This is the Privacy Notice for Sussex Marketing Strategies Ltd.
The purpose of this notice is to inform you about how and why your personal data is used so that we are as transparent as possible, and to ensure that you are aware of your rights under data protection legislation. This is not an agreement document; it is simply for your information.
Data Controller Details
We are Sussex Marketing Strategies Ltd. (company number 12247966) and our address is Planet House, North Heath Lane Industrial Estate, Horsham, West Sussex, RH12 5QE. Our contact email is email@example.com and our telephone number is 01403 613007.
We keep the minimum amount of information we can about you to provide our search engine optimisation and social media marketing services, meet our legal obligations and for billing purposes. Your data is deleted when we no longer need it for the purposes we collected it for, unless we have an obligation or legitimate interest to keep it.
We do not pass your information to third parties, except in exceptional circumstances (outlined below) and have policies, procedures, and technical measures in place to keep your data secure.
What data do we process?
As a client, we will hold the following information about you:
- Your name and contact information
- Information about your business activities
- Communications with you
- Invoicing and payment information
Explaining the lawful basis
References in this notice to the basis of processing (e.g. "(Basis - Article. 6.1.f)") are a reference to the article of the UK General Data Protection Regulation which provides us the lawful basis to process the specific data in question. This will be an Article 6 lawful basis as we do not process special category personal data.
Engaging you in and continuing our commercial relationship
We use the information we hold about you to engage in a commercial relationship and maintain that relationship over time. We will add your personal data to our email address book and contact list. We also use your information to invoice you, and keep track of payments that you make, as well as to keep in contact throughout our relationship. The lawful basis for this is Article. 6.1.b – performance of a contract: this is necessary to deliver the service to you.
As there is a contractual requirement to provide us with your personal data, the consequence of any failure to provide the required data will be the inability to access our services.
We will retain your personal data for the period you actively engage with us. We will subsequently retain all or some of your personal data where we have a legal obligation to, for example 7 years for HMRC reporting purposes. Email correspondence will be retained for 5 years before deletion.
We will not share your personal data to any other third party without your permission, except in the following circumstances:
- If you do not pay your invoices, we may choose to engage a third party to recover any money you owe us. The lawful basis for this is Article 6.1.f - We have a legitimate interest to pursue money owed to us.
- It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. The lawful basis is Article 6.1.c – ‘Legal Obligation’.
- We do use an external accountancy service and they have limited visibility of your personal data for the administration of company financial affairs. The lawful basis for this is Article 6.1.f - we have a legitimate interest to allow our accountant to have limited access to our client personal data to manage and file our accounts.
We will transfer your personal data to our service providers such as Microsoft for our email platform and to Xero our accounting platform. We only engage with data processors which can provide us reassurances of their ability to keep your data safe and secure. We ensure that they have the right technical and organisational measures in place and that our agreement is covered by the appropriate contractual arrangements as required by the Article 28 UK GDPR.
Your data will be held in the UK data centres, other than Xero, where the data is stored in the United Staters of America. This international data transfer is permitted using Standard Contractual Clauses.
The UK GDPR requires us to implement appropriate technical and organisational measures to protect data. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website. Additional technical measures include appropriate access controls to the systems used by us and security applied to our website.
The UK GDPR provides you several rights and the ones most relevant to you are:
- The right to get access to your personal data and information about our processing of it.
- In certain circumstances, you have the right to restrict our processing of your data and compel us to erase the bits we do not use for legal purposes.
- You have the right to ask us to rectify any inaccurate information we may inadvertently hold about you.
If you want to exercise any of these rights, please just get in contact at firstname.lastname@example.org
You also have the right to lodge a complaint about our processing with a supervisory authority - the UK's Information Commissioner's Office.
Information Commissioner's Office
Telephone: 0303 123 1113