StackHPC Ltd ("StackHPC") values your privacy. StackHPC complies with EU General Data Protection Regulations (GDPR), which provides protection for personal data and privacy.
On our website (the "Site"), we offer information about our software engineering and consultancy services. In this Privacy Notice ("Notice"), we describe how we collect, store, use, and disclose information that we obtain about you. Your communications with us, and any dispute over privacy, are subject to this Notice.
The Information We Collect About Companies and Clients
We may collect information about you when you contact us, for example to explore your potential use of StackHPC's services. We may collect information about you from public sources, or we may collect information directly from you when you contact us, or when we contact you, to discuss our services.
Information We Collect from Public Sources. We may obtain information about you from public sources such as your company’s information published on its website, or from openly-published information such as press releases, media articles, etc.
Information We Collect Directly from You. When you communicate with us to consider a possible business relationship with StackHPC, we may record the following information about you: your name, job title, company/organisation name, company/organisation address(es), email address, mobile phone, business phone, and other relevant data of a similar nature. We may record details of the communications that we have with you. This might include emails, phone conversations, meetings held, potential or actual StackHPC activities for you and proposals for them (if we’ve been discussing any), how we came to know you, etc.
The Information We Collect About Individuals and Applicants
StackHPC uses recruitment agencies and direct recruitment. When applicants are submitted via recruitment agencies, we assume this is done with the applicants prior permission.
Information We Collect Directly from You. When you communicate with us to consider possible employment with StackHPC, we may record the following information about you: your name, email address, mobile phone, CV, and other relevant data of a similar nature. We may record details of the communications that we have with you. This might include emails, phone conversations, interview records, potential or actual StackHPC activities for you and proposals for them (if we’ve been discussing any), how we came to know you, etc.
Information We Collect from Public Sources. We may obtain information about you from public sources such as your public profile on LinkedIn, or your open source activity on Github or through other public forums for open source development.
We Do Not Use Web Technologies to Track You. We will not automatically collect any information about you through tracking cookies/mechanisms, web beacons, or any similar technologies. We do not use tracking cookies on our web site, and we do not use any mechanisms on our web site to personally identify any individuals who choose to use our site. We may hold logs storing IP addresses for up to 30 days.
Through our contact form on the Site we record only the information that you supply to us in that form.
How We Use Your Information
The information we store about you is used for the following purposes:
- To contact you to discuss your possible interest in StackHPC's services.
- To respond to your enquiries
- Other business purposes in the event that you become a StackHPC customer, partner, supplier or employee.
We might do this by various means such as sending you personal email messages, through LinkedIn messaging (or similar), contacting you by phone or, perhaps, by text. We might also contact you periodically to remind you of your rights under the UK’s General Data Protection Regulations (GDPR). Access to your personal data will be restricted as much as is feasibly possible to those who need access.
Your data will be processed primarily on systems inside the European Union, which may be hosted by third-parties. StackHPC is legally required to make sure that any third-party data processing or storage company we employ respects your rights and assists us as needed to comply with our legal obligations. We will store your data for up to three years since our last contact with you, depending upon the nature of your interactions with StackHPC, at which point it will be deleted. We may need to retain some personal data for longer for legal or regulatory purposes.
We will not use the information that we gather about you to send spam email messages, mail-shots, or similar blanket marketing campaigns. We will not send you newsletters, special offers or promotions. We will not use any information that we learn about you for advertising, market research or profiling purposes.
Security of Your Personal Information
We have implemented reasonable precautions, including, where appropriate, password protection, two-factor authentication, SSL and other encryption, firewalls, and internal restrictions on who may access data. This is to protect the information that we hold about you from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. Please be aware that, despite our best efforts, no data security measures can guarantee complete security.
Our Lawful Basis for Collecting and Storing Your Information
We will only use personal data for specific purposes and under an appropriate lawful basis. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where relevant.
|Purpose/ Processing Activity||Lawful Basis for processing under Article 6 of the GDPR|
|Processing job applications.||Performance of a contract.|
|Preparing contracts / draft contracts / bids for StackHPC services and new suppliers.||Performance of a contract.|
|Delivery of the contracted project services and communication with customer contacts by the assigned team.||StackHPC has a legitimate interest as a business to process personal data to contact individuals who work for companies for whom StackHPC have a business contract, without which StackHPC would be unable to carry out the contracts and survive as a business.|
|Store and refer to rejected job applications.||StackHPC has a legitimate interest to process personal data to review recruitment history, compare candidates and feedback given and reduce duplication where multiple sources are used.|
|To form business relationships and facilitate new commercial contracts for StackHPC services, to the mutual benefit of StackHPC and our customers.||StackHPC has a legitimate interest as a business to process personal data and has assessed that there will be minimal impacts to your rights, as set out under GDPR.|
|Cloning or forking to StackHPC infrastructure of repositories of source code from public services (e.g. GitHub, GitLab) and/or made available to us by customers, partners and/or suppliers in the course of our normal business.||StackHPC has a legitimate interest as a business to process the personal data contained within source repositories. Such personal data was added by the contributor and is kept with the source code itself; the contributors have no expectation to be informed and doing so would cause unnecessary disturbance for the individual.|
Where we have identified Legitimate Interests as the lawful basis for processing, we believe we are using your data only in ways that you would reasonably expect, and that this processing is necessary for StackHPC’s business, and we don’t believe we are using your data in ways you might find intrusive or could cause you any harm.
What Rights Do You Have Regarding StackHPC’s Use of Your Personal Information?
As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data; to the portability of your personal data, and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office, about the processing of your personal data.
Note to Non-E.U. Persons
If you are located outside the European Union, please note that information about you that we collect and use will be processed within the European Union subject to the General Data Protection Regulations (GDPR) for the United Kingdom, effective in UK and EU law from 25 May 2018. We will protect your personal information through the implementation of this Notice, and we will respect any requests you make to us as described under the heading What Rights Do you Have…, above - even if you are not an EU resident or citizen.
If you have questions about the privacy aspects of your dealings with StackHPC or would like to make a complaint or request, please contact us using our contact page. We are required to reply as quickly as practical, and within one month, using reasonable means.
Changes to this Notice
This Notice is effective as of the 3 January, 2019. We may change this Notice from time to time. We will post any changes to this Notice on our Site. If we make any changes to this Notice that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavour to provide you with notice in advance of such change by highlighting the change on our Site, and by contacting you via email.