Privacy notice

 

The Data Controller connected with this Privacy Notice is Seclea ltd (we, our or us) a company incorporated in England, United Kingdom and registered with the Information Commissioner’s Office (ICO) of United Kingdom and all its wholly owned subsidiaries.

Seclea ltd owns and operates the products known as “Seclea Platform”, “Seclea Prepare”, “Seclea Provenance”,  “Seclea Explain”, “Seclea Compliance” and “Seclea Monitor”. This notice applies across all websites that we own and operate and all of the products and/or services we provide. For the purpose of this notice, we’ll just call them our ‘services’.

1. Purpose

Seclea collects personal data from two sources for the purpose of communicating with prospective customers:

  1. Seclea collects business intelligence regarding organisations and key personnel within those organisations, in order to better understand the market in which it operates. Any personal data collected for this purpose comes from publicly available sources.
  2. Seclea also interacts with data subjects who have an interest in Artificial Intelligence, Explainable AI, and Responsible AI offering them the opportunity to sign up to newsletters, events and webinars produced by Seclea.

1.1. Lawful Basis

The collection of personal data for this purpose is under the Lawful Basis of Legitimate Interest. Having conducted a Legitimate Interest Assessment, we have concluded that either because the information comes from public sources that the data subjects have decided to make aspects of their personal data publicly available, or they have chosen to subscribe to a free service provided by Seclea, in which case, we must process their data so that we may communicate with them. In these instances, given the nature of the personal data being processed, we have determined that any risk to the data subject’s personal data is outweighed by the benefit the data subject receives from communicating with Seclea.

1.2. Information Collected

The personal data we may collect and process about you in connection with this purpose is:

  • 1.2.1. Name
  • 1.2.2. Job Title
  • 1.2.3. Company Name
  • 1.2.4. Email Address
  • 1.2.5. Telephone number(s)

1.3. Retention

Under the Lawful Basis referenced in paragraph 1.1, your data will be retained for 5 years from the date of our last communication with you or our last review of the market. This is so we may keep our business intelligence current as well as continuing to send information of interest to those who have subscribed to one of our information services.

2. Purpose (Prospective Customer and Current Customers)

In the event that you or the organisation you represent either requests a proposal or commissions a service from Seclea we will process your data in order to fulfil that request or service delivery.

2.1. Lawful Basis

The collection and processing of your data for the purpose outlined in paragraph 2 is under the Lawful Basis of Contract, because we need to process this data in order manage a potential contract or contract with the organisation you represent.

2.2. Information Collected

The personal data we may collect and process about you in connection with this purpose is:

  • 2.2.1. Name
  • 2.2.2. Organisation and Job Title
  • 2.2.3. Email Address
  • 2.2.4. Telephone Number(s)
  • 2.2.5. Address
  • 2.2.6. Depending upon the procurement methodology, we may take payment details.

2.3. Retention

Under the Lawful Basis referenced in paragraph 2.1, your data will be retained until the end of the financial year in which your contract ceases and then for a further 7 years thereafter, in accordance with UK HMRC advice.

3. Destruction

At the end of the relevant retention period outlined for each purpose above, your data will be destroyed using an approved method, unless prevented by Court order.

4. Data Sharing

Seclea only uses this personal data for its own purposes and only shares it with third parties so that they may assist Seclea in the data’s processing. Where Seclea shares data with a processor, this is done for specific purposes, under the control of Seclea and is subject to appropriate contractual clauses or a separate data sharing agreement. Personal data covered by this Privacy Notice is shared with the following organisations:

  • 4.1. Microsoft Inc. for the purposes of providing an email facility.
  • 4.6. HubSpot UK Limited for the purposes of CRM.
  • 4.7. Amazon AWS, Microsoft Azure, and Digital Ocean for cloud storage and processing.

5. Rights of a Data Subject

  • 5.1. Under the General Data Protection Regulation (GDPR) and Data Protection (UK) Act 2018, a data subject has certain rights regarding the control and processing of personal data. Details regarding these rights can be found on the Information Commissioner’s Office (ICO) of United Kingdom website.
  • 5.2. Should you wish to contact Seclea in order to exercise any of these rights, please email our Data Protection Manager using the following email address: privacy@seclea.com.

6. Security

  • 6.1. Recognising the importance of information security to our business and clientele. Within our information security strategy, Seclea recognises the importance of personal data to our prospective and current customers. So, we endeavour to put in place appropriate organisational and technical measures to protect that data.
  • 6.2. Personal data we hold on electronic media is encrypted and stored on secured servers.
  • 6.3. Personal data held on paper is secured in locked cabinets with access only to appropriately authorised personnel.
  • 6.4. Data Subjects should be aware that not all electronic communications are secure. We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government advice. However, if your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
  • 6.5. Prospective and current customers should also be aware that we will monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

7. Data Protection Concerns

Should you have any concerns regarding the way an organisation is processing your personal data, the ICO recommends that in the first instance you contact the organisation concerned. If the organisation does not address those concerns in an appropriate manner, you then have the option to escalate the issue to the ICO. If you wish to contact us because you have concerns about our use of your personal data, please contact us using the details provided in paragraph 5.2.

8. Updates

This Privacy Notice is kept under review and it is updated as appropriate. It was last updated on 1st October 2021.