Overview

This privacy policy sets out how we, SME Comply Ltd ("SME Comply"), uses and protects any personal data that you provide when you use our website or purchase our products or consultancy service.

SME Comply is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy policy.

SME Comply may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

 

Our details

SME Comply's registered address is De Montfort House, 73 Enterprise Way, Evesham, WR11 1GS.

Our data protection lead is Gary O'Reilly who can be contacted at - info@smecomply.co.uk

 

Information we may collect from you

We provide consultancy services and products to puchase directly from our website.  Personal data we may collect to allow us to perform those services could include your name, address, email address, any other relevant contact information and correspondance.

We do not process any financial personal data on our website. (see Third Parties below)

 

Where we store your personal data

All of your personal data is stored in the United Kingdom, which is part of the European Economic Area (“EEA”). We do not store/process any of your personal data outside the EEA.

 

Uses made of the information

We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations.  Our legal basis for processing your personal data is our contractual obligation to you, to provide you with the products and consultancy services you have requested, and it is in our legitimate interests to build a relationship with clients.

 

Disclosure of your information

We will not sell, distribute or lease your personal information to third parties unless we have your permission. We may disclose your personal information to third parties if under a duty to do so, for example to comply with any legal obligation, to enforce any agreements or to protect the rights, property, or safety of SME Comply employees, or others. This includes exchanging information with other companies and organisations for the purposes of anti-money laundering legislation and credit risk reduction.

 

Retention

We will not retain your personal data indefinately, and in most non-contractual cases we will delete your personal data after one year.  If you have entered into a contract for service with us, we will retain your personal data for a period of six years following the conclusion of the contract. 

 

Security

We will use appropriate technical and organisational measures to keep personal information secure, and in particular to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. We have in place a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

 

Your rights

You have certain rights in relation to the personal information we hold about you.   These rights may include:

1. Right to be informed – you have a right to be told how we use your personal data. 

2. Right of access – you have the right to request a copy of the  personal data that we hold about you. (Similar to a SAR) 

3. Right of rectification – you have a right to correct personal data that we hold about you that is inaccurate or incomplete.

4. Right to erasure (right to be forgotten) – in certain circumstances you can ask for the personal data we hold about you to be erased from our records.

5. Right to restrict processing – in certain circumstances you have a right to restrict us processing your personal data.

6. Right of data portability – you have the right to have personal data we hold about you transferred to another organisation.

7. Right to object – you have the right to object to certain types of processing of your personal data, such as direct marketing.

8. Automated decision making including profiling  - you have the right to object to the automated processing of your personal data, including profiling (subject to exceptions contained at Article 22(2) GDPR).

 

How to exercise your rights

You may exercise any of your rights in relation to your personal data by writing to us at the address above, or emailing our Data Protection Officer at info@smecomply.co.uk. To avoid delay in dealing with your request please ensure that you confirm in your request which right you wish to exercise along with the reasons why.

We will respond to your request within 30 days by granting your request, asking for more time or further detail, or we can refuse your request.  In the event that we refuse your request we will provide you with reasons why, as well as provide you with details of how you can challenge or appeal our decision. 

You will also be informed of your right to legally challenge our decision with the ICO.

Third Parties

We may use the data that you provide for marketing purposes to promote and sell our products.  Some of the data we collect is derived from information about your activities on our website provided to us by Google Analytics. Due to the nature of the Google Analytics service, the information we are provided by Google is also used by that company to inform its services to us and other business users.  Please visit the Google Analytics privacy policy for full details of what they may do with your personal data. 

Payments for products are collected via Paypal and we hold no record of payment card details.  Please visit Paypal's privacy policy for full details of what they may do with your personal data. 

Any questions or comments regarding this privacy policy should be sent by email to info@smecomply.co.uk.