional information for verification)
Any additional details to help us respond to your request.
We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may take longer and will notify you accordingly.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, or reporting requirements
International Transfers
If your data is transferred outside the UK or EEA, we ensure adequate safeguards, such as standard contractual clauses, are in place.
Data Security
We implement robust security measures to protect your personal data from unauthorized access, loss, or misuse. In the event of a data breach, we will notify the Information Commissioner’s Office (ICO) as required by law. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.
Updates to This Privacy Policy
We may update this policy from time to time. Significant changes will be notified via our website.
Contacting the ICO
If you believe we have mishandled your data, you can lodge a complaint with the Information Commissioner’s Office (ICO):