Sundeala Limited (“We”) are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (“GDPR”).
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how we use your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Information We May Collect From You
The law on data protection sets out six ways which a company may collect and process your personal data. Having analysed our customer database and business model we have assessed that Legitimate Interest is the primary basis for processing your data.
We collect your data in the following ways:
- Information that you provide by filling in forms on our sites www.sundeala.co.uk, www.teacherboards.co.uk and www.tbspaces.teacherboards.co.uk. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- Details of transactions you carry out through our site and of the fulfilment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
The data we collect is limited to the level we need to deliver our services and products and is made up of the following:
- Email address
- Company name
- Job Title
- Phone number
- Purchase history
Your personal data is used to ensure the services and products we deliver are suitable and appropriate and any data collected is only used to administer and deliver those services and products. We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or we have assessed that you may have a legitimate interest.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
- If you are an existing user, we will only contact you by electronic means (e-mail or text messaging) with information about goods and services similar to those for which you redeemed points via the website.
Information that we collect from visits to our site allows us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
- To report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Storage of Your Personal Data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. We use a number of Microsoft products including Office 365 which have data encryption and the privacy notice can be seen using the following link https://privacy.microsoft.com/en-gb/privacystatement. We also use Syspro for our CRM and Accounting software and the privacy notice can be seen using the following link https://eu.syspro.com/privacy/
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In addition, we have internal processes for any employees or associates which clearly states their terms of reference and how personal data will be used.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Disclosure of Your Information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Sundeala Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
The GDPR provides the following rights for individuals:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
Where any subject access request is made there is a requirement to prove identity before any information is divulged. This may involve physical presence with accompanying ID.
Where a request to “Be forgotten “is made that can only be complied with if there are no other legal frameworks that overrule GDPR. Examples would be HMRC, FCA, etc.
GDPR is going live on 25 May 2018 and the UK Data Privacy Bill does not have a final date as yet. Therefore, this Policy is based on the regulations as they exist with a review process set up to make any adjustments required to become and stay compliant.
In the event of any changes or processes which need remedial action the review procedure will capture those issues and remedy them.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.