Data Privacy Statement for visitors of the website, business partners and applicants
In this Data Privacy Statement, “HWF”, “we”, “us” and “our” refer to Hemsley Wynne GmbH, c/o WeWork, Taunusanlage 8, 60329 Frankfurt.
HWF is committed to safeguarding information from which any individual can be identified, such as names, contact details and ID data (“Personal Information”) provided to us by any third parties (“you”) including its clients, the insurers it engages, counterparties to the transactions it advises on and all visitors to www.hwfpartners.com (the “Website“). To the extent that any Personal Information is collected, it will be held in confidence in accordance with the Data Protection Legislation (as defined below). Please read the following Privacy Statement which explains how we use and protect your Personal Information.
We will only use Personal Information which is provided to us, or otherwise obtained by us, as set out in this Data Privacy Statement. We will ensure that your Personal Information is handled in accordance with the “Data Protection Legislation” (meaning any law applicable to us from time to time relating to the processing of Personal Information and/or privacy as the same may be re-enacted, applied, amended, superseded, repealed or consolidated, including without limitation, the General Data Protection Regulation (EU) 2016/679, and the German Data Protection Act (Bundesdatenschutzgesetz)).
HWF is responsible in respect of any Personal Information that you provide to us or we otherwise obtain about you.
This Data Privacy Statement covers:
- Personal Information we collect from you (e.g. when you give us a business card or leave your contact details on the Website; see below for further details)
- Personal Information we receive from other sources (e.g. from business communication or transaction documents)
- Sensitive Personal Information (only from applicants and our employees)
This Data Privacy Statement explains:
- What we do with your Personal Information
- Legal basis for data processing
- How we share your Personal Information
- International transfers
- Our security measures and information about when we delete data
- Your rights to access and update your Personal Information
- Third-party sites
- Your right to complain
Personal Information we collect from you
When you engage with us (e.g. sending us emails, contacting us via telephone or visiting or making an enquiry through the Website), you may provide Personal Information about yourself, e.g. your name, contact details (address, email address, telephone number, etc.). Where you make use of our Website we may also collect anonymised details about your use of the Website for the purposes of aggregate statistics or reporting purposes, e.g. your IP address and choice of web browser. Some of this Personal Information is collected and processed (i) so we can perform a contract with you, (ii) some for the purpose of legal or regulatory compliance and (iii) some for the purposes of our legitimate business interests (namely to carry out and improve our business, analyse the use of our Website and services and support our staff, insurers and clients).
Where you apply for a job with us, we may collect from you and third parties (where relevant) additional Personal Information such as your CV and any references. Unless you agree that we can keep such information on file for future opportunities or we need to retain such information for compliance with our legal obligations we will typically only retain this Personal Information for no longer than 6 months.
Where you provide Personal Information on behalf of another individual, you are responsible (i) for notifying that individual that you have provided their Personal Information to us and (ii) directing them to this Privacy Statement so they can see how we will process their Personal Information.
Personal Information we receive from other sources
We may receive information from third parties who collect Personal Information from you and pass it on to us. For example:
- your employer may provide your Personal Information to us in connection with a service they provide to us or in connection with services that we provide to our clients; or
- where you apply for a job with us, we may receive Personal Information relating to you from past employers and others concerning your employment history.
Where this is the case the third party is responsible for informing you that they have shared your Personal Information with us, directing you to this Privacy Statement and obtaining any relevant consents from you to ensure you are happy with the ways in which your Personal Information will be used.
What we do with your Personal Information
We will only use your Personal Information in order to (a) carry out our obligations arising from any contracts; (b) maintain the quality of the Website and analyse the use of the Website in order to guide improvements (we use Google Analytics for these purposes – see further below); (c) provide you with information, products or services that you request from us (including our insurance solutions) and correspond with you; (d) provide support to you in respect of our services and insurance solutions; (e) process your application for employment; (f) comply with our own legal and regulatory obligations; and (g) for our internal business processes.
We may also use your Personal Information to contact you in a business-to-business capacity in order to give you updates and information about our services and insurance solutions.
If you do not want us to use your Personal Information in this way, please let us know by contacting us at firstname.lastname@example.org. You may also opt out of marketing emails by following the instructions outlined in the email.
How we share your Personal Information
We base the processing of Personal Information as outlined above on the following legal bases:
- Processing of Personal Information in order to comply with contractual obligations is based on Art. 6 para 1 lit. b DSGVO. This permits the processing of Personal Information to the extent required to fulfil contractual obligations.
- Processing of Personal Information for purposes of analysing the Website with Google Analytics (please see below).
- Processing of Personal Information for marketing and information relating to new products is based on (i) Art. 6 para 1 lit. a DSGVO – if you have given such consent – or (ii) Art. 6 para 1 lit. f DSGVO, whereby our legitimate interest is the provision to you of marketing information (in moderate ways) in which you are potentially interested.
- Processing of Personal Information in order to support services or insurance solutions are based on Art. 6 para 1 lit. b DSGVO. This permits the processing of Personal Information to the extent required in order to fulfil contractual obligations.
- Processing in connection with an application is based on Art. 6 para 1 lit. b DSGVO and Sec. 26 BDSG. This permits the processing of Personal Information to the extent necessary for the commencement or implementation of an employment relationship.
- Processing of Personal Information in order to comply with our statutory and regulatory obligations is based on Art. 1 para 1 lit. c DSGVO (“data processing for compliance with statutory obligations”).
- Processing of Personal Information for our internal processes is based on Art. 6 para 1 lit. f DSGVO (“legitimate interest”), whereby our legitimate interest is the performance of required internal processes.
How we transfer your Personal Information
All business-related Personal Information is provided to Hemsley Wynne Furlonge LLP, a limited liability partnership registered in England & Wales under registration number OC393222 („HWF LLP“) to the extent required in order to process customer requests mutually.
If it is necessary for the performance of our contractual obligations towards you of for our internal business processes, we may share your Personal Information with insurers, suppliers, contractors, affiliated companies, advisors, regulators, accountants, technology providers and/or third parties and all legitimately authorized representatives of or affiliated companies of such third parties.
If a third party acquires all (or substantially all) of the business or assets of HWF, we may provide your Personal Information in connection with the acquisition by such third party. Your Personal Information is not sold.
HWF is authorized to disclose your Personal Information if it complies with applicable law or is required to do so by any authority (including tax authority) or prosecution authority. We are further authorized to disclose your Personal Information if this is necessary to protect or enforce a contractual agreement or other rights of HWF or affiliated companies or our clients, managing directors or employees. This includes the sharing of information with other companies and organisations for the purposes of fraud prevention.
Any Personal Information provided to HWF will be transferred to and stored on HWF LLP’s servers in the United Kingdom. We take steps to protect your Personal Information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
In processing your Personal Information, it will sometimes be necessary for us to transfer your Personal Information to a destination outside of the European Economic Area (“EEA“) in connection with the above purposes. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or group companies. Such staff may be engaged in, among other things, the fulfilment of contracts, the processing of details or the provision of support services.
We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Statement and the Data Protection Legislation when it is processed in, or otherwise accessed from, a location outside the EEA. This means that we will only transfer your Personal Information to third parties outside the EEA if that third party (a) is situated in a country that has been confirmed by the European Commission to provide adequate protection to Personal Information, (b) has agreed (by way of written contract incorporating the “model clauses” as approved by the European Commission or by some other form of data transfer mechanism approved by the European Commission) to provide all protections to your Personal Information as required by the Data Protection Legislation, (c) we have your explicit consent to do so or (d) we otherwise have a legal basis for such transfer. Where any transfer takes place under a written contract, you have the right to request a copy of the safeguards included in that contract and may do so by contacting us at email@example.com. When the UK is no longer a part of the EU, we will ensure through the contractual means described in this paragraph, in particular the model clauses, that your Personal Information on our servers located within the UK will be processed in accordance with the standards of the EU.
Your Personal Information is transferred to HWF LLP. Model clauses were agreed with HWF LLP which ensure for all affected parties an adequate level of protection. This also applies to the following IT suppliers and software providers to whom your Personal Information may be transferred by HWF LLP and with whom HWF LLP has agreed data protection rules to ensure an adequate protection of your Personal Information in accordance with the model clauses.
- NUMATA BUSINESS IT (PTY) LTD („NUMATA“), 86-90 Paul Street London, EC2A 4NE United Kingdom („NUMATA“), for the purpose of offering hosting services for the Website.
- Xero Limited, WELLINGTON (HQ) XERO ONE, 19-23 Taranaki Street, Te Aro, Wellington 6011 („Xero“), for accounting software. The processing agreement with Xero can be accessed under https://www.xero.com/about/legal/terms/data-processing-terms/.
- com Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105 („Salesforce“) ad provider of cloud computing solutions for our customer relationship management. The processing agreement with Salesforce can be accessed under https://c1.sfdcstatic.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.
Our security measures and information about when we delete data
We will only keep your Personal Information for as long as we reasonably require and, in any event, only for as long as the Data Protection Legislation, in particular DSGVO and BDSG, allows.
Whilst HWF takes appropriate technical and organisational measures to safeguard the Personal Information that you provide, no transmission over the internet can ever be guaranteed secure. Consequently, please note that the security of any Personal Information that you transfer over the internet to HWF cannot be guaranteed and any transmission is therefore at your own risk. However, once we have received your information, we will use security measures to keep it safe.
Your rights to access and update your Personal Information
You have the following rights:
- the right to be provided with copies of Personal Information that HWF holds about you, together with information about how it is processed, free of charge;
- the right to ask HWF to have inaccurate Personal Information rectified or completed if it is incomplete;
- the right to ask HWF to erase or stop processing your Personal Information where there is no longer a legal ground for us to do so;
- the right to restrict the processing of your Personal Information in certain circumstances;
- the right to move, copy or transfer your Personal Information in certain circumstances;
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you; and
- the right to complain (see below).
If you wish to exercise any of the above rights, please send an email to firstname.lastname@example.org.
Should you have any queries or complaints in relation to how we use your Personal Information, please contact us at email@example.com. At any time you have the right to complain to the European Data Protection Agency.
Cookies and Google Analytics
You may see a message on our Website before we store a cookie on your computer which describes the types of cookies we use and what information they might collect. We may also use banners and pop-ups from time to time to give you options around cookies use.
You can also manage cookie use via your browser settings (this will allow you to refuse the setting of all or some cookies) and your browser provider may ask you to confirm your settings. Note, however, that if you block all cookies (including essential cookies) via your browser settings you may not be able to access all or parts of our Website.
You can find more information about cookies generally here: www.allaboutcookies.org.
The Website uses Google Analytics, we web analytics service by der Google LLC („Google“), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses several cookies (see above) to identify your browser. The information generated by the cookie relating to your use of the Website are generally transferred and stored on a Google server located in the USA. We have elected the IP anonymization function on the Website and your IP address will by shortened by Google with in the member states of the EU or the EEA. Only in exceptional circumstances will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of HWF, Google will use this information to analyse your usage of the Website, to compile reports relating to the activities of the Website and to provide other services related to the usage of the Website and the internet vis-á-vis the Website provider. Your IP address that is transferred by your browser in connection with Google Analytics will not be merged with data from Google. For exceptional circumstances in which Personal Information is transferred to the USA, Google has agreed to be subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
Legal basis and opt-out for Google Analytics
The processing of Personal Information through Google Analytics is based on Art. 6 para 1 lit. f DSGVO. This permits the processing of Personal Information within the scope of “legitimate interests” of the responsible person, provided your fundamental right, fundamental freedoms or interests do not prevail. Our legitimate interest is the analysis of the usage of the Website. You can prevent the transfer of data generated by the cookie and relating to your usage of our website (incl. your IP address) to Google as well as the processing of such data by Google by downloading and installing the following browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de.
Duration of storage of Personal Information through Google Analytics
The person-related portion is immediately deleted through partial deletion of the IP address. Accordingly, only statistical data is stored.