Privacy Policy

Last Updated: 16/12/2019
We are Smarter Business Ltd, registered in England & Wales
Our Company number is 7076039
VAT registration number 275941861
Our trademark is Smarter Business Ltd

Privacy Policy and Data Protection Statement

Privacy Notice

This privacy notice explains how Smarter Business uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.

Topics:

  • Data controller
  • Basis for collecting your data (Lawful processing)
  • Recipients of data and data transfers
  • Sensitive Information
  • Retention policy
  • Data Storage and Security
  • Cookies
  • Your Rights as a data subject
  • Automated decision making
  • 3rd Party Websites
  • Contact Details

Data Controller

Smarter Business processes personal data as a Data Controller, as we determine the type of data collected, the purpose to which it is put to, its retention and disposal, how it is
collected and where it is stored. Smarter Business shall comply with all applicable Data Protection Laws in the processing of personal data.

We can be contacted at Smarter Business Group:
Ground Floor
Hayworth House
Market Place
Haywards Heath
West Sussex
RH16 1DB
01444220060

On what basis do we collect and process your data?

Data Protection law defines the basis by which we can lawfully collect and process personal data. If you are a registered customer we will use your personal information to:

  • Confirm acceptance of your registration;
  • Communicate with you about our services;
  • Check that you are a registered customer if you call us;
  • Collect payment from you;
  • Let you know by email about any changes to our services and website;
  • Market our products and services to you;
  • Improve our understanding of the type of customers we are attracting to our services and how they use the services;
  • To provide you with better service

We will collect personal data when we are required to through a legal obligation, such as requirements from public agencies in relation to financial reporting. We will also collect and process personal data where it is in the legitimate interest of Smarter Business to do so. Specifically, we use legitimate interest in relation to processing our customer’s personal data and for our Business to Business marketing activities. If you subscribe to one of our services, your credit or debit card information will be taken by one of our partner companies. We do not store your credit or debit card details.

For the data we act as data controller for, we have determined the following basis:

Customers

Purpose of ProcessingData CategoryData TypeLegal Basis
Engage commerciallyIdentity DetailsFirst NameLegitimate Interest
Engage commerciallyContact DetailsLast NameLegitimate Interest
Engage commerciallyContact DetailsMobile telephone No.Legitimate Interest
Engage commerciallyContact DetailsDirect Dial telephone No.Legitimate Interest
Engage commerciallyContact DetailsBusiness Email addressLegitimate Interest
MarketingIdentity DetailsFirst NameLegitimate Interest
MarketingIdentity DetailsLast NameLegitimate Interest
MarketingContact DetailsBusiness Email AddressLegitimate Interest

We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.

The data we collect as data controllers from our data subjects is obtained directly from the data subject themselves, or is obtained from sources such as social media platforms. Please see our Cookie Policy for information on the data collected by our website.

Data recipients and data transfers

We do not sell any of your personal data to any third party. Where required, Smarter Business share personal data with service providers such as our accountants and insurance companies. We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.

Smarter Business will transfer and store the personal data we collect about you in countries other than the country in which the data was originally collected, outside of the EEA. Smarter Business operates within both the United Kingdom and South Africa and subsequently we may contact you from our offices inside and outside of the United Kingdom. Any transfer of personal data from the UK to South Africa is classed as a restricted transfer as there is no adequacy decision in place and as such, is subject to additional processing conditions. Smarter Business will transfer your personal data on the basis of establishing Standard Contractual Clauses to provide the appropriate safeguards. Smarter Business data protection policies are actively enforced to provide adequate privacy protection controls to uphold an individual’s rights and freedoms, by allowing the secure transfer of personal data outside of the EEA.

Specifically, we share your data with:

Third Party CategoryType of Personal Data SharedObjective of Sharing Personal DataRetention Period
Energy Suppliers
  • First & Last Names;
  • Business Email Address;
  • Business landline number,
  • Mobile Number
For the purpose of your utility’s requirement.

Disclosure of personal information for the fulfilment of the contract.

This would include credit checks; payments and maintenance of the site(s).

This is required when establishing the suitability of a potential customer prior to them enlisting our services.

Details are retained for a period of seven years following the termination of a contract.
Systems Integrated Partners/analytics software services
  • First & Last Names;
  • Business Email Address,
  • Business landline number;
  • Mobile Number
To enable us to effectively monitor and optimise the delivery of our services.Details are retained for a period of seven years following the termination of a contract.
Cloud Telephony Systems
  • Business landline number/Direct Dial
  • Mobile Number
Cloud Telephony Platform to provide and record telephony services, embedded within Salesforce.Details are retained for a period of seven years following the termination of a contract.

Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Personal data in electronic form is held in EU or UK accredited data centres, our email system stores data outside of the EEA. Where data is transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision such as the USA Privacy Shield or through mechanism such as standard contractual clauses as approved by the EU.

Sensitive information

Smarter Business does not process special category data as defined by Article 9 of the GDPR.

Retention policy

The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Information (PII) placed on our system will be deleted in accordance with legal obligations, such as HMRC requirements. Outside of that Smarter Business has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.

Generally, personal data required for financial transaction and audit purposes, including reporting to the HMRC will be retained for 6 years plus the current year it is collected. The data we process for direct marketing purposes will be retained for as long as our legitimate interest is current. In the instance whereby we no longer have a legitimate business purpose to retain it, we will anonymise or delete such personal data immediately.

Data Storage and Security

Smarter Business follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.

Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.

We use Salesforce, a secure external server to store the information you give us when you register. Salesforce services are certified as compliant with some of the most rigorous, industry-accepted security, privacy, and reliability standards. They are certified and audited to standards as a service provider with the ISO/IEC 27001:2005 standard (including ISO 27001), SAS 70 Type II (now SSAE No. 16), SysTrust, and the EU-US and Swiss-US Safe Harbor frameworks).

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. Smarter Business is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/.

  • The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information.
  • Right of Access – you have the right to know what personal information is held, by whom and why.
  • The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
  • Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
  • Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
  • Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
  • Right to Object – You have the right to object to profiling and direct marketing.
  • You also have rights in relation to automated decision making.

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office – https://ico.org.uk

Automated decision making

Smarter Business does not use automated decision making to process personal data.

Third party websites

Our website may contain links to other websites. This privacy policy only applies to Smarter Business, so if you follow a link to another website, you should read that organisation’s own privacy policy.

Changes to our privacy policy

We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in November 2019

Smarter Business’ Data Protection Officer & Dispute Resolution

Smarter Business has a designated Data Protection Officer (DPO), who is responsible for matters regarding privacy and data protection. Should you wish to contact the DPO, refer to the following contact information:

Attention: Data Protection Officer
John De Mierre House
20 Bridge Road
Haywards Heath, West Sussex, RH16 1UA
Email: kirsty.brits@smarterbusiness.co.uk

Note, if you remain dissatisfied with the resolution received from our designated DPO, you have the right to directly contact the relevant Data Protection Authority within your jurisdiction. We do however request that you attempt to resolve any issues with us first although you have a right to contact the Data Protection Authority at any chosen time.