MFA Brochure

Download the new On-Premise MFA E-Guide >

Cyber Security Search
English Deutsch Español
Cyber Security Search Contact Us Partner Portal
Cyber Security
Try SecurEnvoy
  1. Home
  3. Privacy Notice

Privacy Notice

Introduction

SecurEnvoy Limited (“SE”)  is committed to safeguarding an individual’s personal and sensitive personal data and is bound to comply with the UK Data Protection Act 2018 (“DPA”) and EU General Data Protection Regulation (“GDPR”), along with similar and applicable laws in other countries around the world. This Privacy Notice forms part of SE’s obligation to be fair and transparent with all individuals whose personal and sensitive personal data it processes, whilst visiting the SE Website, and to provide details around how it processes such data.

Who we are?

SE provides access management and data protection services.  Its registered company number is 04866711 and its registered address is 22 Great James Street, London, WC1N 3ES.

SE is part of The Shearwater Group plc (“SWG”), an Alternative Investment Market (“AIM”) listed company, whose UK registered company number is 05059457 and registered address is 22 Great James Street, London, WC1N 3ES.

What personal data do we process?

We may collect and process the following data about you:

  • Information you give us about you by filling in forms on our Website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our Website, buy products via our Website and when you report a problem with our Website. The information you give us may include your name, business address, business e-mail address and phone number.
  • Information we may automatically collect about you with regard to each of your visits to our Website including technical information (e.g. the Internet protocol (IP) addresses, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform); and information about your visit (e.g. the full UR clickstream to, through and from our site; products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number).
  • Information we receive from other sources about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners (resellers and distributors), sub-contractors in technical, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about your company from them.

Why do we process your personal data?

We use personal data that you give to us, for the following purposes:-

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
  • to send you notifications about your order (if you place one);
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please let us know when we collect your data;
  • to ensure that content from our Website is presented in the most effective manner for you and for your computer.
  • By providing us with your e-mail address you consent to our using the e-mail address to provide you with e-mail alert services. If at any time you do not wish to be contacted by us by e-mail please use the link provided on any e-mail sent to you to unsubscribe. Alternatively, write to the Data Protection Officer (please see details below).

We use personal data that we collect about you, for the following purposes to administer and improve our Website and for internal operations:-

  • as part of our efforts to keep our Website safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; or
  • to make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.

If you cannot provide personal data

  • In some instances, we need to collect your data in order to provide you with our whitepapers, or other thought leadership and insights. If you do not provide your data then we would be unable to provide you with such content.

We may combine information we receive from other sources with information you give to us and information we collect about you and use the combined information for the purposes set out above.

Lawful basis

SE operates under a number of lawful bases as required under the data protection laws.  These include:

  • Consent
  • Legitimate interests
  • Performance of a contract
  • Compliance with a legal obligation

We have provided below, examples of some data processing activities that are carried out, across SE and SWG, along with the respective lawful bases being relied upon.

Purpose of processing

Types of personal data

Lawful basis relied upon

Sending marketing emails
(business to business)

Name, email address,
marketing preferences

Legitimate interests

Sending marketing emails
(business to customer)

Name, email address,
marketing preferences

Consent

Carrying out a data protection
‘gap analysis’ for a client

Name, email address and
job role of contact

Contract

Carrying out an audit
for a client

Name, email address and
job role of contact

Contract

Who do we share your data with?

We only disclose your personal data in ways set out in this Privacy Notice or subject to any contractual agreements that are in place with us. The following circumstances may apply: –

  • We may share your information with the Shearwater Group plc, company Number 05059457.
  • We may share your information with trusted third parties who provide us with support services including:
    • Business partners, and sub-contractors for the performance of any contract we enter into with them or you.
    • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users.
    • Analytics and search engine providers that assist us in the improvement and optimisation of our site.
    • Credit reference agencies for the purpose of assessing your business credit score where this is a condition of us entering into a contract with you.
  • We may disclose your personal information to third parties in the following circumstances:
    • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
    • If we are, or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
    • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of SecurEnvoy Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We do not sell, rent or trade any of your personal data.

Data retention

We hold your personal data for as long as necessary in line with any legislative, regulatory or business need.

We have provided below, examples of the data retention periods applied across SWG for different types of personal data.

Type of personal data

Retention period

Justification

Applications relating to
unsuccessful job applicants

6 months from date of application

Business need/Best practice

Invoices from suppliers

7 years from invoice date

Limitation Act 1980

Employee personnel files

7 years after employee
leaves the company

Limitation Act 1980

Data subject access requests

2 years from last action

Business need/Best practice

As stated below, you have the right to request we erase your data, where we do not have any overriding legal, regulatory or contractual obligations.

How do we protect your data?

We aim to ensure that your personal data is secure. In order to prevent unauthorised access, loss, misuse or alteration, we have put in place appropriate physical, technical and organisational measures to safeguard and secure the personal data we collect. Our service providers are required to do the same. They will only process your personal data on our instructions and they are subject to a duty of confidentiality and oversight.

In addition, we limit access to your personal data on a least privilege, need to know basis. We also carry out regular security testing to ensure that your personal data is protected.

Any personal data sent to us, either in writing or email, may be insecure in transit and we cannot guarantee its delivery.

International data transfers

Personal data that we collect is only stored in the UK, the EU and the USA.  Where data is stored outside the UK or the EU, we ensure that there are adequate security controls in place, such as contractual arrangements, to ensure it is processed appropriately.  

Please also see our separate Cloud Privacy Notice

Your legal rights

SE tries to be as open as it can be in terms of giving people access to their personal information and we have outlined your rights below.

You have the right to ask us:

  • whether we are processing your personal information and the purposes it is processed for (the right to be informed) – this is delivered through ‘fair processing information’ such as this Privacy Notice;
  • for a copy of the personal information that we hold about you (the right of access);
  • to update or correct your personal information (the right to rectification);
  • to delete your information (the right to erasure); and
  • to restrict processing of your personal information where appropriate (the right to restrict processing).

In certain circumstances you also have the right to: 

  • object to the processing of your personal information (the right to object);
  • object to automated decision making and profiling (the right not to be subject to automated decision-making including profiling); and
  • request that information about you is provided to a third party in a commonly used, machine readable form (the right to data portability)

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex. In such instances, we will notify you and keep you updated.

How to manage your marketing consent 

You may give and withdraw consent to the receipt of marketing information and tell us your communication preferences at any time. If you wish to change your preferences regarding the receipt of marketing or other communications from us please contact marketing@securenvoy.com. You may also use the ‘unsubscribe’ link at the bottom of any marketing communication.

Links to other organisations on our website. 

Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these policies. Please check these notices before you submit any personal data to these websites.

Updates to this policy

In order to remain compliant with any legal and regulatory obligations, or as part of our evolving business practices, we may update this Privacy Notice from time to time by publishing a new version. In certain instances, we may notify you.

Data Protection Registration

We are registered as a data controller with the UK Information Commissioner’s Office and our data protection registration number is: ZA229874.

How to contact us

You can contact us as follows: –

Email:dpo@theshearwatergroup.co.uk
Web:www.securenvoy.com
Telephone:+44 (0)20 3745 7820
In Writing:Data Protection Officer
The Shearwater Group
32 Threadneedle Street
London
EC2R 8AY
United Kingdom

 

Making a complaint

If you feel your rights have not been respected, or do not feel a situation was resolved satisfactorily, you have the right to raise a complaint to the UK Information Commissioner.

You can contact them as follows: –

Web: https://ico.org.uk/make-a-complaint/

Telephone: +44 (0)303 123 1113

Contact: https://ico.org.uk/global/contact-us/

In writing:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Get In Touch

Get in touch with our sales team to book a demo, request a 30-day trial, or just to chat about how we can help you.

Contact Us