Introduction

SecurEnvoy Limited (SE) is committed to safeguarding the privacy of personal and sensitive personal data and is bound to comply with the UK Data Protection Act 1998 and EU General Data Protection Regulation (GDPR), along with similar and applicable laws in other countries around the world. This Privacy Notice forms part of SE’s obligation to be open and fair with all individuals whose personal and sensitive personal data SE processes and to provide details around how it processes such personal data and what it does with it.

Individuals’ who leverage SE’s cloud service, may be provided with further privacy notices which may be contained in a separate supplemental notice. These additional privacy notices shall supplement this overarching Privacy Notice.

This Privacy Notice relates to the processing of personal data by SE. Unless otherwise stated, all references to “we” or “our” shall imply all SE lines of business that process personal or sensitive personal data.

None of the lists, or examples provided in this Privacy Notice, are intended to be exhaustive or fully representative of every individual.

 

Scope

The scope of this Privacy Notice covers clients, employees, temporary staff, contractors and partners personal data (or sensitive personal data, if applicable) in respect of the following: -

  • Collecting Personal Data
  • Using Personal Data
  • Disclosing Personal Data
  • Retaining Personal Data
  • Securing Personal Data
  • International Data Transfers
  • Subject Access Requests
  • Updates / Amendments
  • Third Party Websites
  • SE Website – Use of Cookies
  • Opt-in / Opt-out
  • Our Details
  • Complaints

 

Collecting Personal Data

We may collect and store the following kinds of personal data: -

  1. Information about your computer and about your visits to the SE website, including your IP address, geographical location, browser type and version.
  2. Information that you provide to us when you request one of our whitepapers though our website.
  3. Information that you provide to us for the purpose of subscribing to our marketing communications.
  4. Information that you provide to us when using any of the solutions and services we provide, or that is generated during the course of using those solutions and services.
  5. Information that you post on our social media platforms.
  6. Information contained in, or relating to, any communication that you send to us through our website, email or in writing.
  7. Information that you provide as part of performing money laundering, financial and credit checks as well as for fraud and crime prevention and detection purposes.
  8. Information related to the security and access of our services, systems and applications.
  9. Information to help us comply with our legal and regulatory obligations, including reporting to and being audited by regulators and external auditors.
  10. Information to help us comply with court orders and to exercise and defend our legal rights.
  11. Any other personal information that may be sent to us and which we use for legitimate business purposes.

Before you disclose to us the personal data of another person, you must obtain that person's consent to both the disclosure and the processing of that personal data in accordance with this Privacy Notice.

 

Using Personal Data

We may use your personal information to: 

  1. Administer, personalise and secure our web or cloud based sites or services.
  2. Enable your use of any solution or service that we may provide through our website.
  3. Supply you with our solutions and services.
  4. Improving our products, technology and services; for analytical purposes, including use of "Performance Data".
  5. Send invoices and payment reminders to you or collect payments from you.
  6. Send you marketing communications.
  7. Deal with enquiries and complaints.
  8. Perform money laundering, financial and credit checks.
  9. Ensure appropriate access to premises, systems and applications.
  10. Perform employee, temporary staff or contractor background checks.

 

Disclosing Personal Data

We only disclose your personal data in the ways set out in this Privacy Notice or subject to any agreements in place between us. The following circumstances may apply:

  1. Across our different lines of business, as part of a need to know or as part of improving our existing solutions and services or as part of providing new solutions and services.
  2. To third parties who process personal data on our behalf, such as systems providers or payroll providers.
  3. To third parties who process personal data on their own behalf but provide us, or you, with a service on behalf of us, such as a pension or healthcare provider.
  4. To third parties with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes.
  5. To any prospective buyer in the event we sell any part of our business, or its assets, or if substantially all of our assets are acquired by a third party.
  6. To any regulator, external auditor or applicable body or court where we are required to do so by law or regulation or as part of any investigation.
  7. To any central or local government department and other statutory or public bodies, such as HMRC.

We do not sell, rent or trade any of your personal data.

We will not, without your consent, disclose or supply your personal data to any third party for the purpose of their or any other third party's direct marketing.

 

Retaining Personal Data

Personal data that we process, for any purpose or purposes, shall not be kept for longer than is necessary. SE bases its record retention on any legal, regulatory or contractual obligations.

We will retain your information for as long as your cloud account is active or as needed to provide you the Services, unless we are required by law to dispose of it earlier or to keep it longer.

You have the right to request we erase your data, where we do not have any overriding legal, regulatory or contractual obligations.

 

Securing Personal Data

Where SE acts as the controller of personal data, it will ensure that necessary and adequate safeguards are in place to prevent unauthorised access, loss, misuse or alteration of your personal data.

We store all personal information on secure servers with relevant access and firewall controls.

Any personal data sent to us, either in writing or email, may be insecure in transit and we cannot guarantee its delivery.

Passwords must be kept confidential and not disclosed to a third party. SE does not ask you for your password.

 

International Data Transfers

Limited personal data that we collect, is stored in the region associated with your cloud account, not limited to EU, US and APAC. Personal data will be covered by binding corporate rules or contractual arrangements to ensure it is processed appropriately.

Cross-Border Transfer of Your Personal Information

Please be aware that SE may host and process your data and information (including Personal Information), primarily in Germany, United States and other countries through the SE group of companies and third parties that we use to operate and manage the Website and Services, including Amazon Web Services (“AWS”). You may view the AWS privacy policy at http://aws.amazon.com/privacy. By signing up for or using the Services, and/or by communicating with us by email, you acknowledge and expressly consent to the transfer and processing of your Personal Information in this way. Any such transfer or processing of your Personal Information will be in accordance with all applicable laws.

 

Subject Access Requests

You may instruct us to provide you with any personal data we hold about you as part of a Subject Access Request. The provision of such information will be subject to: -  

  1. The payment of a fee up to 24th May 2018 and no fee from 25th May 2018 onwards; and
  2. Appropriate evidence of your identity, such as a passport, driving licence as well as a recent bank statement or utility bill.

In certain instances, where exemptions exist, we may withhold personal data that you request, and which are permissible by law.

You have the right to rectification and may wish to contact us if the personal data that we hold about you needs to be corrected or updated.

You have the right to object to us processing your data, and the right to request we restrict the processing of your data.

You may instruct us at any time not to process your personal data for marketing and communications purposes by means of ‘opting-out’.

We do not perform any auto-profiling of individuals.

 

Updates/Amendments

In order to remain compliant with any legal and regulatory obligations, or as part of our evolving business practices, we may update this Privacy Notice from time to time by publishing a new version. In certain instances, we may notify you.

 

Third Party Websites

We are not responsible for the practices employed by Third Party Websites linked to or from our Website nor the information or content contained therein. Often links to other websites are provided solely as reference points to information on topics that may be useful to the users of our Website. Please remember that when you use a link to go from our Website to a Third-Party Website, our Privacy Notice will no longer apply. Your browsing and interaction on any other Website, including Third Party Websites, which have a link on our Website, are subject to that Website's own Privacy Notice.

 

Website - Use of Cookies

SE records the number of visitors to the relevant sections of our Website and tracks movement between the sections by means of ‘cookies’. Cookies are small data files containing anonymous information placed on your computer and are automatically downloaded to a user’s hard drive in order to recognise a user that has visited our Website previously. SE reserves the right to use cookies in order to analyse trends and to improve the design and layout of its Website. You cannot be identified as an individual from this type of information.

 

Data Protection Registration

We are registered as a data controller with the UK Information Commissioner's Office and our data protection registration number is ZA229874.

 

Our Details

SE is registered in England and Wales under company number 04866711.

Its trading office is at 22 Great James Street, London, England, WC1N 3ES, United Kingdom.

You can contact us as follows: -

Email:                                      info@securenvoy.com

Web:                                        www.securenvoy.com

Telephone:                               +44 (0) 845 260 0010

In Writing:                                Data Protection Officer

                                                22 Great James Street,

                                                London,

                                                WC1N 3ES

                                                United Kingdom.

                                   

COMPLAINTS

If you feel your rights have not been respected, or do not feel a situation was resolved satisfactorily, you have the right to raise a complaint with the UK Information Commissioner.

You can contact them as follows: -

Web:                                       https://ico.org.uk/concerns/

Telephone:                              +44 (0)303 123 1113

In Writing:                               Information Commissioner's Office
                                               Wycliffe House
                                               Water Lane
                                               Wilmslow
                                               Cheshire
                                               SK9 5AF