Privacy Policy | Saepio

INFORMATION ABOUT US

Saepio Solutions Limited is a company incorporated in England & Wales with company number 10343084 whose registered office is 5 & 6 Anglo Business Park, Lincoln Road, High Wycombe, Bucks, HP12 3RH.

If you would like to request any information about your personal data or believe that we are holding incorrect personal data on you, please contact dataprivacy@saepio.co.uk.

Saepio respects your privacy and is committed to protecting your personal data in accordance with relevant regulations such as the UK Data Protection Act 2019 and the General Data Protection Regulation (GDPR).

WHO TO CONTACT FOR MORE INFORMATION?

If you have questions about or need further information on our privacy policy, please contact us at dataprivacy@saepio.co.uk.

WHO TO CONTACT TO OPT-OUT OF MARKETING COMMUNICATIONS?

If you at any time you wish to opt-out of marketing communications, please contact us at dataprivacy@saepio.co.uk and we will add you to our No-Contact list.

COLLECTION OF PERSONAL DATA

We may collect your personal information from publicly available sources if it supports our legitimate interest to do so.

We may collect your personal data from a mutual third-party who you have provided your details to for the purposes of providing an additional service both Saepio and the mutual third-party believes our services and solutions could be of benefit. In this instance, we will confirm your consent has been given either from the
third-party or yourself when we contact you.

We may collect, use, store and transfer different kinds of personal data about you from information that you provide voluntarily such as such as information provided at the time of registering with us, ordering products or services, subscribing to marketing communications from us, registering for an event, applying for a job with us or contacting us.

We may also collect information from you automatically when you visit our website, including IP address and account usernames.

We may use cookies on our website to gain better insight to how our website is being used and to improve the service we provide to site visitors. Please see the cookie policy page on the website for more details.

The types of data we hold:

  • Identity Data includes first name, last name, title.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Profile Data includes preferences, feedback, and survey responses.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

HOW WE USE YOUR DATA

We use your personal data for the reasons listed below:

  • Direct marketing activity to engage with a potential customer who might benefit from Saepio’s products and services to improve their Cyber Security Resilience.
  • To contact you and for account management: to register you as a new customer, process and deliver an order and for invoicing and renewals.
  • For any events we or our partners may run, we may take your personal data as part of a registration process, to track attendance and to relay any details before, during or after the event.
  • Using our website: when you visit our website, we collect information in accordance with our website privacy policy. Collecting this information allows us to better understand visitors who come to our website and what content is useful to them. We also use this information to improve the quality and relevance of our website.
  • For market research: if you complete any Saepio surveys or provide any feedback on products, services or events, we may use your data to carry our market research. We
    may use this information to improve our understanding of our customers including demographics, interests, and behaviour.
  • For marketing and promotions: we may contact you to provide you with information about products and services that may be of interest to you.
  • For job applications, we will collect information about you in a job application to process your application.

THE LAWFUL BASIS FOR PROCESSING

  • Direct marketing activities where we have a legitimate interest to communicate with you as a potential or existing customer
  • Where we need to perform the contract, we are about to enter or have entered with you.
  • Where we have your consent to do so.
  • Where we need to comply with a legal or regulatory obligation.

DO WE SHARE YOUR DATA?

We may disclose your personal information to the following:

  • To third party service providers, partners, subcontractors, agents, distributors, vendors, and other partners for the purposes set out in this privacy policy; and
  • Where we may be legally required to share certain personal data if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

If any of your personal data is transferred to a third party we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.

TRANSFERS OF PERSONAL DATA TO OTHER COUNTRIES OUTSIDE OF THE UK

Where Saepio requires the use of a data processor to fulfil its services, the data processor agreement will select systems that are based in the UK as a first choice. In some cases, data processors may not have a presence in the UK. In these cases, Saepio will choose a location where the UK has a current data adequacy agreement in place and as such international transfer guidelines do not apply.

At present these alternate locations are limited to the European Union (EU) or United States of America (USA) in a small number of cases to ensure any personal data we transfer there is adequately protected, and international transfer rules of the UK Data Protection Act are not applicable.

  • On the 4th 16th of July 2020, the EU invalidated the Privacy Shield Agreement which functioned as a data adequacy ruling allowing data from the EU to be transferred to the USA. This means that any data UK company holds that originated from the EU and is transferred to the USA could be subject to international transfer guidelines.
  • On the 28th of June 2021, the EU formally recognised the UK as having appropriate data protection controls in place and therefore companies in the UK and the EU can exchange data without the need to follow international transfer guidelines.
  • On the 15th of January 2021, the UK Government signed a Memorandum of Understanding between itself and the ICO in relation to UK data adequacy powers which means that the UK now has the power to make data adequacy decisions and as such can decide which countries UK companies can transfer data to without the need to follow international transfer guidelines.

The ICO has recognised this transition period will be complex for consumers and SME businesses in the UK and as such issue’s regular guidance on these matters. Saepio assess current practices against this guidance either when it is issued or when our business processes change, and data transfer regulations may apply.

As a result of the data protection impact assessment, Saepio have identified no impact to existing data processing arrangements and the following additional controls for any new data processors we engage who are based in the USA –

  • any data processing agreements entered with data processors operating in the USA will have contractual provisions in place to address the invalidated privacy shield agreement and,
  • consent will be obtained from data subjects originating from the EU prior to processing personal data in the USA.

If you have any concerns about where we are holding your personal data during this time, we welcome you to contact us at dataprivacy@saepio.co.uk.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

YOUR LEGAL RIGHTS

You have rights under data protection laws in relation to your personal data.

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights related to automated decision making and profiling

For more information on these rights, please refer to the Information Commissioners Office, www.ico.org.uk

CHANGES TO THE PRIVACY NOTICE

This version was last updated on 02/07/2021. We reserve the right to amend or vary this policy at any site. Any changes will be deemed to be accepted by you on your first use of our website following the changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.