Privacy Policy
- This privacy policy explains what we do with your personal information in connection with operating our business.
- It describes how we collect, use and process your personal information, how we keep to our legal obligations to you when doing so. Your privacy is important to us, and we are committed to protecting your rights.
- For the purposes of the General Data Protection regulations we, SureSet UK Ltd, 32 Deverill Road Trading Estate, Warminster, Wiltshire are responsible for your personal information. Our contact details are: telephone 01985841180; email [email protected]; website www.sureset.co.uk.
- The GDPR has been introduced by European Regulators to make sure data protection laws are fit for purpose and consistent across Europe. The GDPR will come into effect on 25th May 2018.
- If you are not satisfied with any part of our privacy policy, you may have legal rights, which are described below.
What kind of personal information do we collect?
When you contact us, you will need to give us your personal information. This information we will collect falls in to the following categories:
- Information you provide us to process your enquiry for our products or services.
- Information we collect about your online enquiry.
- Information we collect about your use of our website, and other online platforms.
- Information we collect to enable us to maintain a smooth business relationship with you.
- Information we have collected when we have previously provided products or services to you.
For details of the legal basis that we rely on to be able to use and process your personal information please see section (Legal basis for us processing your information) of this policy.
How do we collect your personal information?
We collect:
- Personal information that you give to us.
- Personal information that we receive from other sources.
Personal information that you give to us
- when you provide information to us for entering into a contract for supplying products or services.
- When you use our website or mobile applications.
- When you contact us by letter, email or phone.
- When we contact you by letter, email or phone.
Personal information we receive from other sources
We may collect personal information about you from third parties. This includes:
- companies that provide us with credit references, credit and debit card services and other payment processing services.
- companies contracted by you to supply our products or services.
How do we use your personal information?
The main reason we use information about you is to make sure that the contract between us is properly implemented and that our relationship can run smoothly. Your personal information will be collected and used exclusively for the purposes set out in this policy. Personal data will not be passed onto third parties apart for the exceptions below:
- If you have given us express consent.
- In order to fulfil any legal obligations where the processing of personal information is necessary.
- In order to process a contract with you.
We may use your personal data for these purposes if we consider it necessary for our legitimate interests.
Who do we share personal information with?
We will share your personal information mainly to make sure that we manage the supply of products and services to you as efficiently as possible and to ensure our business relationship runs smoothly. Unless you tell us otherwise we will share information with the following groups.
- Any companies within our group.
- third parties who work on our behalf or provide products or services to us (e.g. delivery services, marketing services, data processors, subcontractors, external consultants, professional advisors such as lawyers and accountants, and payment enforcement agencies).
- governmentally and law enforcement agencies (if the law says that we must share this information).
We do not sell personal information to third parties, and we only allow permit third parties to send you marketing information when we have your consent to do so.
How do we protect your personal information?
We place great importance on protecting your information and have appropriate measures in place to prevent anyone having unauthorised access to it.
We are committed to taking appropriate steps to protect your personal information from misuse, loss or unauthorised access. We will take appropriate technical and organisational security measures (i.e. encryption and disaster recovery plans) to make sure that your information is treated securely and in line with this privacy policy.
We will also make sure that any third parties we have contact with have appropriate security measures and use your personal information only in line with our instructions.
If you suspect that your information has been misused or lost, or that someone unauthorised has access to it, please let us know immediately. Please contact us first. We will investigate the matter and update you as soon as possible as to what we are going to do about it.
How long do we keep your personal information for?
We will not keep your personal information for longer than it is necessary for the purposes for which it was collected for, unless the law or another regulation says we should keep it (e.g. for our tax payment records).
When it is no longer necessary to keep your personal information, we will delete it from our systems. We will try to delete your information permanently, but some of it may still exist within our systems, for example if it is waiting to be overwritten or has been electronically backed up. For our purposes this information has been put beyond use. This means that, although it still exists in electronic form, our employees will not access it or use it again.
How can you access, amend or take back the personal information that you have given us?
Even if we hold your personal information, you still have various rights in relation to it, which are set out below.
If you want to contact us to exercise any of these rights please email the Data Protection Officer at [email protected] or write to: SureSet UK Ltd, 32 Deverill Road Trading Estate, Warminster, Wiltshire, BA12 7BZ.
If you contact us about these rights, we will try to respond to your request as soon as possible and always within one month or in accordance with any extensions we may be entitled to by law. We may keep a record of your communications to help us process your request.
The GDPR gives you the following rights
The right to object
You have the right to object to us processing your personal information if we do so:
- Because it is in our legitimate interests.
- To help us to perform a task in the public interest or to meet a request from an official authority.
- For scientific, historical, research or statistical purposes.
- To send you marketing materials.
If your objection is about us processing your personal information because we think it is necessary for our legitimate interests, we must stop processing unless:
- We can show that we have a convincing legitimate reason for processing your information which overrides your interests.
- We are processing your information for the purposes of establishing or exercising a legal claim or in defence of a legal claim.
The right to withdraw permission
If we have your permission to process your personal information for certain activities, you may withdraw this permission at any time and we will stop the activity you agreed to, unless there is an alternative legal basis to justify us continuing to process your information. If this applies, we will tell you.
Data subject access requests
You can ask us to confirm what information we hold about you at any time and ask us to update or delete it. We will try to delete your personal information permanently, but some of it may still exist in our systems e.g. if it is waiting to be overwritten or is in electronic back-up. For our purposes this information has been put beyond use. This means that, although it still exists in electronic form, our employees will not access it or use it again. We may ask you for more information about your request.
If we give you access to the information we hold about you we will not charge you for this unless there are no grounds for your request or it is unfounded or excessive e.g. repeated frequent requests. If you ask us for further copies of this information we may charge you a reasonable administrative charge. If we are legally allowed to do so, we may refuse your request, if we do we will tell you the reasons for doing so.
The right to delete your information
You have the right to delete your information.
You have the right to ask us to delete your personal information in certain circumstances.
- When the information is no longer necessary for the purpose we originally collected or processed it.
- You have withdrawn your permission to us processing it and there is no valid reason for us to continue processing it.
- The information has been processed in a way not compliant with GDPR.
- The information needs to be deleted so we can keep to our obligations under EU law.
- It is information that we are processing because we believe it is necessary for our legitimate interests, if you object to this, and we are unable to demonstrate an overriding legitimate reason for continuing to process it.
We can only refuse to carry out your request for one of the following reasons:
- To keep to our legal obligations.
- To enforce or defend a legal claim.
- For archive, research or statistical purposes.
If we receive a valid request to delete information, we will take all practical steps to do so. We will try to delete your personal information permanently, but some of it may still exist in our systems e.g. if it is waiting to be overwritten or is in electronic back-up. For our purposes this information has been put beyond use. This means that, although it still exists in electronic form, our employees will not access it or use it again.
The right to restrict processing
You have the right to ask us to restrict processing your personal information in certain circumstances. This means that we can only continue to store your information and will not be able to process it until:
- You give us permission.
- We need to process the information further for either to protect the rights of another person, for reasons of important EU member state or public interest, or for establishment or defence of a legal claim.
You can ask us to restrict how we process your personal information in the following circumstances;
- If you believe the information is inaccurate. In this case, we will restrict our processing while we confirm the accuracy of the information.
- If you object to us processing your personal information for our legitimate interests. In this case you can ask us to restrict the information while we confirm our reasons for processing your information.
- If the way we are processing your information is unlawful, but you would prefer us to restrict rather than delete it.
- If we have no further need to process your information but you need the information to establish or defend a legal claim.
The right to correct your information
You have the right to ask us to correct any inaccurate or incomplete personal information that we hold about you, including by providing additional information which we will keep for your information. If we shared this information with anyone we will tell them we have corrected, unless this is impossible or involves an unreasonable amount of effort. You may also ask us for details of the people we have shares your information with. If we do not think it is reasonable to carry out your request, we will explain our reasons for this decision.
The right to transfer information
You have the right to transfer your personal information between data controllers. This means that you can transfer the details we have about you to a third party. To allow you to do this we transfer your information to you direct. This applies to:
- Personal information that we process automatically.
- Personal information provided by you.
- Personal information that we process with your permission or to keep to a contract.
The right to lodge a complaint with a supervisory body
You also have the right to complain to the Information Commissioners’ Office at Information Commissioner’s House, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; phone 0303 0123 1113; email [email protected]; live chat https://ico.org.uk/global/contactus/live-chat
If you would like to use any of these rights please contact us. We may keep a record of our communications to help us resolve any issues that you bring to our attention.
Who is responsible for processing your personal information
For the purposes of the General Data Protection regulations we, SureSet UK Ltd, 32 Deverill Road Trading Estate, Warminster, Wiltshire are responsible for your personal information. Our contact details are : telephone 01985841180; email [email protected]; website www.sureset.co.uk
We take privacy seriously and will get back to you as soon as possible and within the time limits set out in the GDPR.
How do we store and transfer your information internationally
We do not transfer any personal information outside of the EEA (member states of the European Union, Norway, Iceland and Liechenstein)
Legal basis for us processing your information
There are several ways that we are lawfully able to process your personal information.
When it is necessary for us to carry out our obligations arising from any contract, or the establishment of a contract between you and us.
- GDPR explains that we can process your information if it is necessary for the performance of a contract to which you are a party.
- A confirmation of your order for our products or services is a contract between you and us.
When it is in our legitimate interest
- GDPR explains that we can process your information if it is necessary for the purposes of legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights which require protection of personal information.
- We do not think that processing your information will negatively affect you in any way. However you have the right to object to this if you wish (please see ‘ The right to object’).
When you give us permission
In certain circumstances we will try to get your ‘opt-in’ permission before we process certain information. GDPR states that the opt-in permission is any freely given, specific, informed AS55 v2 14/07/2021 and unambiguous indication of the data subject’s wishes by which he/she by a statement or by a clear affirmative action signifies agreement to the processing of personal data relating to him/her. This means that:
- You have to give us your permission freely, without pressure from us.
- We should only ask you to agree to one processing activity at a time.
- You have to know what you are agreeing to.
- You need to take a positive and clear action to give us permission.
You have the right to withdraw your permission at any time (please see ‘the right to remove permission’).