General Data Protection Regulations (GDPR) Compliance – Effective Date: 25th May, 2018
A number of our Services enable users to create accounts or profiles. In connection with these Services, we will ask you to provide certain information about yourself to set up the account or profile. For example, you submit certain information about yourself, such as your name, date of birth, and email address when you create a SATSAFE account. The information we collect may also include confidential information and sensitive information. In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. No matter how it is collected, recorded and used (e.g. on a computer or hard copy) this personal information must be dealt with properly to ensure compliance with the General Data Protection Regulations (GDPR) and forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018).
1.1 Who we are
1.1.1 Satsafe Limited (the Company) is a private limited company registered in England and Wales no.: 08415883 and has a requirement to collect personal information about people with whom it deals in order to carry out its business and provide its services. Such people include customers, clients, employees (present, past and prospective), suppliers and other business contacts.
1.1.2 Satsafe Limited is registered with the Information Commissioner’s Office under registration reference: ZA241426. For the purpose of the Data Protection Act, the data controller is Satsafe Limited, 20 Crewe Road, Sandbach CW11 4NE and the Company’s nominated representative for the purpose of the Act is Stuart Millward.
1.1.3 If you order a product or paid service from us, we will ask for your name, contact information, shipping and billing address(es), and credit card information in order to process your order. If you contact our Customer Services team to discuss a product or service, make an enquiry, or lodge a complaint, we will collect information from you regarding the service you require from Satsafe. Such information collected will include your name, and depending on the nature of your query, may also include your home address, telephone number, email address, and device identifier. Some of our Services enable you to communicate with other people. Those communications will be transmitted through our systems. If you allow the sharing of Contacts information with us, the telephone numbers of the people in Contacts will be collected by us to facilitate file sharing and messaging with the people in your Contacts. You can turn off the file sharing and messaging features or restrict the scope of sharing by going to your profile settings
1.1.4 Information from third party sources: We may receive information about you from publicly and commercially available sources (as permitted by law), which we may combine with other information we receive from or about you.
1.2 Other Information We Collect
We also may collect other information about you, your device, or your use of the Services in ways that we describe to you at the point of collection or otherwise with your separate consent where required. You can choose not to provide us with certain types of information (e.g. information we request during SATSAFE account registration), but doing so may affect your ability to use some Services. We will provide you with relevant information at the time of collection to help you make an informed decision.
1.2.1 We will use the information we collect for the following purposes:
- to register you or your device for a SATSAFE Service;
- to provide a Service or feature you request;
- to provide customised content and provide personalised services based on your past activities on our Services with your separate consent if required;
- for advertising, such as providing customised advertisements, sponsored content, and sending you promotional communications with your separate consent if required;
- for assessment and analysis of our market, customers, products, advertising campaigns, and services to help us better understand, through statistical processes where necessary, more about our research participants/volunteers or customers in order to offer the most relevant communications, services and experiences to you.
- to ask you for your opinions on our products and services and to carry out customer surveys with your separate consent if required;
- to understand the way people use our Services so that we can improve them and develop new products and services;
- to provide maintenance services and support for your device;
- to facilitate the provision of software updates and
- otherwise with your separate consent.
1.2.3 SATSAFE offers a variety of choices about how we use your information. You can make choices about whether to receive promotional communications from us by initially subscribing, and if you change your mind, by following the unsubscribe instructions included in the communication. In addition, you can also make choices by changing your settings for specific Satsafe Services when we give you a just-in-time notice, or by visiting relevant webpages. You can also contact us (email@example.com) if you need assistance controlling your choices.
1.2.4 Satsafe processes personal data for the purposes described above. Satsafe’s legal basis to process personal data includes processing that is: necessary for the performance of the contract between you and Satsafe (for example, to provide you with the Services and to identify and authenticate you so you may use certain Services); necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement); necessary for Satsafe’s legitimate interests (for example, to manage our relationship with you and to improve the relevance of our communications, experiences, and customer service) and based on consent by our customers (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time by contacting us as specified in the Contact Us section of this Privacy Notice without affecting the lawfulness of processing based on consent before its withdrawal.
1.3 Sharing your Information
1.3.1 Satsafe conducts commercial transactions and research activities in the course of it’s day to day business. We may therefore, disclose your information internally within our business to the relevant teams such as, without limitation, the customer services team, the legal team, the finance team, the sales team, and where you have chosen to receive marketing messages, the marketing teams.
1.3.2 We may also disclose your information to the following entities, only to the extent that this will be necessary to perform SATSAFE Services:
Business Partners. We also may share your information with trusted business partners, including without limitation, wireless carriers, retailers, and distributors. These entities may use your information to provide you with services you request under your Satsafe agreement.
Service Providers. We also may disclose your information to carefully selected companies that provide services for or on behalf of us, such as companies that help us with repairs, customer contact centres, customer care activities, advertising, conducting customer satisfaction surveys, billing, or that send emails on our behalf. These entities are limited by contractual provisions in their ability to use your information for purposes other than providing services for us.
1.3.3 Your rights. You have the right to request details about the information we collect about you and to request us to correct inaccuracies in that information, to object to or request the restriction of processing, and to request access to, or the erasure or portability of your information. Under the laws of some jurisdictions, we may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. If you would like to make a request to access your information, please contact us at: firstname.lastname@example.org.
1.3.5 Data Retention.
We will not keep your personal data for longer than is necessary for the purpose it was collected. This means that data will be destroyed or erased from our systems when it is no longer required.
We take appropriate steps to ensure that we process and retain information about you based on the following logic:
1. at least the duration for which the information is used to provide you with a service;
2. as required under law, a contract, or with regard to our statutory obligations; or
3. only for as long as is necessary for the purpose for which it was collected, is processed, or longer if required under any contract, by applicable law, or for statistical purposes, subject to appropriate safeguards.
Other Parties When Required by Law or as Necessary to Protect Our Services. There may be instances when we disclose your information to other parties:
to comply with the law or respond to compulsory legal process (such as a search warrant or other court order);
to verify or enforce compliance with the policies governing our Services; and
to protect the rights, property, or safety of Samsung, or any of our respective affiliates, business partners, or customers.
Other Parties in Connection with Corporate Transactions. We may disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy.
2.0 Scope of this Policy
2.1 All Company Staff, employees, Directors and consultants are within the scope of this document including staff working in or on behalf of the Company (this includes sub-contractors, temporary staff and all permanent employees).
3. Roles and Responsibilities
3.1 The Company:
3.1.1 Satsafe shall:
- Ensure that there is always one person with overall responsibility for data protection, currently this person is the Company Operations Director
- Provide clear lines of report and supervision for compliance with data protection
- Carry out regular checks to monitor and assess new processing of personal data and to ensure the Company notification to the Information Commissioner is updated to take account of any changes in processing of personal data
- Develop and maintain procedures to include: roles and responsibilities, notification, subject access, training and compliance testing
3.2.1 All employees will, through appropriate training and responsible management:
- Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information.
- Understand fully the purposes for which the Company uses personal information.
- Collect and process appropriate information, and only in accordance with the purposes for which it is to be used by the Company to meet its service needs or legal requirements.
- Ensure the information is correctly input into the Company systems.
- Ensure the information is destroyed (in accordance with the provisions of the Act) when it is no longer required.
- On receipt of a request from an individual for information held about them by or on behalf of immediately notify their line manager.
- Not send any personal information outside of the United Kingdom
- Understand that breaches of this Policy may result in disciplinary action, including dismissal.
4. Distribution and Implementation
4.1 Distribution Plan
4.1.1 This document will be made available to all Staff on-line via the Company’s websites.
4.1.2 A global notice will be sent to all Staff notifying them of the release of this document.
4.1.3 A link to this document will be provided online.
4.2 Training Plan
4.2.1 A training needs analysis will be undertaken with Staff affected by this document.
4.2.2 Based on the findings of that analysis appropriate training will be provided to Staff as necessary.
5.1 Compliance with the policies and procedures laid down in this document will be monitored via the Information Governance team, together with independent reviews by both Internal and External Audit.
5.2 The Operations Director is responsible for the monitoring, revision and updating of this document on a 3 yearly basis or sooner if the need arises.
6. Equality Impact Assessment
6.1 This Data Protection Policy forms part of Satsafe’s commitment to create a positive culture of respect for all staff, clients and service users. The intention is to identify, remove or minimise discriminatory practice in relation to the protected characteristics (race, disability, gender, sexual orientation, age, religious or other belief, marriage and civil partnership, gender reassignment and pregnancy and maternity), as well as to promote positive practice and value the diversity of all individuals and communities.
6.2 As part of its development this document and its impact on equality has been analysed and no detriment has been identified.
7. Associated Documents
7.1 The following documents will provide additional information:
8.1 Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices, and/or browsing sessions. Cookies serve many useful purposes. For example:
- Cookies can remember your sign-in credentials so you don’t have to enter those credentials each time you log on to a service.
- Cookies help us and third parties understand which parts of our Services are the most popular because they help us to see which pages and features visitors are accessing and how much time they are spending on the pages. By studying this kind of information, we are better able to adapt the Services and provide you with a better experience.
- Cookies help us and third parties understand which ads you have seen so that you don’t receive the same ad each time you access a Satsafe Service.
- Cookies help us and third parties provide you with relevant content and advertising by collecting information about your use of our Services and other websites and apps.
8.2 When you use a web browser to access Satsafe Services, you can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. The operating system of your device may contain additional controls for cookies. Please note, however, that some Services may be designed to work using cookies and that disabling cookies may affect your ability to use those Services, or certain parts of them.
8.3 We use the following types of cookies on our website:
Essential Cookies which enable you to order Satsafe products and receive services from our website;
8.3.1 Performance Cookies which enable us to analyse the performance and design of our website and detect errors. For example, this type of cookie allows us to recognise that you have visited our website before and shows which sections of our website are most popular by allowing us to see which pages visitors access most frequently and how much time visitors spend on each page. We use, without limitation, Google Analytics, Adobe, and similar analytics cookies to achieve this.
For more information on other service providers, please contact us at email@example.com
8.3.2 Functional Cookies which allow us to deliver a better user experience. For example, this type of cookie ensures that the information displayed on your next visit to our website will match up with your user preferences, or your SATSAFE account from which you linked to our website, or the fact that you linked to our website via an email sent to you by Satsafe or one of our trusted third party service providers contacting you on our behalf.