Data Protection & Privacy Policy

Data Protection Policy

From 25th May 2018, any business, organisation or group holding personal information about living people in the UK or European Union, must conform to the General Data Protection Regulation.

You can read the GDPR Guidance here: https://ico.org.uk/media/for-organisations/data-protection-reform/overview-of-the-gdpr-1-13.pdf

Under the General Data Protections Regulations (GDPR) – (EU) 2016/679) Hutchison Heritage is not required to gain the consent of every living person (other than the client) found within the conducted research if it “proves impossible or would involve a disproportionate effort” for historical research purposes.

What Personal Information is kept and how is it used?

    • The name and personal contact details (typically email, but occasionally postal address and telephone number as required) of the Client for billing purposes and specific contact related to the research requested.

    • Only if required as part of the research undertaken, Hutchison Heritage will obtain from the client, or via genealogical research procedures, the full names (including previous names), birth and marriage details (dates and places), general localities and occupations of living relatives.

    • No personal information will be given to any third party, unless required by law enforcement agencies or requested by the Client.

    • No personal information belonging to potential clients, the Client or any living person being researched will be used for marketing purposes.

    • Only anonymous information (initials and town/county) will be used on the ‘Testimonials’ page of this site.

    • This site does not collect any Credit/Debit card or Bank Account information as this is processed by PayPal, a third-party payment gateway.

How long is it kept for?

    • Information relating to living people within the research will be archived and not processed after the research project has been paid for, completed, and delivered in full to the Client (1). This will be stored on an encrypted hard drive/and or password protected computer not connected to any internal or external networks, within the business premises.

    • Email communications with the Client, and potential clients, will be held in a password protected email account hosted by an email service provider after the completion of the work, in case further work is required.

    • Invoices, receipts, contracts and financial spreadsheets containing the name and contact details of the Client will be kept for tax purposes relating to the business of Hutchison Heritage for 5 to 6 years (2).

Requesting, Changing or Removing Information.

    • You have the right to request the details of your personal information held by Hutchison Heritage.

    • You have the right to correct information if it is proven to be incorrect.

    • You have the right to have personal information removed from the systems of Hutchison Heritage (except those held for tax purposes as detailed above).

    • To make any of the above changes, or if you have any questions about personal information which I hold, contact Hutchison Heritage via email or the contact page on this website.

(1) Personal data shall be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes..."

(GDPR Article 5.e.)

(2) Self employed businesses must keep their records for at least 5 years after the 31 January submission deadline of the relevant tax year. https://www.gov.uk/self-employed-records/how-long-to-keep-your-records

Further Information:

Hutchison Heritage reserves the right to change this Privacy Policy at any time. All changes will be updated on this page.

The owner of this site is registered with the ICO (Information Commissioner's Office) under the Data Protection Act (1998) as a Data Controller (Registration Reference: ZA209407) and is under obligation to comply with the act and maintain the safety of your information. https://ico.org.uk/for-the-public/

As of 05/08/2020, this site no longer collects website usage information via Google Analytics,