.png)
Hallane (trading name of Ingram Digital Limited) respects your privacy. This privacy policy explains how we collect, use, share and protect personal data when we provide our services or when you use our website. It applies to our business based in the United Kingdom but also covers situations where we serve clients or data subjects in other countries.We process personal data in accordance with the UK GDPR and the Data Protection Act 2018. These laws set out principles that organisations must follow when handling personal data. Anyone responsible for using personal data must ensure that information is:used fairly, lawfully and transparently;
Hallane is a trading name of Ingram Digital Limited (company number 14699617) established in the United Kingdom. For data protection law purposes we are the data controller of the personal data described in this policy, unless otherwise stated
If you have questions or concerns about how we use your information, please contact us using the details above. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority. The ICO’s contact details are listed in Section 15.
Before writing a privacy notice you should know:
We collect and process the following categories of personal data:
Identity and contact data
names, job titles, business names, postal addresses, email addresses and telephone numbers
To communicate with you, provide our services and maintain client records
Transactional data
details of services purchased, payments to and from you
To perform our contract with you and manage billing/accounts
Marketing and communications data
your preferences for receiving marketing from us and communications
To send newsletters, updates or promotional material (with your consent or based on legitimate interest)
Technical and usage data
IP address, browser type, operating system, device identifiers, cookies and usage data when you access our website
To administer and improve our website, provide security and perform analytics
Correspondence
information you provide when you contact us (e.g., emails, phone calls)
To respond to enquiries, provide support and maintain records
Special category data
We generally do not collect sensitive personal data. If we do (for example health data for an event or accommodation), we will inform you and rely on a lawful basis and additional safeguards.
We may obtain personal data directly from you, from publicly available sources (e.g. Companies House), from business partners or from cookies and similar technologies.
Before writing a privacy notice you should know:
We only process personal data when one or more lawful bases apply. Under Article 6 GDPR, processing is lawful if at least one of the following applies: the data subject has given consent; processing is necessary for the performance of a contract with the data subject; necessary to comply with a legal obligation; necessary to protect vital interests; necessary for the performance of a task carried out in the public interest; or necessary for legitimate interests pursued by the controller or a third party unless these are overridden by individuals’ rights. In practice we use the following bases:
We will explain the applicable lawful basis whenever we collect your personal data.
We may use your personal data to:
We will not use your personal data for any purpose incompatible with those described in this policy and will inform you of any new purposes.
We may share your personal data with:
We do not sell or rent personal data. Whenever we share data with a third party we ensure they provide sufficient guarantees and we remain responsible for their compliance.
Our business may serve clients outside the UK and may store or process data using cloud services located in other countries. The UK GDPR primarily applies to controllers and processors located in the UK; however, people may lose the protection of UK data protection laws if their personal data is transferred outside the UK. Transfers to receivers outside the UK are referred to as restricted transfers.
We only make restricted transfers where:
Before transferring data we conduct a risk assessment to ensure that the data subjects’ rights will not be undermined. If none of the safeguards or exceptions apply, we will not proceed with the transfer.
Where we transfer personal data to suppliers or partners outside the UK we impose contractual obligations requiring them to protect it to the standard expected under UK law.
We only retain personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements. The UK data protection principles require that personal data be kept for no longer than is necessary. When determining retention periods we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it and whether those purposes can be achieved by other means.
Once the retention period expires we securely delete or anonymise your data. If we anonymise data so that it can no longer be associated with you, we may use the information indefinitely without further notice.
Individuals have certain rights in relation to their personal data. Under UK data protection laws you have the right to:
Identity and contact data
To know how we collect and use your data, as set out in this policy and any collection notices
Right of access
To request a copy of your personal data that we hold
Right to rectification
To have inaccurate data corrected or incomplete data completed
Right to erasure ("right to be forgotten")
To have your data erased in certain circumstances
Right to restrict processing
To request us to suspend processing in certain circumstances
Right to data portability
To receive your data in a structured, commonly used format and have it transferred to another controller
Right to object
To object to processing based on our legitimate interests or direct marketing
Rights relating to automated decision‑making and profiling
To not be subject to decisions based solely on automated processing and to be informed of any profiling
Some rights are not absolute and may not apply in all cases. If you wish to exercise any of the rights above, please contact us using the details in Section 2. We will respond within one month. We may request proof of identity and may refuse a request where an exemption applies (for example where releasing data would adversely affect another person’s rights).
You also have the right to withdraw consent where we rely on consent for processing, and the right to lodge a complaint with the ICO if you believe your data is being used improperly. Contact details for the ICO are provided in Section 15.
Cookies are small text files placed on your device when you visit our website. They allow us to distinguish you from other users and improve your experience. The ICO states that visitors must be informed about cookies and what they do, and if the cookies are not strictly necessary you must obtain the user’s agreement before setting them. Accordingly:
When you first visit our website, a banner will give you information about the cookies we use and will ask you to choose your preferences. You can change your cookie settings at any time in your browser or via our cookie consent tool.
Our website may contain links to third‑party sites, plug‑ins and applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third‑party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every site you visit.
We review this privacy policy regularly and may update it from time to time. The ICO advises that privacy notices should be kept under review and people should be informed of changes. We will post any changes on our website and, where appropriate, notify you by email. Please check back periodically to ensure you are aware of the latest version.
If you have concerns about how we handle your personal data, please contact us first so we can address your concern. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK data‑protection regulator. The ICO can be contacted at: