It is important that you read this Website Privacy Notice as it contains information on who we are but most importantly how and why we collect, process and store your personal data. This Notice in particular includes information on how the website collects data and how to contact us in the event of a complaint or query.
As a business we are committed to protecting the privacy and security of your personal data.
This Website Privacy Notice should be read in conjunction with our Stakeholder Privacy Notice which you can request by contacting us.
- Issue/Update Register
- Who We Are
- Personal Data We Collect and Use
- How We Use your Personal Data
- Transfer of your Data Out of the EEA
- Data Security
- Your Rights
- Contacting Us
2. Issue/Updated Register
Issue 1 - Original Notice - Dean Kahl - 20-09-2018
Issue 2 - Annual Review & Change of Data Protection Representative - 20-08-2019
3. Who We Are
SEC Direct (The Storage Equipment Centre Ltd) collects, uses and is responsible for personal data about you.
We are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
4. Personal Data We Collect and Use
4.1 Information you provide voluntarily
In the course of using this website you will voluntarily provide data that we collect, store and use. This will be either contact form submissions, via telephone or the website chat function.
This data may include:
- Personal contact details such as name, title, address, telephone numbers and email addresses.
- Enquiry details
In supplying this information, you consent to this information being collected, stored and used as described in our Privacy Notice.
4.2 Information we collect automatically
When you browse www.sec-direct.co.uk we may collect data about your use of the website.
This data may include:
- Operating System
- IP Address
- Browser ID
- Browsing activity
- User ID (automatically generated identification numbers for systems including our visitor tracking and website chat function).
4.2.1 Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any data which you provide whilst visiting such sites and such sites are not governed by this Website Privacy Notice or our Stakeholder Privacy Notice. You should exercise caution and look at the privacy statement applicable to the website in question.
4.3 Other data we collect
We collect personal information directly from you, either automatically or that which you give voluntarily. Please see 4.1 and 4.2
Incoming telephone calls are recorded for record-keeping, training and quality assurance purposes. We may make tele-marketing calls to you which are also recorded for the same purposes.
5. How we use your personal data
We will only use your personal data in accordance with the legal bases for processing personal data. At present, we have identified that we will process your personal data under the following legal basis:
- Article 6(1)(b) – Contract
- Where we need to perform a contract we have entered into with you
- Article 6(1)(c) – Legal Obligation
- Where we need to comply with legal obligations
- Article 6(1)(f) – Legitimate Interests
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and the fundamental rights do not override those interest. One form of legitimate interest is Direct Marketing.
Where additional processing of your data is required, we will identify a specific legal basis for processing the data and update all relevant documentation accordingly.
Examples of the specific uses of your personal data can be found in our Stakeholder Privacy Notice.
5.1 How long we hold the data for
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk or harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a customer of the company, we will retain and securely destroy your personal information in accordance with our privacy standard.
information in accordance with our written policy to carry out our legal obligations. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Furthermore, to carry out our Direct Marketing activities, we do not need your consent.
The ePrivacy Directive was transposed into UK law as the Privacy and Electronic Communications (EC Directive) Regulations 2003 or PECR (Privacy and Electronics Communications Regulations). Currently, the PECR, provides a defined exclusion from opt-in requirements for B2B Communications. The SEC Group communications fall under this category.
The EU are intending to replace the ePrivacy Directive with the Regulation on Privacy and Electronic Communications. Until such time as The Regulation on Privacy and Electronic Communications is enacted, the UK’s PECR remains the de facto legislation that governs consent requirements for marketing communications. Within the UK, B2B telemarketing, direct mail and email marketing need to offer an opt-out, and do not require an opt-in.
7. Transfer of your data out of the EEA
Your personal data may be stored and processed in any country where we have service providers, and by using this website or by providing consent to us, you agree to the transfer of information to countries outside of your country of residence, including to the United States.
We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Website Privacy Notice and our Stakeholder Privacy Notice.
One example of data transfer is to our email marketing platform (ESP) which may, for example, be hosted in the United States. The data transferred will be limited to the intended purpose, for example name and email address.
8. Data security
We have put in place measures to protect the security of your data. Details of these measures are available upon request.
Third parties will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, suppliers and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
9. Your rights
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.
Under certain circumstances, by law you have the right to:
- The right to be informed
- The right of access
- You are entitled to know what data is held about you and how it is being processed.
- The right to rectification
- You are entitled to have your personal data corrected if it is inaccurate or incomplete.
- The right to erasure – also known as “the right to be forgotten”:
- You have the right to request the removal of personal data where there is no compelling reason for its continued processing.
- The right to restrict processing:
- You have the right to block or suppress processing of their personal data.
- The right to data portability:
- This allows you to transfer or copy your personal data from one IT environment to another, safely and securely.
- The right to object:
- You have the right to object to the use of your personal information in certain circumstances.
- Rights in relation to automated decision making and profiling:
- In specific circumstances, you have the right not be the subject of a decision which:
- Has a legal bearing or significant on you; and
- Which is based on automated processing
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact the Data Protection Representatives in writing.
You are free to opt-out at any time by using the unsubscribe hyperlink found in our email marketing messages, or contacting the Data Protection Representative.
10. Contact Us
Please contact our Data Protection Representative, Vanessa Beck, if you have any questions about this Website Privacy Notice, our Stakeholder Privacy Notice or the data we hold about you.
Please use the contact form or write to us at: Data Protection Representative, SEC Direct, Unit 11 The iO Centre, Whittle Way, Arlington Business Park, Stevenage, Hertfordshire, SG1 2BD or call 01438 731992.