SECURE DATA MANAGEMENT EUROPEAN PRIVACY NOTICE
Notice last updated: 16 May 2019
This Privacy Notice (“Notice”) is adopted by Secure Data Management Limited (UK Registered Company #5068449).
Secure Data Management understands your concerns about the privacy of data you may provide to us, to a third party representative acting on our behalf (for a list of our third party representatives and data processing agreement, please click here) or which we obtain through your use of the Secure Data Management Website (“Site“) or the services we provide to our prospect customers and customers (“Services“).
This Notice is not intended to override the terms of any contract you have with us, nor any rights which you may have available under applicable data protection laws. This Notice provides you with information about:
- Who we collect information from and the information we collect
- How we use the information we collect
- Who we disclose your information to
- How we protect and store your information
- Retention of your personal information
- How this notice applies to links and third-party websites
- Your rights and how to opt out or request changes to your personal information
WHO WE COLLECT INFORMATION FROM AND THE INFORMATION WE COLLECT
Who we collect information from
Secure Data Management collects information from the following data subjects:
- individual prospective customers & customers;
- representatives of corporate prospective customer & customers.
Customers of Secure Data Management’s Customers
We may collect, store and process Personal Information of customers of Secure Data Management’s customers, solely on our customer’s behalf and at their direction. For such purposes, we serve as and shall be considered as a processor and not as a controller of such personal information. The Secure Data Management customers shall be considered as the controllers of such Personal Information and are responsible for complying with all laws and regulations that may apply to the collection, use and control of such Personal Information.
Secure Data Management customers who use our services in this way are responsible for obtaining any consents, permissions and for providing any fair processing notices required for the collection and usage of such information.
We are concerned about the safety of children when they use the Internet, and will never knowingly collect Personal Information from minors (children under 16 years of age, or any other age defined under applicable law). If we become aware that a minor is attempting to or has submitted Personal Information via this Site, we will notify the user that we may not accept his or her Personal Information. We will then remove any such Personal Information from our records.
We collect personal and aggregate information
We collect two types of information from you: “Personal Information“ (anything which identifies you as an individual, either on its own or by reference to other information) and “Aggregate Information“ (non-personally identifiable and anonymous data).
On our Site, Personal Information (such as your name, address, telephone number, or email address) is collected when you voluntarily submit it through a Site form, such as during a request for product information or a download of a study or whitepaper. Other information that may also constitute Personal Information (such as your browser type, operating system, IP address, domain name, number of times you visited the Site, dates you visited the Site, and the amount of time you spent viewing the Site) may be collected via cookies and other tracking technologies (such as transparent
GIF files). Aggregate Information (such as how many times visitors log onto this Site) may also be collected.
Outside of this Site, Personal Information may also be collected directly by us or by our representative when you enter into a contract with us or contact us to make enquiries or complaints via telephone, email or by post. We or a Secure Data Management representative may collect your business contact details and information about your profession or your employees, as well as information about you if you attend meetings, events or conferences that we organise or sign up to our newsletters.
HOW WE USE THE INFORMATION WE COLLECT
What legal basis we have for collecting and using your personal information
Where relevant under applicable laws, the use of your Personal Information will be justified by at least a condition for processing. In the majority of cases this condition will be that:
- you have provided your consent to us using the Personal Information in that way for example where you provide us with consent to send you marketing communication about our products and services;
- our use of your Personal Information is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage your account); and/or
- our use of your Personal Information is necessary to comply with a relevant legal or regulatory obligation that we have. Some of these obligations include making reports to tax authorities or law enforcement agencies.
The purposes for which we use your Personal Information
Your Personal Information will not be used for any other purpose than provided by this Notice. We will use the information you supply:
- to answer your specific inquiry or respond to your complaints. For example if you contact us with a technical question, we will use your contact information and technical information to resolve the issue;
- to administer and enhance the Site;
- for our general business purposes, such as the administration of your customer account, [to invite you to events,] deal with your queries or for marketing or sales purposes;
- in connection with a proposed or actual sale, merger or transfer of all or a portion of a business or division;
- to satisfy legal or regulatory requirements;
- as otherwise described in this Notice; and
- at your option, to send you additional marketing materials relating to Secure Data Management.
We would like to use your Personal Information to provide you with information about products and services which we think may be of interest to you or your employer. We will only send you such materials by email and/or contact you by telephone if, when you are presented with the option at various points on our Site or during our contact with you, you gave us your prior express consent to receive such communications (“opt in”). In case you have not given your opt in consent to be contacted by Secure Data Management, your Personal Information (only to the extent that is absolutely required) will be retained on a “do not contact” list.
In connection with our offline activities, you may simply notify Secure Data Management that you wish to cease receiving additional information from Secure Data Management (“opt out”), and Secure Data Management will honour any such request. Your Personal Information will be stored by us only as long as you do not change your mind to receive such materials from Secure Data Management, with the exception of those Personal Information which is required to avoid contacting you in the future for marketing purposes. We will provide you with the option to opt-out of marketing communications by following the opt-out link included below and in electronic communications, or by contacting us using the details set out below.
If you consented to receive any communications from us at the time you registered on this Site or you gave your contact details offline to us for such purpose, but subsequently change your mind, please contact us to action any changes you wish to make.
HOW WE USE INFORMATION COLLECTED THROUGH COOKIES AND OTHER TRACKING TECHNOLOGIES
A cookie is a small text file that is downloaded to your computer when visiting a website. It allows that website to recognize your computer when you return, enabling it to display personalized settings and other user preferences. Cookies also help websites improve the relevance of the advertising you see online. Other tracking technologies (including “web beacons” and “transparent GIF files”) are technical mechanisms that enable our service providers to gather information on your response to our advertisements, e-mails, and other online marketing materials.
Types of cookies used on the Site
We use several different types of cookies. In particular, we use: strictly necessary cookies which allow certain fundamental features of the Site to work; functionality cookies, which allow us to remember choices you make (e.g. your cookie preference); and performance cookies, which monitors usage of the Site. We also use third party cookies – these are cookies that are set by a third party website rather than by us.
Some of the cookies are session cookies which are temporary and allow us to link your actions during a single use of the Site. These are deleted at the end of your browsing session. Others are persistent cookies which remain on your device for the period of time specified in the cookie. These cookies help us to identify you as a unique user (by storing a randomly generated number).
Control your cookie settings
Please be aware that some of our services will not function if your browser does not accept cookies. However, you can allow cookies from specific websites by making them “trusted websites” in your internet browser.
The following links may assist you in managing your cookies settings, or you can use the ‘Help’ option in your internet browser for more details:
WHO WE DISCLOSE YOUR INFORMATION TO
We work with third parties to help manage our business and deliver services. We and our service providers (as defined below) disclose and share your Personal Information:
- Secure Data Management and our sister company Nexus smart;
- to third party service providers (“Service Providers”) that perform services for us or on our behalf (including those which may process job applicant information, host investor relations content, provide courier services, [help manage our IT and back office systems,]or distribute marketing materials ). Such Service Providers are required under their contract with us, to handle your Personal Information in accordance with applicable laws and principles related to privacy and data protection;
- for credit card payments we employ a third party to process these payments on our behalf. This third party will only have access to the Personal Information which you provide directly to them when you make a credit card payment. They are required under their contract with us to process this Personal Information securely and in accordance with all relevant Data Protection laws. We will not collect or store any credit card details; this third party being the sole data controller of that data. When you pay for any goods, you will be taken to a link to this third party’s website in order to conclude the sale. The data you provide to this third party will be processed in accordance with their privacy Notice and the terms and conditions on their website. Secure Data Management has no control over how this third party uses your information and is therefore not responsible and is not liable for the way they process your Personal Information. Ensure that you have read and understood their terms before providing your Personal Information;
- to a third party in connection with a proposed or actual sale, merger, or transfer of all or a portion of a business or division; and
- to other persons where we are under a legal obligation to disclose your Personal Information, and only as permitted or required by applicable law or regulation. Such disclosure could be made to courts, to respond to lawful requests by public authorities, regulators and law enforcement agencies in the European Union and around the world or toprotect and defend our rights or property.
Any access to such information will be limited to the purpose for which such information was provided to us or our Service Providers, as explained in the “How we use the information we collect” section above.
RETENTION OF YOUR PERSONAL INFORMATION
We will retain your Personal Information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Notice. In some circumstances we may retain your Personal Information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.
In specific circumstances we may retain your Personal Information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings.
Where we have obtained your Personal Information in order to provide you with marketing information for our products and services, your Personal Information will be stored by us only as long as you do not change your mind to receive such materials from Secure Data Management, in order to avoid future contact with you for marketing purposes. We maintain a data retention notice which we apply to records in our care. Where your Personal Information is no longer required we will ensure it is securely deleted.
LINKS AND THIRD-PARTY WEBSITES
Applicability of this Notice
Third Party Advertisements
We may use third party advertisements on this Site. Cookies and other tracking technologies may be associated with these advertisements. Note: Secure Data Management is not responsible for the functionality of and actions taken by cookies and other tracking technologies created and placed by our third party service providers. In relation to these cookies and tracking technologies, the third party service providers are the data controllers and we advise you to familiarise yourself with their individual privacy policies.
YOUR RIGHTS AND HOW TO OPT OUT OR REQUEST CHANGES
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your Personal Information:
- To access personal information
- To rectify / erase personal information
- To restrict the processing of your personal information
- To transfer your personal information
- To object to the processing of personal information
- Right to object to how we use your personal data for direct marketing purposes
- Right to obtain a copy of Personal Information safeguards used for transfers outside your jurisdiction
- Right to lodge a complaint with your local supervisory authority
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us at: firstname.lastname@example.org. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
To access Personal Information
You have a right to request that we provide you with a copy of your Personal Information that we hold and you have the right to be informed of; (a) the source of your Personal Information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entity to whom your Personal Information may be transferred.
To rectify or erase Personal Information
You have a right to request that we rectify inaccurate Personal Information and we may seek to verify the accuracy of the Personal Information before rectifying it.
You can also request that we erase your Personal Information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see right to object); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which Secure Data Management is subject.
We are not required to comply with your request to erase your Personal Information if the processing of your Personal Information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims;
To restrict the processing of your Personal Information
You can ask us to restrict your Personal Information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to transfer your Personal Information
You can ask us to provide your Personal Information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your Personal Information
You can object to any processing of your Personal Information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your personal data for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes. You can request that we not transfer your Personal Information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of Personal Information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Information is transferred outside of the European Economic Area.
We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local supervisory authority about our processing of your personal data.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
NOTIFICATION OF CHANGES
We recommend that you check this Notice every time you visit our Site or provide us with your Personal Information offline as we may update this Notice from time to time, by posting the amended Notice on this Site. Any changes will be effective when posted and your continued use of the Site or not objecting to the use of your Personal Information will indicate your acknowledgement of any changes.
If you have any questions, concerns or complaints regarding our compliance with this Notice and the data protection laws, Privacy Shield Principles or if you wish to exercise your rights of access, choice, rectification or deletion, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with this Notice. For any complaints that cannot be resolved with us directly, Please contact the relevant DPA contacts.
For users resident in the European Union, you also have a right to lodge a complaint with your supervisory authority for data protection at any time: http://ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.htm
Questions regarding this Notice
If you have questions concerning this Notice, please contact our Chief Compliance Officer at email@example.com