Sundeala Limited ("We") are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (“GDPR”).
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how we use your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Information We May Collect From You
The law on data protection sets out six ways which a company may collect and process your personal data. Having analysed our customer database and business model we have assessed that Legitimate Interest is the primary basis for processing your data.
We collect your data in the following ways:
The data we collect is limited to the level we need to deliver our services and products and is made up of the following:
Your personal data is used to ensure the services and products we deliver are suitable and appropriate and any data collected is only used to administer and deliver those services and products. We use information held about you in the following ways:
Information that we collect from visits to our site allows us to improve our site and to deliver a better and more personalised service. They enable us:
Storage of Your Personal Data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. We use a number of Microsoft products including Office 365 which have data encryption and the privacy notice can be seen using the following link https://privacy.microsoft.com/en-gb/privacystatement. We also use Syspro for our CRM and Accounting software and the privacy notice can be seen using the following link https://eu.syspro.com/privacy/
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In addition, we have internal processes for any employees or associates which clearly states their terms of reference and how personal data will be used.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Disclosure of Your Information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may disclose your personal information to third parties:
The GDPR provides the following rights for individuals:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
Where any subject access request is made there is a requirement to prove identity before any information is divulged. This may involve physical presence with accompanying ID.
Where a request to “Be forgotten “is made that can only be complied with if there are no other legal frameworks that overrule GDPR. Examples would be HMRC, FCA, etc.
GDPR is going live on 25 May 2018 and the UK Data Privacy Bill does not have a final date as yet. Therefore, this Policy is based on the regulations as they exist with a review process set up to make any adjustments required to become and stay compliant.
In the event of any changes or processes which need remedial action the review procedure will capture those issues and remedy them.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.