SME Comply may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
SME Comply’s registered address is De Montfort House, 73 Enterprise Way, Evesham, WR11 1GS.
Our data protection lead is Gary O’Reilly who can be contacted at – firstname.lastname@example.org
Information we may collect from you
We provide consultancy services and products to purchase directly from our website. Personal data we may collect to allow us to perform those services could include your name, address, email address, any other relevant contact information and correspondence.
We do not process any financial personal data on our website. (see Third Parties below)
Where we store your personal data
All of your personal data is stored in the United Kingdom or within the European Economic Area (“EEA”). We do not store/process any of your personal data outside the EEA.
Uses made of the information
We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations. Our legal basis for processing your personal data is our contractual obligation to you, to provide you with the products and consultancy services you have requested, and it is in our legitimate interests to build a relationship with clients.
Disclosure of your information
We will not sell, distribute or lease your personal information to third parties unless we have your permission. We may disclose your personal information to third parties if under a duty to do so, for example to comply with any legal obligation, to enforce any agreements or to protect the rights, property, or safety of SME Comply employees, or others. This includes exchanging information with other companies and organisations for the purposes of anti-money laundering legislation and credit risk reduction.
We will not retain your personal data indefinitely, and in most non-contractual cases we will delete your personal data after one year. If you have entered into a contract for service with us, we will retain your personal data for a period of six years following the conclusion of the contract.
We will use appropriate technical and organisational measures to keep personal information secure, and in particular to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. We have in place a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
You have certain rights in relation to the personal information we hold about you. These rights may include:
How to exercise your rights
You may exercise any of your rights in relation to your personal data by writing to us at the address above, or emailing our Data Protection lead at email@example.com. To avoid delay in dealing with your request please ensure that you confirm in your request which right you wish to exercise along with the reasons why.
We will respond to your request within 30 days by granting your request, asking for more time or further detail, or we can refuse your request. In the event that we refuse your request we will provide you with reasons why, as well as provide you with details of how you can challenge or appeal our decision.
You will also be informed of your right to legally challenge our decision with the ICO.