For more information regarding the General Data Protection Regulation (GDPR), which is enforced from 25 May please visit here. Additional information regarding your rights can be found at the Information Commissioner’s Office here.
What data do we process?
The type of data we process, which varies depending on the type of relationship we have with you, can include:
Personal and contact details: Title, name, contact details, address
Date of birth and gender
Nationality and citizenship
Employment: Position, employer, work history
Communications: Records of communications with SE employees
Travel: Travel history, itineraries
Marketing: Engagement with marketing campaigns
Insurance: Policy details supplied by our clients
Financial: Transaction history, invoices
Education: History of education
Why do we hold data?
There will be multiple reasons why we need to process your data. Examples include:
- Providing services through direct contractual engagement
- Providing services on behalf of a contracted business partner
- Sending marketing information which you have chosen to receive via a clear opt-in
- To develop relationships with existing or previous clients
- Providing swift response services during critical incidents
- Contacting you about changes to services
- To comply with legal and regulatory obligations.
What is the legal basis for processing data?
Under GDPR there are six lawful reasons for processing data. These are consent, performance of a contract, legal obligation, to protect vital interests, public interest, and legitimate interest. All of the data that SE processes falls within these definitions. Careful consideration is given to each piece of data that we process in order to justify why we are holding it, and what is the legal basis for us to hold it.
Do we share data?
In some circumstances we are required to share data with contracted partners in order to provide services. This could include circumstances where you have provided your data to one of our business partners, who subsequently transfer the data to us so that we can fulfil our contractual obligations. We also use third parties in order to fulfil some business functions, such as marketing or access to our web-based services. Whenever data is transferred, either to us or from us, we take steps to ensure both the integrity and the security of that data.
How long do we hold data?
We hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
- Retention periods in line with legal and regulatory requirements or guidance.
What are your rights?
Under GDPR your rights are as follows:
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
If you want to contact us about the data we hold on you, correct data, or to request that data be removed, please contact us at firstname.lastname@example.org
Alternatively, you can write to us at: Security Exchange Ltd, 319 Davidson House, Forbury Square, Reading, Berkshire, RG1 3EU.