SME Comply may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
SME Comply's registered address is De Montfort House, 73 Enterprise Way, Evesham, WR11 1GS.
Our data protection lead is Gary O'Reilly who can be contacted at - email@example.com
Information we may collect from you
We provide consultancy services and products to puchase directly from our website. Personal data we may collect to allow us to perform those services could include your name, address, email address, any other relevant contact information and correspondance.
We do not process any financial personal data on our website. (see Third Parties below)
Where we store your personal data
All of your personal data is stored in the United Kingdom, which is part of the European Economic Area (“EEA”). We do not store/process any of your personal data outside the EEA.
Uses made of the information
We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations. Our legal basis for processing your personal data is our contractual obligation to you, to provide you with the products and consultancy services you have requested, and it is in our legitimate interests to build a relationship with clients.
Disclosure of your information
We will not sell, distribute or lease your personal information to third parties unless we have your permission. We may disclose your personal information to third parties if under a duty to do so, for example to comply with any legal obligation, to enforce any agreements or to protect the rights, property, or safety of SME Comply employees, or others. This includes exchanging information with other companies and organisations for the purposes of anti-money laundering legislation and credit risk reduction.
We will not retain your personal data indefinately, and in most non-contractual cases we will delete your personal data after one year. If you have entered into a contract for service with us, we will retain your personal data for a period of six years following the conclusion of the contract.
We will use appropriate technical and organisational measures to keep personal information secure, and in particular to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. We have in place a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
You have certain rights in relation to the personal information we hold about you. These rights may include:
1. Right to be informed – you have a right to be told how we use your personal data.
2. Right of access – you have the right to request a copy of the personal data that we hold about you. (Similar to a SAR)
3. Right of rectification – you have a right to correct personal data that we hold about you that is inaccurate or incomplete.
4. Right to erasure (right to be forgotten) – in certain circumstances you can ask for the personal data we hold about you to be erased from our records.
5. Right to restrict processing – in certain circumstances you have a right to restrict us processing your personal data.
6. Right of data portability – you have the right to have personal data we hold about you transferred to another organisation.
7. Right to object – you have the right to object to certain types of processing of your personal data, such as direct marketing.
8. Automated decision making including profiling - you have the right to object to the automated processing of your personal data, including profiling (subject to exceptions contained at Article 22(2) GDPR).
How to exercise your rights
You may exercise any of your rights in relation to your personal data by writing to us at the address above, or emailing our Data Protection Officer at firstname.lastname@example.org. To avoid delay in dealing with your request please ensure that you confirm in your request which right you wish to exercise along with the reasons why.
We will respond to your request within 30 days by granting your request, asking for more time or further detail, or we can refuse your request. In the event that we refuse your request we will provide you with reasons why, as well as provide you with details of how you can challenge or appeal our decision.
You will also be informed of your right to legally challenge our decision with the ICO.