Privacy Policy

North highland privacy policy

North Highland recognizes that your privacy is important, and that you care about the information that is collected about you. We want you to feel secure when using northhighland.com.

This online privacy statement provides an overview of our privacy and data protection practices, so that you can better understand the steps we take to safeguard your information. If you have further questions, please contact us.

This privacy policy sets out how and why North Highland collects and uses your personal data when you visit this website, including any data you may provide through this website. 

The policy also explains how we protect your information and the privacy rights you have by law.  

It is important that you read this privacy policy together with any other privacy notice we may provide you when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

North Highland is made up of different legal entities, details of which can be found here [LINK]. This privacy policy is issued on behalf of the North Highland Group so when we mention “North Highland”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the North Highland Group responsible for processing your data. North Highland UK Limited is the data controller and responsible for this website.

North Highland is a global consulting firm with a twist. We bring big ideas and challenge the norm. We work with our clients, not at them. We deliver value in a way that others cannot, through our seamlessly integrated offerings.

We have appointed a Data Protection Representative for managing our data protection matters and fielding questions about this privacy policy. The contact details of our Data Protection Representative are set out below in the Contact Details



Types of Data.  We collect, use, store and transfer different types of both personal and non-personal information through our website.

Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data from which you cannot identify a person.

We collect the following categories of personal data about you:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes your username and password.
  • Usage Data includes information about how you use our website and services.
  • Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share non-personal information such as statistical data for any purpose. This non-personal information may be derived from your personal data but is not considered personal data by the law as this data does not directly or indirectly reveal your identity.  For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

If we combine any non-personal information with your personal data so that you can be identified from it, we will treat the combined data as personal data which will be used and protected in accordance with this privacy policy.

How we collect data. We collect data in different ways through our website. You may provide us the data directly when you:

  • register an account;
  • request marketing to be sent to you; or
  • contact us.

Additionally, through the use of cookies, [server logs] and similar technologies, we may automatically collect Technical Data about your equipment, browsing activity and patterns. Please see the Cookies Policy

We may also receive personal data about you from certain third parties as follows:

Cookie

Description

Opt-out Link/Further details regarding specific privacy policy

Google Analytics

The single session and global session cookies are provided on our behalf by Google Inc. They assist with reporting of user behaviour, market research and improving Site functionality. This user behaviour is analysed in order to improve our Site.

The information collected is not linked to personal data.  To see how this applies to Google Analytics visit http://www.google.co.uk/intl/en/analytics/privacyoverview.html.

You can stop Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB

LinkedIn

Twitter

Facebook

Audience targeting

Add targeting

The information collected is not linked to personal data.  

Pardot (Salesforce)

Lead Generation

Form completion data

Page view data

The information collected is linked to personal data and utilized for lead generation

JobScience

Staffing software

Corporate Recruiting software



1.   If you fail to provide personal data that we need to perform a contract with you or by law, then we may not be able to provide you with the service the contract relates to. We will notify you when this is the case.


We may use cookies on our website. For more information on how we may use cookies and how you can use the My Cookie Preferences panel to disable or refuse cookies, please see our cookie policy.

Purposes and Lawful Bases.  We will use your personal data only where we have a lawful basis for doing so. We process your personal data for a number of purposes. The lawful basis for processing your personal data will depend on the purpose for which it was obtained.  The table below sets out the purposes for which we may process your personal data and the relevant lawful basis/bases that allow for that processing:


*“Legitimate interests” means our legitimate interests in conducting and managing our business [or the interests of third party] where these interests are not overridden by your fundamental rights, interests and freedoms.

Changes to the Purposes of Processing. We will only process your personal data for the purpose(s) for which we collected it. If we do need to use your personal data for a new purpose, we will notify you of this and explain the lawful basis we will be relying on.

Please be aware that we may process your personal data without your knowledge or consent where this is required or permitted by law.


By using the ‘My Marketing Preferences’ tool you can control how we send you marketing communications. We will send you marketing communications if you have requested information from us or purchased services from us, or if you have provided us with your details when registering for a promotion, and in each case, where you have not opted out of receiving that marketing.  

As well as using the My Marketing Preferences tool, you can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.

1.         We may need to share your information with certain third parties - these third parties are as follows:

  • Other companies in the North Highland Group acting also as controllers or processors and who are based UK and US, provide IT and system administration services and undertake leadership reporting.
  • Our suppliers acting as processors including

Cookie

Description

Opt-out Link/Further details regarding specific privacy policy

Google Analytics

The single session and global session cookies are provided on our behalf by Google Inc. They assist with reporting of user behaviour, market research and improving Site functionality. This user behaviour is analysed in order to improve our Site.

The information collected is not linked to personal data.  To see how this applies to Google Analytics visit http://www.google.co.uk/intl/en/analytics/privacyoverview.html.

You can stop Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB

LinkedIn

Twitter

Facebook

Audience targeting

Add targeting

The information collected is not linked to personal data.  

Pardot (Salesforce)

Lead Generation

Form completion data

Page view data

The information collected is linked to personal data and utilized for lead generation

JobScience

Staffing software

Corporate Recruiting software

 

  • Additional 3rd party suppliers are located here:

GDPR 3rd Party Listing

GDPR 3rd Party_Client Services

GDPR 3rd Party_Human Resources

GDPR 3rd Party_Learning & Development

GDPR 3rd Party_Marketing

GDPR 3rd Party_Payroll

GDPR 3rd Party_Recruitment

  • Our professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, insurers who provide us with professional services based in UK and US

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we strongly recommend you read the privacy policy of every website you visit.

1. Under data protection law, individuals have the right to request access to information about them that we hold. To make a request for your personal data please contact GDPR@northhighland.com


We share your personal data in certain ways that will involve transferring your personal data to countries outside of the European Economic Area whose laws do not afford the same level of protection to personal data as within the EU.  We do this in the following ways:

  • to other entities within the [North Highland] Group in the U.S.
  • to the following third-party suppliers as referenced above
  • Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by putting in place the following safeguards:
  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see the website of the Information Commissioner’s Office (‘ICO’) at https://ico.org.uk/for-organisations/guide-to-data-protection/principle-8-international/
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see the ICO’s website at https://ico.org.uk/media/1571/model_contract_clauses_international_transfers_of_personal_data.pdf

Whilst we store and use your personal data we will ensure the appropriate security of your personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach as is required by the law.

We will not keep your personal data longer than is necessary for the purpose for which we use it. We will retain your personal data for 1 year as is required by the law and will delete or destroy it when it is no longer required.

In some circumstances we may anonymise your personal data (so that it can no longer identify you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

1.   By law you have certain additional privacy rights. These are to:

  • be informed of how we are processing your personal data – this privacy policy serves to explain this you but please do get in touch if you have any questions;
  • have your personal data corrected if it is inaccurate or incomplete;
  • have your data erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent. Please note however, that in certain circumstances, we may not be able to comply with your request of erasure for legal reasons. If this is the case, we will notify you at the time you request erasure.;
  • restrict the use of your data in certain circumstances e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate;
  • object to the processing of your data in certain circumstances - e.g. you may object to processing of your data for direct marketing purposes;
  • object to decisions being taken by automated means;
  • [request the transfer of your personal data to a third party. Please note this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.]; and
  • to withdraw your consent at any time to processing where we are relying on consent as the lawful basis - e.g. to receiving marketing communications. Please note if you withdraw your consent, we may not be able to provide certain services to you -  We will let you know if this is the case at the time you withdraw your consent.

If you have any concerns about the way we are collecting or using your personal data, please contact us in the first instance.   You also have the right to lodge a complaint with the UK’s supervisory authority for data protection matters -  the Information Commissioner’s Office at  https://ico.org.uk/concerns/


It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data changes and we need to update our records.

1.   If you have any questions about this privacy policy or about your legal rights, please contact the Information Security and Compliance Manager using the details set out below.

North Highland (UK) Limited

Israel Cortes

Information Security and Compliance Manager

GDPR@northhighland.com

3333 Piedmont Road | Suite 1000 | Atlanta, GA 30305

404.975.6380


2018 v1.1

Need an Expert to speak at your next event?