This Privacy Statement was last updated on February 2, 2023 and applies to citizens and legal permanent residents of the European Economic Area.
Our Role In Your Privacy
If you are a Secora Consulting customer or just visiting our website this policy will apply to you.
How And When We Collect Data
From the first moment you interact with Secora Consulting we start to collect data. Data is collected in two ways: You either provide us with data or sometimes data is collected automatically.
Here is how and when we collect data:
- You contact us through the ‘contact’ us or ‘ask us a question’ forms or via the telephone
- We email or call you
- We scope your job
- We send you a proposal
- We complete our service
- You opt-in to our marketing
Types of Data We Collect
- Contact details: Your name, company name, corporate addresses, telephone numbers and email addresses.
- Financial information: Your corporate bank account number, sort code, credit/debit card details.
- Data that identifies you: Your IP addresses, browser information, geolocation, cookies, operating system and version.
- Reports: We keep historic reports to be able to help you build trends and for re-testing purposes.
- Cookies: When you use our website we send you cookies (unless you block cookies on your browser). We use these cookies help us recognise a unique visitor and to compile anonymous statistics to help us understand how users use or website. We cannot identify you personally in this way.
How And Why We Use Your Data
Data protection law means that we can only use your data for specific reasons and where we have justification and a legal basis to hold information. The reasons we keep your data are:
We use your data to perform our services
Our services require you to send us your data including IP addresses, domain names and contact details as well as historic reports.
Customer support
Notifying you of any changes to our services or dates. Providing you with findings, outputs, critical notifications and reports. Discussing findings, reports and solving issues via phone and email.
Marketing (with your consent)
Sending you emails regarding our services, features, products and related content.
Your Choices
You can choose to not provide us with personal data If you choose to not provide us with personal data you can continue to use the website but it is unlikely we will be able to offer you our services or process transactions without personal data.
Turn off cookies
It is possible to block cookies by changing the settings in your browser. You can also delete historic cookies from your browser. If you choose to block cookies you can continue to use our website and contact us about services without interruption.
Opting out of marketing
If you have opted into marketing you can opt out at any time by emailing us at dataprotection@secoraconsulting.com
Your Rights
As a data subject, you have certain rights under data protection law which we have summarised below. Please note that certain rights may only be applicable in particular situations and data protection laws may provide exceptions that could apply to your requests.
Right to Information
You’re entitled to clear details about how we use your personal data.
Access to Data
Request access to your personal data by emailing dataprotection@secoraconsulting.com. Once you have provided sufficient identification and any pertinent details to help locate your information and we will aim to respond within the allowed timeframe.
Data Correction
You can ask us to correct inaccurate personal data we hold about you.
Withdraw Consent
Where we rely on consent to process your personal data, you have the right to withdraw this consent at any time.
Erasure Right
You may request the deletion of your personal data when its retention is unjustified. This is not an absolute right and applies under specific conditions.
Data Portability
You can ask for your personal data in a transferable format or have it sent directly to a third party, if technically possible.
Restrict Processing
Under certain conditions, you can request that we temporarily halt processing your personal data. We may still store your data, but will not process it without your consent unless legally permitted.
Object to Processing
You may object to our processing of your data based on our legitimate interests. We might continue processing if there are strong business reasons or for legal claims.
Where Do We Store Data?
By submitting your personal data you agree to us transferring, storing and processing that data. Data is processed at our offices and all data is stored within Google cloud and is located within the EEA.
We outsource our payroll system to a third party provider who only store data inside the EEA. As such corporate bank details, names, addresses and email addresses will be shared with our third party provider. Your data is shared on a least privilege basis and only when absolutely necessary. Data shared data adheres to the safeguards in this privacy policy.
We also outsource our CRM system to a third party provider who only store data inside the EEA. Names, addresses, telephone numbers and email addresses are shared with our third party provider. Your data is shared on a least privilege basis and only when absolutely necessary. Data shared data adheres to the safeguards in this privacy policy.
How Secure is the Data We Collect?
Secora Consulting take data security seriously and adhere to our own best practice recommendations. All our data storage locations require two factor authentication to access and are restricted to employees.
We ensure our third parties adhere to our high standards and have third party agreements in place with each of our providers to ensure your data is protected.
Secora Consulting undergoes regular penetration testing of our networks and infrastructure.
How Long Do We Store Your Data?
In accordance with the requirements for Data Protection, we are committed to only retaining your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.