This can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This statement describes how the data is collected, stored and handled to meet legal requirements, follows best practice and helps protects the right of suppliers, customers and employees. 

To comply with UK law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. 

Policy scope 

• This policy applies to all Heptagon Group Limited offices and staff (including contractors). 
• The personal information which is supplied to us may be used in the following ways: 
• For use in marketing about Heptagon Group Limited products and services, where we think they may be of interest to you 
• To update you on the progress of quotes, orders or technical support requests you have contacted us about 
• For updates on the status of your account with us 
• To help provide a service, or engage with you on a service you are providing to us 
• By signing up with Heptagon Group Limited, you are agreeing to opt-in to the above communications. At any time you are able to unsubscribe from marketing communications and/or personal emails or calls (see the Data Removal section below). 

Responsibilities 

• All employees and contractors for Heptagon Group Limited have responsibility to ensure they comply with this policy and UK law. Training is provided, and responsibilities are proscribed in our Staff Contract. 
• We have implemented the following guidelines: 
• The only people able to access data covered by this policy should be those who need it for their work. 
• Data should not be shared informally, and access should be requested from a Director where it is required 
• It is the responsibility of employees to keep data secure and follow our internal guidelines 
• That includes adhering to cybersecurity principles (which is supported by the implementation of technologies to help secure access to, and the storage and transfer of, confidential data) 
• Data should be regularly reviewed and updated to ensure it is correct and relevant. If it is not, it is removed for our systems 

Data storage 

• Where possible, all data is secured digitally. 
• Whether data is stored digitally or printed out, our guidelines are: 
• When not required, the paper or files should be kept in a locked drawer or filing cabinet. 
• Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer. 
• Data printouts should be shredded and disposed of securely when no longer required. 
• When data is stored electronically, it is protected against unauthorised access, deletion or hacking. 
• Data is only stored on designed local or cloud storage locations/services. 
• Data is backed up, and replicated off-site. 
• All data on personal or mobile devices is protected, and can be removed in the event of potential loss. 

Data Sharing 

• We will not share information with any third party, with the exception of: 
• Heptagon Group Limited Vendor partners, where that relates to a quote, order or technical support request you have contacted us about, or a marketing campaign we have run 
• Heptagon Group Limited Capital partners, where that relates to an opportunity you have brought to us 
• In the event we share data with third parties, we will notify you (with the exception of quotes/orders/deal registrations, where we are required by our contract obligations to do so and such sharing is part of the standard commercial process and permission is granted by the process of requesting a formal quote). 

Data Removal / Subject Access Requests /Data Disclosure 

• All individuals who have data held by Heptagon Group Limited are entitled to: 
• Ask what information Heptagon Group Limited has. 
• Be provided with a copy of that information 
• Request an explanation on how to ensure it is up to date. 
• Where data is found to be incorrect, Heptagon Group Limited shall endeavour to show it is updated with the correct information, or removed where that is not possible. 
• Data Removal or Subject Access Requests should be made in writing by post (to the Head Office) or email (to contact@heptagongroup.io). Individuals will be charged £10 per Subject Access Request, while Data Removal is free of charge. Heptagon Group Limited aim to provide the relevant data/update within 14 days. Data Disclosure to appropriate government/law enforcement agencies will be provided, although legal advice will be taken where required.