Privacy Policy

Privacy Policy

GDPR

The GDPR legislation recently introduced by the EU Parliament requires all companies who hold data to be compliant. SMELECOM UK makes it compulsory for all its customers to opt-in to have their details saved and stored. You must give us consent to hold this information, which comprises the name, address, email address, phone number, order history and IP address. If you have any questions on this, please contact us.

Data we may collect from you

We may collect and process the following data about you: Information that you provide by filling in any forms on this website or any others that we own and may from time to time use to collect data or when otherwise contacting us; if you contact us, we may keep a record of that correspondence; details of transactions you carry out through our site and of the fulfilment of your orders; details of your visits to our site and the resources that you access.
You are able to opt out of us holding this information at any point. Please contact us to request this.

IP Addresses and Cookies

We may collect information about your computer, including where available your IP address, operating system, and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies enable us to improve our service to you, estimate our audience size and usage pattern, store information about your preferences, and recognize you when you return to our site. You can set your browser up to refuse the setting of cookies. However, if you do this you may be unable to enjoy full use of the site and you may not be able to take advantage of certain promotions we may run from time to time. Please note that entities who advertise on our site may also use cookies, but we do not have access to them or control them.

Using your Data

We use information held about you in the following ways:
To ensure that content from our site is presented in the most effective manner for you and for your computer. To provide you with information, products, services or offers via e-mail, SMS, phone or post, that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes
To notify you about changes to our service.

Third Parties

We do not and never will sell or pass your data on to third parties.

Opt-In

As well as legally having to opt-in to continue a business relationship with SMELECOM UK you also are given the opportunity to opt out at any point and have your data removed from our records. To effect this, please contact us.

Disclosure of your Data

We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
If SMELECOM UK substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any of our terms and conditions.

Third Party Websites

Our site may, from time to time, contain links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own terms and privacy policies and that we do not accept any responsibility or liability for these sites and their terms and policies.

Where we store your data

Our site may, from time to time, contain links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own terms and privacy policies and that we do not accept any responsibility or liability for these sites and their terms and policies.

Access to Information

Regulation (EU) 2016/679 of the European Parliament gives you the right to access the information that we hold about you at any point. Should you wish to receive details that we hold about you please contact us.

The scope of Processing.

Customer’s Instructions

By entering into this Data Processing Amendment, The customer instructs SMELECOM UK to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services and related technical support; (b) as further specified via Customer’s use of the Services and related technical support; (c) as documented in the form of the applicable Agreement, including this Data Processing Amendment; and (d) as further documented in any other written instructions given by Customer and acknowledged by SMELECOM UK as constituting instructions for purposes of this Data Processing Amendment.
SMELECOM UK’s Compliance with Instructions. As from the Full Activation Date, SMELECOM UK will comply with the customer instruction (including with regard to data transfers) unless EU or EU Member State law to which SMELECOM UK is subject requires other processing of Customer Personal Data, in which case SMELECOM UK will inform Customer For clarity, SMELECOM UK will not process Customer Personal Data for Advertising purposes or serve Advertising in the Services. SMELECOM UK will only retain data from Customers who have made a purchase and thus have given consent.

Data Deletion

Deletion During Term. SMELECOM UK will enable Customer and/or End Users to delete Customer Data during the applicable Term. SMELECOM UK will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days unless EU or EU Member State law requires storage.
Deletion on Term Expiry. On expiry of the applicable Term, Customer instructs SMELECOM UK to delete all Customer Data (including existing copies) from SMELECOM UK’s systems in accordance with applicable law. SMELECOM UK will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days unless EU or EU Member State law requires storage.

Data Security.

SMELECOM UK’s Security Measures, Controls, and Assistance.

SMELECOM UK’s Security Measures. SMELECOM UK will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix (the “Security Measures”). As described in Appendix, the Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability, and resilience of SMELECOM UK’s systems and services; to help restore timely access to personal data following an incident; and for regular testing of effectiveness. SMELECOM UK may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
Security Compliance by SMELECOM UK Staff. SMELECOM UK will take appropriate steps to ensure compliance with the Security Measures by its employees to the extent applicable to their scope of performance, including ensuring that all persons authorized to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
SMELECOM UK’s Security Assistance. Customer agrees that SMELECOM UK will (taking into account the nature of the processing of Customer Personal Data and the information available to SMELECOM UK) assist Customer in ensuring compliance with any of Customer’s obligations in respect of security of personal data and personal data breaches, including if applicable Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:
(a) implementing and maintaining the Security Measures in accordance with SMELECOM UK’s Security Measures
(b) complying with the terms of Data Incidents) and
(c) providing Customer with the Security details requested in any SAR

Data Incidents.

Incident Notification. If SMELECOM UK becomes aware of a Data Incident, SMELECOM UK will: (a) notify Customer of the Data Incident promptly and without undue delay; and (b) promptly take reasonable steps to minimize harm and secure Customer Data.
Details of Data Incident. Notifications made pursuant to this section will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps SMELECOM UK recommends Customer take to address the Data Incident.
Delivery of Notification. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address or, at SMELECOM UK’s discretion, by direct communication (for example, by phone call or an in-person meeting). The customer is solely responsible for ensuring that the Notification Email Address is current and valid.
No Assessment of Customer Data by SMELECOM UK. SMELECOM UK will not assess the contents of Customer Data in order to identify information subject to any specific legal requirements. The customer is solely responsible for complying with incident notification laws applicable to Customer and fulfilling any third party notification obligations related to any Data Incident(s).
No Acknowledgment of Fault by SMELECOM UK. SMELECOM UK’s notification of or response to a Data Incident will not be construed as an acknowledgment by SMELECOM UK of any fault or liability with respect to the Data
Incident.

Customer’s Security Responsibilities and Assessment.

Customer’s Security Responsibilities.

Customer agrees that without prejudice to SMELECOM UK’s obligations under SMELECOM UK’s Security Measures, Controls, and Assistance :
(a) The customer is solely responsible for its use of the Services.
(b) SMELECOM UK has no obligation to protect Customer Data that Customer elects to store or transfer outside of SMELECOM UK’s systems (for example, offline or on-premise storage), or to protect Customer Data by implementing or maintaining Additional Security Controls except to the extent Customer has opted to use them.

Customer’s Security Assessment.

(a) Customer is solely responsible for reviewing the Security Documentation and evaluating for itself whether the Services, the Security Measures, the Additional Security Controls and SMELECOM UK’s commitments under this Section 7 (Data Security) will meet Customer’s needs, including with respect to any security obligations of Customer under the European Data Protection Legislation and/or Non-European Data Protection Legislation, as applicable.
(b) Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by SMELECOM UK as set out in(SMELECOM UK’s Security Measure provides a level of security appropriate to the risk in respect of the Customer Data.

Customer’s Audit Rights.

If the European Data Protection Legislation applies to the processing of Customer Personal Data, SMELECOM UK will allow Customer to apply via Subject Access Request (SAR)to verify SMELECOM UK’s compliance with its obligations under this Data Processing Regulation. SMELECOM UK will submit to such audits within thirty days.
Impact Assessments and Consultations. Customer agrees that SMELECOM UK will (taking into account the nature of the processing and the information available to SMELECOM UK) assist Customer in ensuring compliance with any obligations of Customer in respect of data protection impact assessments and prior consultation, including if applicable Customer’s obligations pursuant to Articles 35 and 36 of the GDPR, by providing the information contained in the applicable Agreement including this Data Processing Amendment.

Data Subject Rights; Data Export.

Access; Rectification; Restricted Processing; Portability. During the applicable Term, SMELECOM UK will, in a manner consistent with the functionality of the Services, enable Customer to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by SMELECOM UK as described above, and to export Customer Data.

Data Subject Requests.

Customer’s Responsibility for Requests. During the applicable Term, if SMELECOM UK receives any request from a data subject in relation to Customer Personal Data, SMELECOM UK will advise the data subject to submit his/her request to Customer, and Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Services.
SMELECOM UK’s Data Subject Request Assistance. Customer agrees that (taking into account the nature of the processing of Customer Personal Data) SMELECOM UK will assist Customer in fulfilling any obligation to respond to requests by data subjects, including if applicable Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR

Data Transfers.

Data Storage and Processing Facilities. Customer agrees that SMELECOM UK may, store Customer Data in the United Kingdom and any other country in which SMELECOM UK or any of its Parent Companies maintains facilities.

Transfers of Data Out of the EEA.

SMELECOM UK’s Transfer Obligations

If the storage and/or processing of Customer Personal Data involves transfers of Customer Personal Data out of the EEA and the European Data Protection Legislation applies to the transfers of such data (“Transferred Personal Data”), SMELECOM UK will:
(a) if requested to do so by Customer, ensure that SMELECOM UK as the data importer of the Transferred Personal Data enters into Model Contract Clauses with Customer as the data exporter of such data and that the transfers are made in accordance with such Model Contract Clauses; and/or
(b) offer an Alternative Transfer Solution, ensure that the transfers are made in accordance with such Alternative Transfer Solution, and make information available to Customer about such Alternative Transfer Solution.
Customer’s Transfer Obligations. In respect of Transferred Personal Data, Customer agrees that:
(a) if under the European Data Protection Legislation SMELECOM UK reasonably requires Customer to enter into Model Contract Clauses in respect of such transfers, Customer will do so; and
(b) if under the European Data Protection Legislation SMELECOM UK reasonably requires Customer to use an Alternative Transfer Solution offered by SMELECOM UK, and reasonably requests that Customer take any action (which may include execution of documents) strictly required to give full effect to such solution, Customer will do so.
Appendix 1: Subject Matter and Details of the Data Processing

Subject Matter

SMELECOM UK’s provision of the Services and related technical support to Customer.

Duration of the Processing

The applicable Term plus the period from the expiry of such Term until deletion of all Customer Data by SMELECOM UK in accordance with the Data Processing Amendment.

Nature and Purpose of the Processing

SMELECOM UK will process Customer Personal Data submitted, stored, sent or received by Customer, its Affiliates or End Users via the Services for the purposes of providing the Services and related technical support to Customer in accordance with the Data Processing Amendment.

Categories of Data

Personal data submitted, stored, sent or received by Customer, its Affiliates or End Users via the Services may include the following categories of data: user IDs, email, IP address, address, gender. SMELECOM UK do not store payment details (Bank accounts, debit or credit card numbers)

Appendix 2: Security Measures

As from the Amendment Effective Date, SMELECOM UK will implement and maintain the Security Measures set out in this Appendix 2 to the Data Processing Amendment. SMELECOM UK may update or modify such Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.

Office & Network Security.

Offices.

Infrastructure. SMELECOM UK stores all production data in a physically secure office building.
Power. The office electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, and 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the office. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the office, at full capacity, for up to an hour

Server Operating Systems. SMELECOM UK servers use a Windows-based implementation. Data is stored using Sage Database and the Google cloud.
Businesses Continuity. SMELECOM UK replicates data over multiple systems to help to protect against accidental destruction or loss. SMELECOM UK has designed and regularly plans and tests its business continuity planning/disaster recovery programs.

Networks & Transmission.

Data Transmission SMELECOM UK transfers data via Internet standard protocols, in encrypted form.
Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. SMELECOM UK’s intrusion detection involves:
1. Tightly controlling the size and make-up of SMELECOM UK’s attack surface through preventative measures;
2. Employing intelligent detection controls at data entry points; and
3. Employing technologies that automatically remedy certain dangerous situations.
Incident Response. SMELECOM UK monitors a variety of communication channels for security incidents, and SMELECOM UK’s security personnel will react promptly to known incidents.
Encryption Technologies. SMELECOM UK makes HTTPS encryption (also referred to as SSL or TLS connection) available, and also uses E2EE.

Access Procedures

SMELECOM UK maintains formal access procedures for allowing physical access to the offices. The servers are housed in facilities that require electronic card key access, with alarms. All entrants to the office are required to identify themselves as well as show proof of identity. Only authorized employees, contractors and visitors are allowed entry to the servers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. office electronic card key access requests must be made through e-mail, and require the approval of the requestor’s manager and the director. All other entrants requiring temporary office access must: (i) obtain approval in advance from the office managers (ii) sign in
On-site office Security Devices. SMELECOM UK’s offices employ an electronic card key access control system. The access control system monitors and records each individual’s electronic card key and when they access doors, Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and offices are restricted based on zones and the individual’s job responsibilities. The fire doors at the offices are alarmed. CCTV cameras are in operation both inside and outside the offices. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the office building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the offices connect the CCTV equipment. Cameras record on site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for up to 7 days based on activity.

Access Control

Access Control and Privilege Management. Customer’s Administrators and End Users must authenticate themselves via a central authentication system or via a single sign-on system in order to use the Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator.
Internal Data Access Processes and Policies – Access Policy.
SMELECOM UK’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. SMELECOM UK aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. SMELECOM UK employs a centralized access management system to control personnel access to production servers and only provides access to a limited number of authorized personnel. LDAP, Kerberos, and SSH certificates are designed to provide SMELECOM UK with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data, and configuration information. SMELECOM UK requires the use of unique user IDs, strong passwords, and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks, and a need to know basis. The granting or modification of access rights must also be in accordance with SMELECOM UK’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength.

Data.

Data Storage, Isolation & Authentication.

SMELECOM UK stores data on SMELECOM UK-third party servers. SMELECOM UK logically isolates data on a per End User basis at the application layer. SMELECOM UK logically isolates each Customer’s data and logically separates each End User’s data from the data of other End Users, and data for an authenticated End User will not be displayed to another End User (unless the former End User or an Administrator allows the data to be shared).
Decommissioned Disks and Disk Erase Policy.
Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned (“Decommissioned Disk”). Every Decommissioned Disk is subject to a series of data destruction processes (the “Disk Erase Policy”) before leaving SMELECOM UK’s premises either for reuse or destruction. Decommissioned Disks are erased in a multi-step process. If due to hardware failure, the Decommissioned Disk cannot be erased, it is securely stored until it can be destroyed.

Personnel Security.

SMELECOM UK personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. SMELECOM UK conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labour law and statutory regulations.
Personnel must acknowledge compliance with SMELECOM UK’s confidentiality and privacy policies. Personnel handling Customer Data are required to complete additional requirements appropriate to their role. SMELECOM UK’s personnel will not process Customer Data without authorization.

This privacy notice discloses the privacy practices for Smelecom UK. This privacy notice applies solely to information collected by this website.  It will notify you of the following:

  1. What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  2. What choices are available to you regarding the use of your data.
  3. The security procedures in place to protect the misuse of information.
  4. How you can correct any inaccuracies in the information.

 

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or another direct contact from you.  We will not sell or rent this information to anyone.

 

We will use your information to respond to you, regarding the reason you contacted us.  We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

 

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Registration

In order to use this website, a user must first complete the registration form. During registration, a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site in which you have expressed interest. At your option, you may also provide demographic information (such as gender or age) about yourself, but it is not required.

Orders and Credit Cards

We request information from you on our order form. To buy from us, you must provide contact information (like name and shipping address) and financial information like credit card number, expiration date (Please note: we do not store credit card details nor do we share customer details with any 3rd parties). This information is used for billing purposes and to fill your orders. If we have trouble processing an order, we’ll use this information to contact you.

Cookies

We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time.  You can do the following at any time by contacting us via the email address or phone number is given on our website:

 

–       See what data we have about you if any.

–       Change/correct any data we have about you.

–        Have us delete any data we have about you.

–       Express any concern you have about our use of your data.

 

Security

We take precautions to protect your information.  When you submit sensitive information via the website, your information is protected both online and offline.

 

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way.  You can verify this by looking for a closed lock icon at the bottom of your web browser, or look for “https” at the beginning of the address of the web page.

 

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information.  The computers/servers in which we store personally identifiable information are kept in a secure environment.

 

If you feel that we are not abiding by this privacy policy, you should contact us immediately
via telephone at +44 (0)208 123 8391
or via email info@smelecomuk.com

This Web site uses etracker technology (www.etracker.com) to collect visitor behavior data. This data is collected anonymously to be used for marketing and optimisation purposes. All visitor data is saved using an anonymous user ID to aggregate a usage profile. Cookies may be used to collect and save this data, but the data is not personally identifiable. The data will not be used to identify a visitor personally and is not aggregated with any personal data. The collection and storage of data may be refused at any time with respect to subsequent services.

WhatsApp chat