Privacy statement

 

SureCloud Ltd is committed to protecting and respecting the privacy of you as a user of this marketing website and our platform service websites.

 

Marketing site cookies SureCloud platform cookies.

SureCloud Privacy Statement

SureCloud platform cookies

We use cookies on our platform in order to provide our service to you. Learn more about SureCloud platform cookies.

Aurora platform cookies

We use cookies on our platform in order to provide our service to you. Learn more about Aurora platform cookies.

Use of your information

We use personal data about you for various purposes connected with our Site and our Services as described below. In order to use your information we must have a legal basis for doing so. The legal basis that we rely upon is explained further below. We will only use your information where it is necessary:

  • to fulfil our contract for Services with you (or the customer whom you represent);
  • to comply with a legal obligation to which we are subject; or
  • for our legitimate business interests that are not overridden by your interests, rights and freedoms.

Where none of the above applies, we will request your consent (which we will ask for before we process your information).

Use of your information

SureCloud Ltd (“we”, “us”, “our”) is committed to protecting and respecting the privacy of you (“you”, “your”) as a user of this website https://www.surecloud.com (“Site”) or if you are a customer (or representative of a customer of ours) to whom we provide Cloud-based Governance, Risk and Compliance Applications and Cyber Security Services (“Services”).

 

This website privacy policy (together with our Legal Terms and Cookie Policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding the personal data that is used by us and how we will treat it.

Site users

We collect and process the following information about you for the following purposes:

Information you provide to us

This is typically your name, the company you work for telephone number and email address in order to:

  • Request a demo;
  • Register for an event;
  • Receive our newsletters;
  • Respond to your inquiry (in relation to the services we offer or in relation to a potential employment opportunity);
  • Responses to surveys that you choose to participate in which we use for research purposes;
  • Other features and services we may offer on our Site from time to time. In such an instance, we may ask you for your personal data in order to provide such services.

Site users

The table below sets out further information about the purposes for which we use data about you, with the corresponding methods of collection and legal basis that we rely upon for its use.

Information we automatically collect:

  • Details of your visits to this Site and the resources that you access
    For example, we may compile reports and statistical analyses about how many users visited our Site, what pages have been browsed, and from what geographic regions users visited the Site. This may include information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information on Site usage. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
  • Cookies and web beacons
    We use cookies to enable you to use this Site and the materials on this Site. Cookies are also used to distinguish you from other users of this Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy. We may also use web beacons (e.g. internet tags, pixel tags or clear GIFs).

Customers

In order to provide Services to our customers, we collect and process personal data, such as:

  • Contact information, such as your name, the company you work for (if you are a representative of the customer), your title or position, postal address, email address and telephone number;
  • Information you provide to us for the purposes of attending meetings and events, including dietary preferences and access requirements;
  • Identification and background information provided by you or collected as part of our customer onboarding procedures;
  • Information provided to us by or on behalf of our customers or generated by us in the course or providing services to them, which may include special categories of data;
  • Any other information relating to you which you may provide to us.

Third party processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below.

Download our up-to-date list of sub-processors here.

Site users 

Purpose Legal basis for processing
To manage and facilitate your use of our Site:
  • To provide you with suitable content
  • To provide you access to certain materials and features
  • To comply with our legal obligations, policies and procedures in relation to use of our Site
  • To allow you to optionally enable the integration of SureCloud platform with third party applications and services, example Microsoft Teams
Legitimate interests – This processing is necessary in order to provide you with the best experience when visiting our Site or using our Services.
To communicate with you:
  • To respond to any enquiries or feedback that you send to us
  • To assist you with any technical problems you have with our Site
  • To collect reviews of our Site, in order to improve our business
  • To update you with any changes to our terms and conditions/ other policies
Legitimate interests – Processing is necessary to respond to communications that you send to us, inform you of relevant information in relation to the Services that we provide and to improve Services that we offer to you.
To send you information about our Services:
  • To send you information which you have requested e.g., newsletters or publications in accordance with your specified preferences

Legitimate interests – Where you have requested information from us, such as newsletters, publications or event invitations, we send such email communications based on response to a request.

 

You can ask us to stop sending such communications at any time by clicking on the unsubscribe link at the bottom of the message or by contacting us at privacy@surecloud.com.

To improve and develop our Site we conduct statistical analyses on your usage of the Site e.g., to enable us to improve our Site, offer new features and materials, etc. Legitimate interests – It is our legitimate business interest to identify ways to improve our Services (and develop new ones) and our Site for our customers.

Customers

Purpose Legal basis for processing
To provide you or our customer with our Services:
  • To provide you or the customer whom you represent with our Services
  • To manage or administer our relationship with you and our customer
  • As part of our customer onboarding procedures
  • To respond to any enquiries or feedback that you send to us
  • To update you with any changes to our terms of business or other policies
Contractual – Processing is necessary for the performance of the contract between you and us in relation to our Services.
  • For our business management and administrative purposes
  • To administer and manage our Services and business in an efficient and proper way e.g., accounting, billing, customer management, etc.
  • To manage how we work with other companies that provide services to us
  • To comply with legal and regulatory obligations to which we are subject (if applicable)
  • To establish and protect our business and legal rights or defend ourselves against any legal actions
Contractual and Legal – Processing is necessary for the performance of the contract between you and us in relation to our Services. Processing is also necessary to comply with legal and regulatory requirements we are subject to.
To share information with trusted third parties for support and marketing purposes. Legitimate interests – It is our legitimate business interest to share your data with trusted third parties in the provision of the Services.
To send you information about our services:
  • To send you information which we think may be of interest to e.g. newsletters, publications or events invitations.
Legitimate interests – Where you have requested information from us, such as newsletters, publications or event invitations, we send such email communications based on response to a request. 

You can ask us to stop sending such communications at any time by clicking on the unsubscribe link at the bottom of the message or by contacting us at 
privacy@surecloud.com

Telephone call recording
  • We may record your conversations with us for quality and staff training purposes
Legitimate interests – It is our legitimate business interest to record your calls for quality and staff training purposes, comply with laws to which we are subject and protect our business interests and legal rights.

Sharing of your information

Site users

We may disclose your personal data to trusted third parties as described below:

  • With exception of product update, optional integrations and support messages (further described below), information collected as part of our Services is not shared with any third parties, it is used for SureCloud business activities only.
  • Where we are under an obligation to disclose your personal data to regulatory authorities, courts, tribunals, government agencies or law enforcement agencies or in order to enforce our terms of business or legal rights;
  • Our professional advisers and auditors in order to manage and administer our business;
  • Third party service providers which provide us with services e.g., IT providers, analytics providers, marketing service providers, customer verification providers, credit checking companies, debt collection agencies and hosting companies, etc.
  • If our assets, or substantially all of our assets are merged or acquired by a third party, in which case your personal data may form part of the transferred or merged assets.

If you would like to receive a full list of our suppliers and other third parties who we share your data with then you can get in touch with us using the details provided in the section Contact Us section.

In some instances, we may intend to use your information in ways that are not described above. However, we will inform you before doing so and if necessary seek your consent to do so.

Customers

Where personal data is processed as part of our Services it will not transferred outside of your chosen platform location; Europe or North America, with the exception of product update and support notifications as described in the “Sharing of your information” section above

Product update and support messages: We may use Service user contact information, such as name and email addresses to send out product and support information. This may be communicated through email marketing cloud service providers, such as SalesForce.com and HubSpot.

If you would like to receive a full list of our suppliers and other third parties who we share your data with then you can get in touch with us using the details provided in the Contact Us section.

In some instances, we may intend to use your information in ways that are not described above. However, we will inform you before doing so and if necessary seek your consent to do so.

Transfers of your personal data

Site users

We are part of an international group of entities and, as such, your personal data may be transferred to and stored at a destination outside the European Union (“EU”) depending on the nature of the Services we provide to you. The entities within our group are:

  • SureCloud Limited (UK based business)
  • SureCloud, Inc (US based business)

Your personal data may also be processed outside the EU by one of our service providers.

Where we process your personal data outside of the EU, we will ensure that your personal data is protected by implementing appropriate safeguards, such as a European Commission adequacy decision, the EU-US Privacy Shield Certification or the EU Commission approved Standard Contractual Clauses. If you would like more information about any of the data transfer safeguards we implement you can get in touch with us using the details provided in the section Contact Us section.

Customers

Where personal data is processed as part of our Services it will not transferred outside of your chosen platform location; Europe or North America, with the exception of product update and support notifications as described in the “Sharing of your information” section above.

In some instances, we may intend to use your information in ways that are not described above. However, we will inform you before doing so and if necessary seek your consent to do so.

How we protect your information

We implement appropriate technical and organizational measures to protect personal data that we hold from unauthorized disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that assist in securing the data you provide. We also require our service providers to comply with strict data privacy requirements.

How long we keep your information for

The period for which we may retain your information will depend on the purposes for which the data was collected, whether you have requested deletion of the data, applicable limitation periods for legal action, whether any legal or regulatory obligations require the retention of the data and good practice or our business interests. We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected.

Your rights

You may have some or all of the following rights in respect of the information about you that we process:

  • request us to give you access to it
  • request us to rectify it or update it (where it is inaccurate or incomplete)
  • request us to restrict our using it, in certain circumstances
  • request us to erase it, in certain circumstances
  • object to our using it, in certain circumstances
  • withdraw your consent to our using it
  • data portability, in certain circumstances
  • opt out from our using it for direct marketing; and
  • lodge a complaint with the relevant supervisory authority (in the UK, the Information Commissioner’s Office ico.org.uk )

These rights are explained in more detail in the table below:

Your right Further detail (note: certain legal limits to all these rights apply)
to request us to give you access to it This is confirmation of:
  • whether or not we process data about you;
  • our name and contact details;
  • the purpose of the processing;
  • the categories of data concerned; the categories of persons with whom we share the data and, where any person is outside the EU, the appropriate safeguards for protecting the data;
  • (if we have it) the source of the data, if we did not collect it from you;
  • (to the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; an
  • the criteria for determining the period for which we will store the data.

On your request we will provide you with a copy of the data we hold.

to request us to rectify or update it This applies if the data we hold is inaccurate or incomplete.
to request us to erase it This applies if:
  • the data we hold is no longer necessary in relation to the purposes for which we use it;
  • we use the data on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all data about you in which case we will respect your wishes);
  • we use the data on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it;
  • the data was unlawfully obtained or used; or
  • to comply with a legal obligation.
to request us to restrict our processing of it

This right applies, temporarily while we look into your case, if you:

  • contest the accuracy of the data we use; or
  • have objected to our using the data on the basis of legitimate interest

(if you make use of your right in these cases, we will tell you before we use the data again).

This right applies also if:

  • our use is unlawful and you oppose the erasure of the data; or
  • we no longer need the data, but you require it to establish a legal case
to object to our processing it

You have two rights here:

  1. if we use data about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and
  2. if we use the data about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
to withdraw your consent to our using it

This right applies to any data which we have collected and process based on your consent.

You have the right at any time to withdraw the consent you have provided to us.

to data portability

This right applies:

  1. to data that you have provided to us; and
  2. if we use that data on the basis either of your consent, or on the basis of discharging our contractual obligations to you.

If both (1) and (2) apply, you have the right to receive the data from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible.

to lodge a complaint with the Information Commissioner’s Office or other supervisory authority in your country or take your complaint to a national court Each EU country has a supervisory authority responsible for upholding data protection rights. In the UK, this is the Information Commissioners Office.

You can find their contact details here.

You also have the right to obtain a remedy from a national court.

 

Contact us

If you have any questions, would like to exercise any of your rights in relation to your information or need further information about our privacy practices, please contact us at privacy@surecloud.com

Changes to this policy

We may update this policy from time to time as shown below. We will notify you of the changes where required by applicable law to do so.


Last modified 10th August 2023.