We take the privacy of our customers very seriously and ask that you read this Privacy Policy carefully as it explains how we collect, process, and keep your data safe. The Privacy Policy will tell you about your privacy rights, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.

We are Horizon Fraud Prevention, we offer Consultancy Services to meet to compliance requirements for Failure to Prevent Fraud  based in the Midlands UK. Our services are provided to large organisations and generally do not involve the collection and processing of personal data other than the personal names of individuals within the organisations we work with. 

When we work with our clients, we may be in touch by way of names email addresses and process the contact information as a ‘Data Controller’, this means we responsible for the controls the processing of any personal data.

We comply with the UK GDPR and the Data Protection Act 2018  which protects the rights of individuals by providing greater transparency in how personal data is processed by Data Controllers including obtaining consent, distribution, marketing, and deletion.

This website is not intended for children and we do not knowingly collect data relating to children under the age of 16 years.

When you contact us and share your personal data with us to enquire about our failure to prevent fraud services we process your personal data as a pre-cursor to a potential ’Contractual Obligation’ however we may also process data under a ‘Legitimate Interest’.

When you contact Horizon Fraud Prevention you may send us your full name and an email address that includes your name. Your contact details will help us to provide you with details of our service and to provide you with a quotation service. If you proceed with a service, it is likely that we may also work with your employees and may also process their personal data. In addition to personal data, to support the service we provide to your organisation we will retain details of your address, contact information and payment details. 

If you submit an online enquiry you will be required to agree to the terms of this Policy, a link to which is always provided within the online form. When you agree you will also be permitting us to contact you for to respond to your enquiry via the contact means you provide us ie: email address, telephone number, etc; for example, we will obtain personal data when you contact us for any reason, or purchase services. There should be no circumstance whereby we should need to access sensitive personal data as this data is not considered relevant for the purpose of your enquiry, however if we go on to provide a service you may need to give us access to sensitive personal data, a further privacy policy will be issued once we have assessed the extent of access to data as a data processor. At the enquiry stage, any sensitive personal data obtained and recorded will only be accessed with your explicit consent.

We will use the personal data you disclose to us for the purposes of providing a business consultancy service relating to failure to prevent fraud to:

• assist us in processing your enquiry and discussing the services you require;
• administer your enquiry;
• marketing (providing you have given your consent by way of an opt-in) [for further information see ‘Marketing and opting-in’ below];
• billing and order fulfilment;
• notifying you of changes to our website or our services which may affect you and;
• improving our services.

We will never share your personal data. If you have opted-in to receive specific updates about our compliance consultancy services we will only market these to you in accordance with your  requirements.

When marketing our services we may contact you by mail, telephone, text message, email, (each contact method requires its own consent via an opt-in selection). The nature of these marketing communications relates to information on our compliance services and special offers. If you or others would prefer not to receive any further direct marketing communications from us or our business partners, it is possible to opt out at any time.

We may disclose personal data which you provide to us to our fraud officers and consultants, other third parties with whom we deal with in the course of providing our services to you; and any other Regulatory Body who can demonstrate that there is a legitimate purpose for the processing of your personal data.

We may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.

We only share the personal data provided if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do. We have robust due diligence systems in place to meet this requirement.

We never share personal data outside our organisation for marketing purposes.

We currently safeguard personal data by storing it in alignment to our ISMS protected by password and two-tier authenticity. Whilst we will use all reasonable efforts to safeguard such personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet. In the event that we become aware of any data compromise we will act in accordance with our Data Breach Policy with an emphasis on protection your data at all times.

If you give us information about others, you confirm that the other third-party person has appointed you to act on his/her behalf. This is also relevant where others are concerned if you indeed ask another person to act on your behalf as a third-party.

Under the third party authorisation, the other person can:

• Give consent on his/her behalf to the processing of his or      her personal data for the purposes and reasons set out in this Policy; and
• Receive on his/her behalf any data protection notices.

Such authorisation will remain in place until this has been revoked, either by verbal or written communication.

We use Google Analytics Advertising Features (‘GAAF’) through our website, which means certain information about our website traffic is collected however, We will not facilitate the merging of personally-identifiable information with non-personally identifiable information collected through GAAF unless we receive your express consent to that merger.

The specific GAAF feature(s) which we have implemented are:

• Re-marketing with Google Analytics
• Google Display Network Impression Reporting
• Google Analytics Demographics and Interest Reporting
• 
  

We use first-party cookies or other first-party identifiers, and third-party cookies (such as advertising cookies) or other third-party identifiers together and that this is done in the ways detailed under the sub-heading ‘Use of First & Third Party Cookies and Identifiers’ below; and

You can opt-out of the GAAF you use, including through Ads Settings, Ad Settings for mobile apps, or any other available means such as the Google Analytics currently available opt-outs accessible via tools.google.com/dlpage/gaoptout.

You have several rights which include the right to:

· Access the personal data we hold applicable to you (subject access request);

· To ensure the data we hold about you is accurate;

· Request that we stop processing your data;

· To request that your data be erased (the right to be forgotten);

All of the above may be requested by emailing us at info@fraud-prevention.co.uk

In the case of a subject access request (SAR) you should specify the personal data you want access to, including any account or reference numbers where applicable.

We will provide the SAR response within 30 days free of charge. If we cannot provide a response within 30 days we will email you to advise you of this fact and advise when you can expect our response. If repeated requests are made for SAR’s we may be entitled to charge a fee but only in compliance with the DPA 2018.

Any inaccuracies can be submitted to us and in the case of on-line accounts, you should ensure that your address any inaccuracies on your account. To assist you with this we will send bi- annual accuracy notices to all our customers and on-line account holders. 

To ask us to stop processing your personal data for direct marketing purposes by a particular channel (e.g. email or telephone) you should specify the channel you are objecting to.

Data erasures are assessed on a case-by-case basis. We will endeavour to respond to your request within 30 days however, there are certain circumstances where we cannot erase your data. We will explain our finding to you and where possible we can agree to redact your data.

We will only process your personal data providing you have given your consent for us to do so or by way of the lawful basis’s for as long as is necessary for the purpose and for the amount of time required to allow us to meet any legal obligation up to the statutory time limits applicable by law.

Third-Party Websites

We may from time to time include useful links to the websites of our partners and organisations. If you access any website links our privacy policy will not be applicable. You should refer to the privacy policy of the third-party site.

We welcome feedback and questions and endeavour to respond to feedback to improve our services to you. If you have a grievance that relates to any aspect of your personal data during the course of your engagement with us you may complain to us directly to our Data Protection Officer info@fraud-prevention.co.uk who will investigate your concerns. If you are still unhappy with any aspect of how your personal data has been processed, you may contact the ICO www.ico.org.uk