GDPR Policy Statement
Somerford Associates takes data protection and privacy very seriously. We recognise that new General Data Protection Regulation (GDPR) becomes effective from 25th May 2018 and have been running a programme of work for some time to ensure we are able to comply with these changes. The following is a brief outline of our position.
About Us
Somerford Associates is a UK limited company whose commercial offices are in Unit 117 Watermoor Point, Watermoor Road, Cirencester, Gloucestershire, GL7 1LF and whose registered office is in Park House, Church Place, Swindon SN1 5ED.
We are an Elite / Premier Partner with leading-edge providers of innovative, disruptive, agile technologies for information security and operational/business Intelligence, working with some of the largest companies and Government Departments globally. These innovative technologies are disruptive to existing solutions, ensuring they are robust, value for money and implemented quickly when compared to alternative solutions.
Our flexible and practical approach is to implement a solution that is appropriate for each organisation and services are tailored to the customer needs. Our expert certified consultants can advise on the right solution for businesses by understanding the areas of concern, complete a proof of concept and provide assistance or total service for implementation and ongoing support.
What Personal Information Do We Collect and What Do We Use It For?
At Somerford Associates we will only collect the personal information we need in order to deliver our products and services to you, or to fulfil our statutory purposes and obligations. In doing so, we may collect or receive from our partners any of the following:
- Your personal details such as name, job title, email address, postal address, telephone and other contact information (typically the sort of information that may be held on a business card and exchanged with other business contacts)
- Your contact preferences (for example whether you like to be contacted by post, email, text message, phone etc)
- Details of any interests and preferences you have in the products and services we provide now or may be considering for the future
- Details of your visit to our website including your IP address (the location of the computer on the internet), pages accessed and files downloaded
- Records of your correspondence with us, if you have contacted us
- Details of support and training requests you have made and information we may have provided to you in response to such requests
- Financial and accounting information such as purchase orders, payment records, bank details (eg. payment or receipt of monies) when you make a financial transaction with us
We do not collect or store sensitive personal data about people that we deal with, such as information relating to your race, ethnic origin, politics, religion, trade union membership, genetics, health, sex life, sexual orientation or criminal record.
We also do not hold contact details such as your home address, private phone number or other private contact details unless you choose to give us these in place of your business contact details. If you do so, we will provide the same levels of protection but this is entirely at your own risk.
We may collect information about you in the following ways:
- When you make an enquiry or provide feedback about our products or services, whether directly or via social media
- When you purchase a product or service from us
- When you request samples, trial software, product/service literature or evaluation services from us
- When you subscribe to our newsletters and blogs
- When you register an account on our web-site or our online portal
- When you request technical support or training services from us
- When you enter into any other form of contract or agreement with us
We sometimes receive personal data from third parties when pursuing our legitimate purpose of growing the sales of our products and services to organisations with a likely interest in these. When doing so, we are aiming to develop a business-to-business relationship, strictly following these guidelines:
- When we use external marketing databases, these will be taken from third-parties who have sought and gained the approval for the named contacts to be listed for the purposes of such marketing
- We will take care to contact you only if we believe you are a the person within your organisation with a professional interest in the products and services being offered (for example a key influencer or decision maker in the of procurement of such)
- We will not contact you if you have previously requested not to be contacted by us, either directly or through registering with the Telephone Preference Service, or the Mailing Preference Service etc.
- We will fully respect your data protection rights under GDPR. For further information please see the UK Information Commissioner’s Office website
- We will comply with other relevant legal or ethical standards and with industry codes of practice (for example the UK Privacy and Electronic Communications Regulations)
Disclosing and Sharing Data
We will never sell your personal data.
If you have opted in to our marketing we may contact you with information about our products and services including those delivered on our behalf by our partners, suppliers and other contracted third parties.
We will only share personal data if:
This is necessary in order for us to deliver the products and services we have agreed to provide you with, for example where we are working with a contractor, supplier or partner that is carrying out work on our behalf. In such cases, this will be carried out under a formal agreement requiring them to keep your information confidential and secure
We need to advise our partners of your interest in attending and/or registration for marketing, promotional, awareness and training events held by them and Somerford Associates
We are legally required to do so (for example if compelled by an order of court or by a law enforcement agency legitimately exercising a power)
How Do We Protect Personal Data?
We take all reasonable care to protect our own data and the data entrusted to us by our customers and other stakeholders. This includes the implementation of a broad range of technical security measures including:
Firewalls and other network security features
Antivirus and other malware prevention
Regular security patching and updates to servers and end-user computing
Identity and access management systems with multi-factor authentication
Encryption of data at rest and in transit using strong algorithms
Intrusion detection and advanced persistent threat detection/prevention
Security Information and Event Management
Cloud based security controls where appropriate
These are backed by internal security processes and staff security awareness training.
Please note that Somerford Associates does not publish further details of our security controls since this would constitute a security risk. If you have further queries, please contact our Information Security and Data Protection Officer (see below).
For How Long Do We Retain Personal Information?
We will keep your personal data for no longer than is reasonable to fulfil the purposes for which it is processed.
Your Rights
Under the new GDPR you have the following rights regarding your personal information:
The right to be informed about how we process your personal information
The right of access to a copy of the information we hold about you (otherwise known as a Subject Access Request)
The right to have your data erased (although this will not apply where it is necessary for us to continue to use the data for a lawful purpose, for example the administration of an existing agreement or delivery of an existing service)
The right to have inaccurate data corrected promptly
The right to object to your data being used for marketing or profiling purposes,
The right to “data portability”, although this has no practical meaning in the context of the products and services we provide
Rights in relation to automated decision making and profiling, but again this has little practical meaning in the context of the products and services we provide.
Please be aware that exemptions apply to these rights in some cases. There may also be circumstances where we legally prevented from complying with these. Further advice and guidance about your data protection rights can be found on the UK Information Commissioner’s Office website.
GDPR Statement (V1) 23-05-18
Contacting Us
If you wish to contact Somerford Associates on any aspect of your data protection rights please contact us, or write to the Data Protection Officer, Somerford Associates, Park House, Church Place, Swindon, SN1 5ED.
Approval
Andy Davies, Director
29th May 2024