1. About this Privacy Notice
1.1 During the course of SRM’s (we, our, us) business we collect, store and process Personal Data (as defined below) about visitors and users of to our website, www.srm.com (‘Website’). We recognise that the correct and lawful treatment of this data will maintain confidence in us and will provide for successful business operations.
1.2. This privacy notice sets out the practices SRM adopt when processing Personal Data which we collect or is provided to us by you or via third parties through our Website, to ensure we obtain, handle, process, transfer and store Personal Data in compliance with legislation (including the Data Protection Act 1998 and the General Data Protection Regulation (679/2016/EU) (the “Legislation”)).
2. What is Personal Data?
For the purposes of this privacy notice "Personal Data" consists of any information that relates to you and/or data from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity which used separately or in combination with each other information can identify you.
3. How does SRM collect Personal Data from you?
We may collect and process Personal Data which is either given by you or collected from you by SRM.
3.1. Information you give to SRM:
You may give SRM Personal Data about you by visiting our Website. The type of Personal Data you may provide SRM through use of the Website may include:
- Contact information provided to SRM directly via our Website, email or telephone to request information about our services;
- Personal Data in response to our marketing campaigns or social media posts (e.g. requesting further information);
- Contact details if you report a problem with our Website; or
- Personal Data if you complete a survey through our Website or participate in a discussion board.
3.2. Information SRM collect about you.
SRM may collect Personal Data when you visit our Website, this Personal Data could be collected through:
- technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit to our Site, including the full URL to, through and from our Site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
3.3. Information SRM receives from other sources.
We may receive Personal Data if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
4. What sort of Personal Data do we collect?
Depending on your engagement through our Website potential Personal Data you give SRM or SRM collects may include:
- your name;
- job title;
- contact information such as office address or home address, phone number (work or personal), e-mail address (work or personal);
- demographic information such as postcode, preferences or interests;
- photographs which can identify you or others;
- information about your services.
5. How does SRM use your Personal Data?
We process your Personal Data in accordance with our obligations under the Legislation. Collecting this data helps SRM operate our business effectively and offer improved client and employee experiences. SRM will process your Personal Data it has obtained through our Website on one of the following legal grounds:
- where SRM need to perform the contract we have entered into with you; or
- where we need to comply with a legal obligation; or
- where it is necessary for SRM’s legitimate interests apart from where your interests, freedoms or fundamental rights override those interests.
SRM will only use your Personal Data for the purposes which we collected it, unless we reasonably consider we need to use it for another reason and that reasonable is compatible with the original purpose.
Below are some specific examples of how your Personal Data might be used by SRM:
- to carry out our obligations arising from any contracts entered into between you and SRM and to provide you with the information and services that you request from SRM;
- to notify you about changes to our service or general SRM updates/ news;
- to ensure that content from our Website is presented in the most effective manner for you.
- to administer our Website including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Website to ensure that content is presented in the most effective manner;
- to allow you to participate in interactive features of our service, when you choose to do so; and/or
- to ensure compliance with relevant Legislation and contractual obligations on SRM.
6. Disclosure of your information
6.1. We may share Personal Data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
6.2. We may also disclose Personal Data we hold to third parties:
- if we are under a duty to disclose or share your Personal Data to comply with a legal obligation, or to enforce or apply any contract with the Data Subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7. Transferring Personal Data to a country outside the EEA
7.1. We may transfer any Personal Data we hold to a country outside the European Economic Area (”EEA”), if one or more of the following conditions apply:
- the country to which the Personal Data are transferred ensures an adequate level of protection for your rights and freedoms; or
- you have given your consent; or
- the transfer is necessary for a reason set out in the legislation, including the performance of a contract between us, or to protect your vital interests; or
- the transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims; or
- the transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights.
7.2. Subject to the requirements in 7.1, Personal Data may also be processed by staff operating outside the EEA who work for us or one of our suppliers. If this occurs, we scrutinise that supplier’s data protection policy and processes.
8. Where we store your personal data
8.1. We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data.
8.2. We put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. Personal Data will only be transferred to a data processor if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
8.3. All information you provide to us is stored on our secure servers within the UK or SRM’s third parties secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
8.4. Unfortunately, the transmission of information via the internet is not completely secure due to design. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access as well as ensuring we implement all reasonable technical controls to be secure by design and by default.
8.5. We also follow stringent procedures to ensure we work with all personal data in line with the Legislation.
9. Data Retention
The information we collect from you will be retained for as long as necessary to fulfil the purposes for which your Personal Data has been collected as outlined in this privacy notice unless this may vary depending on the nature of the Personal Data provided. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for and will not keep personal information for any longer than the relevant legal period, it will be deleted and/or returned to you in accordance with applicable law.
10.1. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
10.3.2. We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our sites. They include, for example, cookies that enable you to log into secure areas of our sites, or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our sites when they are using them. This helps us to improve the way our sites work, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our sites. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our sites, the pages you have visited and the links you have followed. We use this information to make our sites and the advertising displayed, more relevant to your interests. We may also share this information with third parties for this purpose.
10.3.4. Except for essential cookies, all cookies will expire after 14 days (some will expire sooner).
11. Access to information
If you wish to make a subject access request in relation to the Personal Data SRM holds please make a written request to SRM in accordance with the Legislation.
12. Changes to our Privacy Notice
We reserve the right to change this privacy notice at any time.
13. Queries about this Privacy Notice
Any queries about this privacy notice or concerns as to whether the privacy notice has been complied with should be directed to us at:
Tel: +44 (0) 333 566 3444
Address: Sir Robert McAlpine Ltd