Last Updated: 16/12/2019
We are Smarter Business Ltd, registered in England & Wales
Our Company number is 7076039
VAT registration number 275941861
Our trademark is Smarter Business Ltd
This privacy notice explains how Smarter Business uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
- Data controller
- Basis for collecting your data (Lawful processing)
- Recipients of data and data transfers
- Sensitive Information
- Retention policy
- Data Storage and Security
- Your Rights as a data subject
- Automated decision making
- 3rd Party Websites
- Contact Details
Smarter Business processes personal data as a Data Controller, as we determine the type of data collected, the purpose to which it is put to, its retention and disposal, how it is
collected and where it is stored. Smarter Business shall comply with all applicable Data Protection Laws in the processing of personal data.
We can be contacted at Smarter Business Group:
On what basis do we collect and process your data?
Data Protection law defines the basis by which we can lawfully collect and process personal data. If you are a registered customer we will use your personal information to:
- Confirm acceptance of your registration;
- Communicate with you about our services;
- Check that you are a registered customer if you call us;
- Collect payment from you;
- Let you know by email about any changes to our services and website;
- Market our products and services to you;
- Improve our understanding of the type of customers we are attracting to our services and how they use the services;
- To provide you with better service
We will collect personal data when we are required to through a legal obligation, such as requirements from public agencies in relation to financial reporting. We will also collect and process personal data where it is in the legitimate interest of Smarter Business to do so. Specifically, we use legitimate interest in relation to processing our customer’s personal data and for our Business to Business marketing activities. If you subscribe to one of our services, your credit or debit card information will be taken by one of our partner companies. We do not store your credit or debit card details.
For the data we act as data controller for, we have determined the following basis:
|Purpose of Processing||Data Category||Data Type||Legal Basis|
|Engage commercially||Identity Details||First Name||Legitimate Interest|
|Engage commercially||Contact Details||Last Name||Legitimate Interest|
|Engage commercially||Contact Details||Mobile telephone No.||Legitimate Interest|
|Engage commercially||Contact Details||Direct Dial telephone No.||Legitimate Interest|
|Engage commercially||Contact Details||Business Email address||Legitimate Interest|
|Marketing||Identity Details||First Name||Legitimate Interest|
|Marketing||Identity Details||Last Name||Legitimate Interest|
|Marketing||Contact Details||Business Email Address||Legitimate Interest|
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.
Data recipients and data transfers
We do not sell any of your personal data to any third party. Where required, Smarter Business share personal data with service providers such as our accountants and insurance companies. We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.
Smarter Business will transfer and store the personal data we collect about you in countries other than the country in which the data was originally collected, outside of the EEA. Smarter Business operates within both the United Kingdom and South Africa and subsequently we may contact you from our offices inside and outside of the United Kingdom. Any transfer of personal data from the UK to South Africa is classed as a restricted transfer as there is no adequacy decision in place and as such, is subject to additional processing conditions. Smarter Business will transfer your personal data on the basis of establishing Standard Contractual Clauses to provide the appropriate safeguards. Smarter Business data protection policies are actively enforced to provide adequate privacy protection controls to uphold an individual’s rights and freedoms, by allowing the secure transfer of personal data outside of the EEA.
Specifically, we share your data with:
|Third Party Category||Type of Personal Data Shared||Objective of Sharing Personal Data||Retention Period||Energy Suppliers||
||For the purpose of your utility’s requirement.
Disclosure of personal information for the fulfilment of the contract.
This would include credit checks; payments and maintenance of the site(s).
This is required when establishing the suitability of a potential customer prior to them enlisting our services.
|Details are retained for a period of seven years following the termination of a contract.|
|Systems Integrated Partners/analytics software services||
||To enable us to effectively monitor and optimise the delivery of our services.||Details are retained for a period of seven years following the termination of a contract.|
|Cloud Telephony Systems||
||Cloud Telephony Platform to provide and record telephony services, embedded within Salesforce.||Details are retained for a period of seven years following the termination of a contract.|
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Personal data in electronic form is held in EU or UK accredited data centres, our email system stores data outside of the EEA. Where data is transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision such as the USA Privacy Shield or through mechanism such as standard contractual clauses as approved by the EU.
Smarter Business does not process special category data as defined by Article 9 of the GDPR.
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Information (PII) placed on our system will be deleted in accordance with legal obligations, such as HMRC requirements. Outside of that Smarter Business has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Generally, personal data required for financial transaction and audit purposes, including reporting to the HMRC will be retained for 6 years plus the current year it is collected. The data we process for direct marketing purposes will be retained for as long as our legitimate interest is current. In the instance whereby we no longer have a legitimate business purpose to retain it, we will anonymise or delete such personal data immediately.
Data Storage and Security
Smarter Business follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.
Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
We use Salesforce, a secure external server to store the information you give us when you register. Salesforce services are certified as compliant with some of the most rigorous, industry-accepted security, privacy, and reliability standards. They are certified and audited to standards as a service provider with the ISO/IEC 27001:2005 standard (including ISO 27001), SAS 70 Type II (now SSAE No. 16), SysTrust, and the EU-US and Swiss-US Safe Harbor frameworks).
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. Smarter Business is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/.
- Right of Access – you have the right to know what personal information is held, by whom and why.
- The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
- Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
- Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
- Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
- Right to Object – You have the right to object to profiling and direct marketing.
- You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office – https://ico.org.uk
Automated decision making
Smarter Business does not use automated decision making to process personal data.
Third party websites
Smarter Business’ Data Protection Officer & Dispute Resolution
Smarter Business has a designated Data Protection Officer (DPO), who is responsible for matters regarding privacy and data protection. Should you wish to contact the DPO, refer to the following contact information:
Attention: Data Protection Officer
John De Mierre House
20 Bridge Road
Haywards Heath, West Sussex, RH16 1UA
Note, if you remain dissatisfied with the resolution received from our designated DPO, you have the right to directly contact the relevant Data Protection Authority within your jurisdiction. We do however request that you attempt to resolve any issues with us first although you have a right to contact the Data Protection Authority at any chosen time.