Legal

The website hslmobile.com and the services described on it are operated by Hay Systems Ltd, a company registered in Scotland under the Companies Act 2006, registration number SC201362. Our registered office is Hay Systems Ltd c/o Grant Thornton LLP, 7 Exchange Crescent, Conference Square, Edinburgh, EH3 8AN, Scotland and our Managing Director is Mr M Hay.

UK SIC 2007: 61900 Other telecommunications activities
UK SIC 2003: 6420 Telecommunications
SEC SIC: 4822 Telegraph & Other Message Communications
NAICS 2012: 517919 All Other Telecommunications

Complaints

If you have a complaint about Hay Systems Ltd, you should inform us in writing at:

Hay Systems Ltd, 1C Alba Pavilions, Alba Campus, Livingston, EH54 7HG, UNITED KINGDOM

As a Telecommunications Provider, Hay Systems Limited is a Member of the Ombudsman Services.

Data Processing Agreement

The Data Processing Agreement for customers: https://hslmobile.com/HSLMobileDataProcessingAgreement.pdf

Privacy Notice

Privacy Notice and processing of Personal Data at Hay Systems Ltd

Hay Systems Ltd (“HSL”) is responsible for storing and processing Personal Data on behalf of individuals and organisations. HSL shall process Personal Data within applicable laws and regulations. This privacy notice provides information about HSL’s processing of personal data.

Terminology

  • Data Subject is an identifiable natural person.
  • Data Controller is the organisation that defines the purpose(s) for the processing of Personal data and has an agreement with the registered Data Subject.
  • Data Processor processes Personal Data on behalf of a Data Controller. The processing is regulated by a Data Processing Agreement (DPA) between the Data Controller and the Data Processor.
  • Personal Data is any data that directly or indirectly is linked to an individual (Data Subject).
  • Traffic Data is data generated through the use of a network. As an example, when an individual is using the mobile network, information about who is sending and receiving a message or a phone call, start and end time, and the location of the mobile phone is generated. If traffic data directly or indirectly can be linked to you as an individual, these are classified as Personal Data. Traffic Data can for example be used for billing purposes.
  • Anonymous Data is data where all identifying items have been removed making it impossible to associate the data with an individual.
  • The Processing of Personal Data is any use of Personal Data, including collecting, storing, modifying, transferring or deleting.

HSL as a Data Processor

How HSL process Personal Data as a Data Processor is defined and described in the agreement between HSL and our customer, the Data Controller, and in the description of the respective services. The data about an individual (Data Subject) that we process as a Data Processor depends on which of our services are used by the Data Controller. Details are set out in the product specific terms of the customer agreements.

HSL’s processing on behalf of the customer is governed by a Data Processing Agreement (DPA), and HSL will only process Personal Data to provide our services to the customer, and in accordance with the DPA and the customer’s instructions. Upon termination of the agreement or instructions from the customer, we will delete or return the Personal Data processed under the agreement, unless otherwise required by law.

Examples of processing activities

  • Send messages like SMS or email from our customer (Data Controller) to the end user (Data Subject).
  • Produce message logs, statistics and reports.
  • Provide catalogue services.
  • Monitor traffic to ensure message delivery and system stability.
  • Manage Data Subject consents.

Depending on the service and the customer’s use of the service in question, we may as Data Processor process Personal Data within the following categories

  • Basic Personal Data (such as name), contact details (such as email, phone number etc).
  • Special categories of Personal Data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or health data.
  • Location Data, such as GPS, Wi-Fi location data and location data derived from Processor’s network (that is not traffic data as defined below).
  • Traffic Data: Personal Data processed in relation to the conveyance of communication on an electronic communications network or billing thereof.
  • Data related to content of communication, such as e-mails, voice mails, SMS/MMS, browsing data etc.

In some cases, HSL will be able to link Personal Data collected by several different services, as long as the data is collected for the same purpose.

HSL as a Data Controller

How HSL process Personal Data as a Data Controller is defined and described in the terms and conditions in the agreement between HSL and our end user (Data Subject). The data about the end user that we process as a Data Controller depends on which of our services that are used.

Examples of processing activities

  • Manage end user profile.
  • Manage end user consents.
  • Manage memberships.
  • Execute individual rights.
  • Notify end user of changes to services, terms and conditions or this privacy notice.
  • Respond to enquiries or questions related to services, terms and conditions or this privacy notice.
  • Mediate information and membership offers.

Depending on the service and the end user’s use of the service in question, we may as Data Controller process Personal Data within the following categories

  • Basic Personal Data (such as name), contact details (such as email, phone number etc).
  • Special categories of Personal Data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or health data.
  • Location Data, such as GPS, Wi-Fi location data and location data derived from Processor’s network (that is not traffic data as defined below).
  • Traffic Data: Personal Data processed in relation to the conveyance of communication on an electronic communications network or billing thereof.
  • Data related to content of communication, such as e-mails, voice mails, SMS/MMS, browsing data etc.

In some cases, HSL will be able to link Personal Data collected by several different services, as long as the data is collected for the same purpose.

Legal basis for HSL’s processing are:

  • To fulfil the agreement for use of a service provided by HSL to the end user, e.g. in relation to management of the user profile or memberships and to notify end users of changes to, or respond to enquiries related to services, terms and conditions or this privacy notice.
  • To pursue HSL’s legitimate interests (provided always that the interests of the data subjects do not override such interests), e.g. in relation to improve the services or the user experience, to establish, exercise or defend a legal claim, to prevent loss or damages to HSL or any third parties or to prevent any actions that may compromise HSL or a third party’s property or the personal data of the other users of the services.
  • Consent, e.g. in relation to marketing of HSL’s services.
  • To comply with a legal obligation to which HSL is subject, e.g. continued storage due to statutory rules of storage for accounting purposes.

The end user can at any time

  • Withdraw consent to processing activities based on consent.
  • Access Personal Data.
  • Amend Personal Data.
  • Request deletion of Personal Data.
  • Request restriction of, or object to, processing.
  • Request export of Personal Data.
  • Terminate the agreement.

HSL will retain your Personal Data for as long as it is necessary to fulfil the purposes for processing as defined in the terms and conditions in the agreement between HSL and our end user and will as a main rule retain Personal Data until cancellation of the agreement or until end users request deletion. Please note that legal obligations, e.g. statutory rules related to storage for accounting purposes, may make it necessary to store Personal Data after cancellation of the agreement. Continued storage may also occur where such storage is necessary for the purposes of legitimate interests pursued by HSL, including, but not limited to, the establishment, exercise or defence of legal claims.

With whom do we share data?

HSL may disclose personal data to third party vendors and hosting partners who perform services for HSL, in order to be able to deliver the services. These third party vendors will only use the Personal Data for the purposes they were collected, and in order to perform their services towards HSL. The relationship to such third party vendors will be governed by a Data Processing Agreement.

The disclosure of Personal Data to public bodies may occur if and to the extent required by law and current regulations.

How do we use cookies?

HSL uses cookies and similar technologies on our websites. Cookies help us to determine the most popular parts of our websites, which pages are visited and for how long. The data is used for development and analysis of services and targeting website advertisements in services provided by partners.

How do we protect Personal Data?

Safeguarding Personal Data is of the utmost importance to HSL. We therefore continuously work to protect Personal Data. Our security policy embraces protection for personnel, data, IT infrastructure, internal and public networks, as well as office buildings and technical facilities. Special attention is given to information such as Personal Data.

Our security work aims to balance risk exposure, business value, available technology, vulnerabilities, and threats in order to comply with applicable laws, regulations as well as with contractual demands. HSL strives to implement security measures by setting appropriate levels of protection for Personal Data and by so preventing disclosure of Personal Data to unauthorized parties, externally and internally.

Right to lodge a complaint with a supervisory authority

If you believe that HSL’s processing of personal data infringes relevant data protection regulations, you are entitled to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement, or other relevant supervisory authority.

Modifications to this privacy notice

HSL reserves the right to modify this privacy notice from time to time. The most recent revision shall supersede any earlier versions. The current version of the privacy notice will be available at HSL’s website or at request at all times. We advise that you check the privacy notice from time to time, to keep up to date with the current notice. We will notify you of any changes to the privacy notice that you are entitled to receive information about or which requires your consent.

Contact information

If you are a direct customer of HSL, please contact our Customer Support:

support@hslmobile.com

Our Customer Support can also assist you getting in touch with HSL’s Data Protection Officer (DPO). If you are an end user of a customer of HSL, please contact the relevant HSL customer directly.