Statement on GDPR

Business-to-Business Services

Security Management Consultants LTD provides only ‘business to business’ services. We do not provide services to consumers. Our clients are sole traders, partnerships, private limited companies, public limited companies and government agencies.

Person Identifiable Data (PID)

We do not store, process or transmit consumer data or person identifiable data (PID) for our own purposes or on behalf of clients except for PID relating to our current employees, former employees and client representatives as described below.

Employee Person Identifiable Data

We do store and process personal data relating to our current and former employees in accordance with the requirements of the current UK Data Protection Act and the General Data Protection Regulation (GDPR) that will officially come into force on 25 May 2018. This data is not shared with third parties except where required by law or necessary for the operation of our pension scheme.

Person Identifiable Data of Client Representatives

If we are a supplier to your business and need to communicate with you we will store the following information about you to allow us to carry out the work that we have been contracted to perform:

  • Name
  • Business email address
  • Business physical address or addresses where you normally work (if relevant to the work)
  • Business telephone number (if relevant to the work)
  • Business role title (if relevant to the work)

This data is not shared with third parties except where required by law.

Please see our ‘Client Data Security‘ post for details of how we keep client information safe.

Person Identifiable Data Relating to Prospective Clients

If you have contacted us because you are considering engaging us as a supplier to your business we will store the following information that you provide about yourself and your business colleagues to allow us to communicate with you:

  • Name
  • Business email address
  • Business physical address or addresses where you normally work (if relevant to the work)
  • Business telephone number (if relevant to the work)
  • Business role title (if relevant to the work)

This data is not shared with third parties except where required by law.

If you subsequently decide not to engage us as a supplier we will retain the associated information for a period of seven months following the end of the period of validity of the most recently submitted proposal or quote unless requested otherwise.  This is to facilitate submitting a subsequent proposal or quote should the same or similar requirement arise in the near future.

Receipt of Unsolicited Personal Information

If, unsolicited, a member of the public provides personal identifiable data (PID) to us we delete the data as soon as practicable and advise the sender of this using contact information they have provided.

Speculative Employment Enquiries

We do not retain unsolicited employment enquiries for future reference.

Data Protection Officer (DPO)

Richard Murray, Director, is our designated Data Protection Officer.  Please refer to the Contact page for details of how to submit enquiries.

Protection of Client Data

Please see our ‘Client Data Security‘ post for details of how we keep information relating to clients and prospective clients safe.