Our GDPR Statement
GDPR is the General Data Protection Regulations which are effective as of 25th May 2018. This set of regulations establishes a new framework for handling and protecting the personal data of EU-based residents.
How Does Sherr Technologies comply with GDPR?
Sherr Technologies is committed to the principles of Data Protection it is the very foundation of our business ensuring the data we hold for our clients is stored securely and safely as possible when entrusted to our care. We achieve this by employing a mixture of technical and process driven measures not only designed to simply meet GDPR but exceed it and more importantly continually to monitor and evolve how we deliver our service to you
Sherr Technologies operates its own equipment within ISO 27001 certified, UK based datacentres. Our environments are built from the ground up with security and data protection in mind, not only utilising the latest technology but continually monitoring our environments for threats and proactively adapting to the ever evolving threat landscape.
Sherr Technologies continually monitors the availability of data and services we provide to ensure compliance
The team at Sherr Technologies are fully trained and aware that they may come into contact with sensitive data as part of their day to day role and their responsibility when handling such data. We monitor and audit the use of tools that allow us to perform our day to day activities to ensure data is handled safely and securely by our team in compliance with GDPR
In addition to our contractural obligations to our clients, no data (as a processor) is stored or transferred outside of the EU unless expressly authorised in writing fully in a fully audit-able format so as to confirm the autheticity of such requests. Should we be required by law enforcement or legal process to transfer data you will be advised as required
Sherr Technologies as a business recognises that good processes and technology combined deliver a safe, secure environment for our clients. As an organisation we are recognised and certified by the Cloud Industry Forum (CIF) and are currently undergoing ISO 9001 with a view to moving on to complete ISO27001 thereafter. As both a Data Processor and a Data Controller we 'wear' two hats and comply with our responsibilities under GDPR through the above process and operations.
GDPR - As a Data Processor
Employing strict security and operational processes where we are engaged to provide a service where we 'process' data on your behalf we act and abide by GDPR as outlined above ensuring your data is kept securely in UK based datacentres (or within the EU if requested). Such services include but are not necessarily limited to those detailed on our website. As a data controller you should be confident that any providers (data processors) which you work with have a highly robust approach to data protection, understand the obligations of the GDPR, and are well prepared to meet them. If you require further details they can be provided where requested
GDPR - As a Data Controller
By the very nature of our work we must collect data from you in order to provide our services. We collect data to allow us to contact you as part of the process of engagement of our services. The data we collect is generally limited to name, contact details (postal address, phone number, email) and any details you pass to us, or that we hold in order to perform our day to day operations. All such data is stored in a secure manner either internally or via a Data Processor we have audited and approved as compliant and capable of storing your data safely on our behalf. Our Data Processors store data both within and outside the EU as part of their operational processes but we have reciprocating agreements in place to ensure data remains safe and is stored within GDPR.
GDPR - Privacy & Data Access Request
We comply with appropriate data protection laws. This says that the personal information we hold about you must be:
How is your personal information collected?
We collect personal information about Website Visitors, Prospects, Customers, Employees & Suppliers through our Secure Website forms, Telephone Calls or via email. We may sometimes collect additional information from third parties including customers, suppliers and other referees or in order to perform other background checks throughout the Contractual application/credit check process.
How we use your personal data
We will only use your personal information where the law permits only in the following circumstances:
We may also use your personal information in the following rare situations:
Sherr Technologies uses the information collected from you to perform the services we have established a contract to perform. As described above we acts on behalf of our clients in the capacity of Data Processor. When working exclusively as a Data Processor, Sherr Technologies will be acting on the instruction of its client.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. Some personal data may be collected about you from the forms and surveys you complete, from records of our correspondence and phone calls and details of your visits to our website, including but not limited to personally identifying information like Internet Protocol (IP) addresses. Sherr Technologies will use such information to identify its visitors. Sherr Technologies may also collect statistics about the behaviour of visitors to its website.
Any information Sherr Technologies holds about you and your business encompasses all the details we hold about you and any transactions including any third-party information we have obtained about you from public sources and our own suppliers such as credit processing agencies, or references provided by you in the course of your application.
Sherr Technologies will only collect the information needed so that it can provide our services
Legal basis for processing any personal data
The primary legal basis for processing your personal data is to meet our contractual obligations to its customers in order to provide our services
Sherr Technologies may on occasions pass your Personal Information to third parties exclusively to process work on its behalf. Sherr Technologies requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.
We do not need your consent to process your personal data in order to perform our contractual obligations to you. In limited circumstances, we may approach you for your written consent to allow us to process certain data or particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
We may have to share your data with third parties, including third-party service providers and other entities in the group. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
We process some of your personal data and it may involve transferring your data outside the European Economic Area (EEA). Whilst our facilities are based in the United Kingdom. Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Which third-party service providers process my personal information? "Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers: IT services, such as payment processing providers, market research, product fulfilment and data analytics. The activities for which we use third-party service providers may change from time to time in order for us to meet the needs of the business.
Sherr Technologies will process personal data during the duration of any contract and will continue to store only the personal data as needed after the contract has expired to meet any legal obligations. After this period any personal data not needed will be deleted.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Right to withdraw consent
Key amongst the principles of GDPR is the right to know what data we hold about you (where we act a Data Controller) and the right to be forgotten should you desire. In most instances we are holding data on behalf of a Data Controller so would advise you to contact the Data Controller to address such queries. If, however, we are Data Controller for the purposes of our commercial relationship and you have any queries or a data access request, please contact us here via email firstname.lastname@example.org or via post to Data Protection Officer, Sherr Technologies, Kinetic Centre, Theobald Street, Borehamwood, Herts, WD6 4PJ
You can obtain further information about Data Protection and privacy laws by visiting the Information Commissioner’s website at: https://ico.org.uk/for-thepublic.
Changes to this privacy notice
GDPR is not a fix and forget activity, it is a continuous and ever evolving process of maintaining good data security and keep data safe and secure