Parliament Hill Limited act as data controller and our contact details are Parliament Hill Ltd, 40 Gracechurch Street, London, EC3V 0BT. Contact e-mail address for Data Protection requests is andrew@parliament-hill.co.uk.
The information we will hold about you will be the information you have given us in a request for a product or service.
Our main business is the provision, management, and running of benefit schemes and we do so to our Clients. Within the Benefit Scheme there is a definition of ‘members’ who have access to the scheme. We provide services to those members under the scheme. Where we provide you with a service under or in connection with the Benefit Scheme, then that service request creates a contract between you and us in respect of that service for which we receive consideration under the main Benefit Scheme arrangement.
Where your request does not relate to the Benefit Scheme we will be processing your data and request based on what you have provided to us in the request form and this Privacy statement. We will treat your request as you giving us your consent in respect of all matters raised in that request form, plus other items covered in this privacy statement.
We will we processing your personal data to facilitate your request. We will be processing this data at your request and will treat that request as you giving us any and all consent required in this privacy statement.
Requests for a product or service will be passed straight through to the Benefit Provider.
We provide benefit schemes on behalf of clients and if you have access to one of our benefit schemes, then you do so at the Clients request. We have a contractual duty to update and keep our Client advised of requests that may reflect on the performance of the benefit scheme.
Below is an example of our and others legitimate business interests and should not be considered an exclusive list.
Where we are regulated or the benefit is regulated we may need to comply with regulatory requirements then we might need to provide data to the Financial Ombudsman Service, the Financial Conduct Authority, Financial Services Compensation Scheme of the Information Commissioners office.
In administering your request, we would also be handling some of that data for our legitimate business interests. That could include, but is not limited to, the maintenance of legal records, task management, staff training and monitoring, record keeping and reporting back to our client under the benefit scheme or seeking advice from others. We may use suppliers who provide basic services to us as a commercial business and in providing their services they may have access to certain data either held by us, which they require in providing their service to us or that might pass through them.
We run the Benefit Scheme for our Client and receive a consideration for doing so. That Benefit Scheme is open to those who are defined as ‘members’ under the Benefit Scheme. Our Client has a legitimate business interest in checking, auditing or receiving reports from us on the performance of the Benefit Scheme.
We and the benefit provider would have a legitimate business interest in exchanging comments that may reflect on the performance of the benefit. This is for the purpose of continually improving the service.
We do not place a restriction on the category of personal data you wish to provide us with, but we would generally not expect you to provide us with ‘special category or sensitive’ data. If you do, then by providing us that data, we would treat that as you having given us consent to hold and process such data about you in respect of your request or provided in any other communications.
We do not pass your data outside of the European Economic Area unless we feel there is a need to do so and that would have been reasonably foreseeable based on the content of your request. We will take your request to have given consent to such action. We will treat something as being foreseeable if it related to a Benefit provided in part or in whole outside the EEA or if you are contacting us from outside the EEA or ask us to use an outside the EEA contact point or if a matter external to the EEA was raised in the request. Otherwise, if we need to send data outside the European Economic Area we will contact you again for your specific consent for us to do so.
We do not use any automated decision-making systems. Log in systems, if managed by us, may include an automated check of log in details.
Storage period will depend on the nature of the request. For some requests that are connected to a regulatory activity, benefit or product or service your data could be stored by us for up to a period of six and a half years or such other times as may be required by law, of regulatory rules. If the service is connected to the Benefit Scheme then we may need to store the data for the period the scheme is running plus a further six years. Requests that have no regulatory connection will be stored for the time we need to take to transmit or respond to that request plus a further twelve months period or such other times as may be required by law or by our own business interests. Data stored and processed by other data controllers will be stored and processed at their discretion.
General rights. Where the law does allow us to charge a fee then we reserve the right to do so.