This page outlines Highpoint’s use of personal data, outlines your rights under the General Data Protection Regulation (GDPR), and tells you how to exercise your rights. There is a lot here, so you can skip straight to any section


What is GDPR and why does it matter?
Highpoint’s use of personal data
Giving us consent
Your rights under GDPR
Our full privacy policy
How to contact us

What is GDPR and why does it matter

Across Europe the General Data Protection Regulations (GDPR) came into effect in May 2018. These regulations exist to give individuals the right to know how their data will be used by organisations, under what lawful basis, and the right to challenge that use, or remove their consent. Further they will have the right to request a copy of data held on them, to correct it and to request that it is permanently deleted, as long as doing so does not prevent an organisation from carrying out agreed activities, or contradict other legal regulations. Our full Privacy policy is linked to below, but here is a brief summary of how GDPR affects Highpoint’s use of your data with respect to our business activities.

Highpoint’s use of personal data

Highpoint, as a business-to-business organisation, mainly holds and processes records of business contacts for individuals as representatives and agents of its business customers. These are personal data for the purposes of GDPR. In addition, Highpoint has online services and sales platforms that requires business contact information, and payment details Potentially individuals may elect to use personal (as opposed to business) contact details.
Highpoint’s use of any personal data must be legitimate either because it is used exactly and only in the way you would expect for us to carry out a contract, process a sale or the delivery of services (these would be considered as contract or legitimate interest under the GDPR definitions of lawful basis), or because you have explicitly and separately consented to us using your data for a particular purpose, for example a mailing list for receiving emails from us.

Example 1: Holding your contact details in order to communicate with your during the execution of a consultancy project is considered as a legitimate interest, in that we are using your details only and exactly as you would expect for us to carry out our work. If however we want add you to our newsletter mailing list, we would require a separate and explicit consent from you.

Example 2: if we were to share your data with another organisation, we would need your consent, unless it is as expected in order to carry out a process. For example, if you are purchasing a training manual through our online shop, sharing your data to process a credit card sale with an online card provider would count as legitimate interest, that is, it is necessary to carry out the expected transition, and does not compromise your privacy. However sharing your contact details with a marketing company would require an explicit consent from you for that purpose.

Example 3: If you purchase something from our online shop, or you join our membership site, we may need to contact you to tell you about your purchase, or tell you that a website will be changing or unavailable. These would both be legitimate interest uses of your email address and would not need further consent.

Your rights under GDPR

This is a summary of your rights under GDPR and how they relate to Highpoint.
More extensive definitions are to be found at the ICO.
Your right to be informed – this page summarises that way we are approaching use of data, and giving you control of it.
Your right of access – to have access to the information we hold about you, and the lawful basis under which it is used. We can provide you with a copy of data held about you. There will be no charge for individual data access requests, but where demands are unfounded, excessive or repetitive, we will review this.
We will comply within one month. A self-service access to your data will not exist for most of our systems.
Your right to rectification. If we hold inaccurate or incomplete data, you can request that we amend this.
Your right to erasure. You may request that we remove your data. If doing so will compromise our ability to deliver a service you expect us to, or conflicts with other obligations and laws, we will endeavour to have a discussion with you about this.
Your right to data portability – we will provide your data if needed in a format
Your right to object, if you think the lawful basis and justification we use to process your data is unfounded or does not take into account your particular needs for privacy

Our full privacy policy

You can find our full privacy policy here.

How to contact us

If you want to ask us anything about how we use your data, or to exercise your rights under GDPR, please contact us at
and clearly mark your email GDPR in the subject.