Privacy

‘Personal Data’ means any information relating to or which identifies you.  This can include items such as your name, address, phone number, identification numbers (such as an account number or your national insurance number), location data or online identifiers.  Personal data can be held electronically or in certain paper records. 

The UK General Data Protection Regulation (UK GDPR) regulates the processing of personal data.  The UK GDPR seeks to protect your rights to your personal data by setting out, amongst other things, the conditions under which the processing of personal data is lawful, the rights of data subjects and the standards that organisations that handle personal data must adopt.  This Privacy Notice is issued in compliance with UK GDPR and seeks to explain:

1. Who we are;
2. All websites and portals covered by this Privacy Notice;
3. How we collect your personal data;
4. Why we collect your personal data;
5. How long we hold your personal data for;
6. The conditions under which we may share your personal data with others
7. Overseas processing;
8. How we keep your personal data secure;
9. Your personal data rights and how to exercise them;
10. Children (16 years and under) and Vulnerable Adults;
11. Any further questions about this Privacy Notice;

1. Who we are

HazellCarr.com is operated by Equiniti Limited trading as Hazell Carr which is one company within the Equiniti Group. Our registered address is Highdown House, Yeoman Way, Worthing, West Sussex, BN99 3HH. and our ICO registration number is Z1028602.

Equiniti Limited is a ‘Data Controller’.  This means that we are responsible for deciding how and why we hold and use personal data about you.

2. All websites and portals covered by this Privacy Notice  

• HazellCarr.com

Access Screening provided by Access UK Limited (unique link generated for each candidate)

3. How we collect your personal data

The personal data we hold may include your name, postal address, email address and phone number, date of birth, financial information and employment details to enable us to contact you and respond to your enquiries as well as provide you with our products and services.

Information you provide to us

• Using our websites and the Access Screening Portal
• Contacting us by phone, email, live chat, social media, or other communication channels
• Providing application or registration forms, or identification documents
• Taking part in competitions, promotions, or surveys
• Reporting problems or submitting complaints about our websites, products, or services

Information we collect about you

• Information about how you access and use our online services, including your IP address, browsing activity, visit details, and location data (see our Cookie Policy for more information)
• Information about what you view, click on, or access in our marketing emails, which may also include the location of your device (see our Cookie Policy for more information)
• Information from your social media account if you contact us through social media

Information we receive from third parties

• Identity and fraud prevention information from credit reference and fraud detection agencies.
• Information shared with us by third parties where you have agreed to it.
• Insights from advertising networks (e.g., Google) to help us understand browsing behaviour and improve our marketing.
• Information from social networks (e.g., LinkedIn) where your privacy settings allow us to update or verify our records.

Keeping your personal data up to date

• Please help us by reviewing the information we hold about you regularly and notifying us as soon as any details need to be updated or corrected.

Other people’s personal data

• If you provide us with personal information about another person, you confirm that they are authorised to act on your behalf, that they consent to you providing their personal data to us and to our processing of it, and that you have informed them of our identity and the purposes for which their personal data will be processed, as set out in our privacy notice.

4. Why we collect your personal data

Why we use your personal data	How we use your personal data	Lawful basis
Provision of services, including the administration and management of service user records	To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us. To respond to any complaints and / or personal data rights that you invoke. To complete any transaction that you instruct us to undertake, and any legal obligations we have in relation to the transactions. To keep our websites and portals secure and permit you safe access to our services.	Consent Contract Legal Obligation Legitimate Interests
Marketing our products and services	To allow you to participate in interactive features of our website, when you choose to do so. Identifying if any of our other products or services may be of interest to you and making suggestions and recommendations to you about them. To provide you with the information, products and services that you request from us. To administer any prize draws that you are offered and elect to enter as an incentive. To ask you if you wish to hear from other entities within the Equiniti Group of Companies that offer complementary services. We can ask you from time to time to confirm or update your choices, such as when there is a change in the law or the structure of our business. IMPORTANT You can withdraw from marketing at any time, please use the unsubscribe button in our emails or contact us.	Consent Legitimate Interests Legal Obligation
Assessment and collection of taxes	To deduct the relevant tax and duties (such as stamp duty, and dividend tax) and submit returns to the relevant regulatory authorities.	Legal Obligation
Financial crime and money laundering	We analyse your personal data for financial crime, money laundering and fraud risk purposes in accordance with UK regulations which are placed upon us. This can include automated decision making as part of the following activities: Confirming your identity (through the use of Credit Reference agencies – see above). Using fraud prevention agencies. We study and learn about how you use our products and services and use this information to better detect fraud or unusual activities. Analysing our databases, investigating, detecting and report financial crimes as well as taking measures to prevent financial crime. Developing and improving our financial crime controls. Managing financial risks both to us and to you.	Legal Obligation Legitimate Interests
Improving our products and services	To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which may be based on your activity on our website(s) or the website of another Equiniti Company or third parties’ websites. We may do this ourselves or appoint an agency to do this on our behalf. To identify service improvements such as when troubleshooting, undertaking data analysis, testing new products, using your personal data for research, statistical and survey purposes. To ensure that content from our websites are presented in the most effective manner for you and for your device. How we manage and work with other companies in the delivery of our products and services. To study how you and our other customers use our products and services. To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which can be based on your activity on our website(s) or the website of another Equiniti Company or third parties’ websites. We can do this ourselves or appoint an agency to do this on our behalf.	Consent Legal Obligation Legitimate Interests

5. How long we hold your personal data for

• Personal data will not be retained for longer than necessary to fulfil the purpose we collected it for. We will then either securely delete it or anonymise it so that it cannot be linked back to you. We review our retention periods for personal data on a regular basis.
• We will retain personal data for the reasons noted below:
• To respond to enquiries and complaints;
• To demonstrate that your instructions were carried out properly; and
• To maintain records to meet rules and regulatory requirements that are applicable to the request you made or the service you were using.
• Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by Contacting us.

6. The conditions under which we may share your personal data with others

We only share personal data when it is necessary to provide our products and services. This may include sharing information in the following situations:

• With your permission – where you ask us to share your information, or where you or an authorised third party has provided consent.
• To deliver our services – with other Equiniti companies and trusted partners who help us operate your account or provide our services (such as IT providers, advisers, agents, banks, printers, and insurers).
• For operational needs – including identity checks, fraud prevention, credit checks, technology support, and obtaining professional advice.
• To meet legal or regulatory obligations – with regulators, courts, law enforcement, fraud prevention agencies, and other bodies where required by law, including for debt recovery or to trace lost customers.
• For financial, reporting, and compliance purposes – such as tax reporting, audit requirements, or completing transactions.
• During business changes – if our business is sold, restructured, or becomes insolvent. Appropriate safeguards will always be in place to protect your information.
• Secure data storage – your information may be stored on secure, encrypted cloud based systems located within the region where we provide services to you.

7. Overseas Processing

Some of our data processing occurs outside the country where the data originates. As a global organisation, Equiniti operates offices and processes data in multiple countries. We also work with third-party suppliers who may process data internationally.

When personal data is transferred across international borders, we implement robust safeguards to ensure compliance with applicable data protection laws. This includes using data transfer agreements, standard contractual clauses (SCCs), and conducting Transfer Risk Assessments (TRAs).

Examples of international data transfers include:

Sharing personal data with members of the Equiniti Group outside the UK, such as Equiniti India Private Limited, for purposes described in this Privacy Notice.
When you contact us by email or use our microsites, some of the service providers who support these services may be based outside the country where your data was originally collected.

Data Privacy Framework

For transfers to the US Equiniti complies with the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF, as set forth by the US Department of Commerce. Equiniti has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) and the UK Extension to the EU-US DPF, with regard to the processing of Personal Information received from the European Union and the United Kingdom in reliance on the EU-US DPF and the UK Extension to the EU-US DPF. If there is any conflict between the terms in this Privacy Statement and the EU-US DPF Principles and the UK Extension to the EU-US DPF, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The legal entities of Equiniti that are adhering to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and are covered by the Equiniti Trust Company, LLC DPF submission include: Amor Holdco, Inc., Armor Intermediate Company LLC, Armor Holding II LLC, Canadian Stock Transfer Holdings LLC, Equiniti (US) Holdings, LLC, Equiniti (US) LLC, DF King & Co, Inc, DF King Acquisition LLC, DF King Holding LLC, EQ Fund Solutions, LLC, LINK Shareholder Services, LLC and EQ Private Company Solutions, Inc.

In compliance with the EU-US DPF and the UK Extension to the EU-US DPF, Equiniti commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of Personal Information received in reliance on the EU-US DPF and the UK Extension to the EU-US DPF.

Equiniti will arbitrate claims and follow the terms as set forth in the EU-U.S. DPF Principles and the UK Extension to the EU-US DPF, provided that an individual has invoked binding arbitration by delivering notice to Equiniti and following the procedures and subject to conditions set forth in Annex I of the EU-US DPF Principles and the UK Extension to the EU-US DPF. Under the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF Equiniti remains a liable party in cases of onward transfers to third parties if its supplier processes information in a manner that is inconsistent with the DPF principles, unless Equiniti proves that it is not responsible for the event giving rise to the damage. Equiniti is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC) regarding personal data received or transferred pursuant to DPF.

If you would like any further details about transfers of your personal data, then please contact our Data Protection Office at DPO@equiniti.com.

8. How we keep your personal data secure

We take the security of your personal data seriously. We use a range of strong technical and organisational measures to protect your information, including encryption, anonymisation, secure communications, and controlled data retention. Our information security practices align with ISO 27001 standards.

9. Your personal data rights and how to exercise them

Under data protection law, you have several important rights designed to give you control over your personal information:

• Right to be Informed - You have the right to clear and transparent information about how we collect, use, share and protect your data.
• Right of Access - You can request a copy of the personal data we hold about you, along with details of how we use it. These are referred to as a Data Subject Access Request, to make a DSAR (LogicGate | Submit DSAR Request (External).
• Right to Rectification - If any personal data we hold is inaccurate or incomplete, you can ask us to correct or update it.
• Right to Erasure - In certain circumstances, you can ask us to delete your personal data (also known as the “right to be forgotten”). We may not be always be able to delete your data due requiring it for certain time periods to meet legal requirements.
• Right to Restrict Processing You can ask us to limit how we use your data, for example if there is a disagreement with how we are using your data while this is being investigated.
• Right to Data Portability - You may request your personal data in a structured, commonly used, machine readable format, and ask us to transfer it to another organisation where technically possible.
• Right to Object - You can object to how we use your data, including for direct marketing or where we rely on legitimate interests.
• Automated Decision Making & Profiling - You have the right not to be subject to decisions made solely by automated means that have legal or significant effects on you. You can ask for a human review of such decisions.
• If you would like to exercise any of your rights please contact our DPO.

10. Children (16 years and under) and Vulnerable Adults

We are committed to protecting the privacy of children and vulnerable adults. We will only collect and use their personal data where the appropriate permissions are in place.

11. Any further questions about this Privacy Notice

• You can contact our Data Protection Officer at the details below if you require further information about privacy compliance at Equiniti or have any questions that remain unanswered:
  • By email at DPO@equiniti.com,
  • By Post Data Protection Officer, PO Box 5243, Worthing, BN99 9FY
    EU Representative
• If you are located in the European Union you can contact Equiniti’s EU representative. Notified is Equiniti’s designated EU representative under Article 27 of the UK GDPR, located in France.
  • By email - DPO@equiniti.com,
  • By Post - Notified, Legal Department, 4 Rue Charras, Paris 75009, France