Privacy policy.
Introduction and pledge
This policy applies to all personal information Siami receives either via a Siami website (Siami Ltd), or information supplied to Siami by an individual or client.
Siami is both a data controller (our websites) and data processor (information given to us by our clients). In all cases we are committed to protecting the privacy of personal data.
This policy explains how our business, www.downatthesocial.co.uk and www.socialite.co.uk use any information you provide and the ways in which we protect your privacy. We ask you to read it carefully.
We treat any personal information (which means data from which you can be identified, including your name, address, e-mail address) that you give us, or that we obtain from you/our clients, in accordance with the provisions of the General Data Protection Regulations. Under these regulations we have a legal duty to protect any information we collect from you. Any amendments to this policy will continue to be in accordance with the provisions of the General Data Protection Regulations. We ask you to check it occasionally to make sure you are aware of the latest version.
Nine Data Protection Principles
Siami shall comply with the following 9 Data Protection Principles when processing personal data:
1. Fairness and Transparency
Siami will process personal data fairly and provide individuals with information about how and why their personal data is processed.
the purposes for which their personal data is processed;
the legal basis for processing;
any legitimate interests pursued by Siami or a third party, if applicable;
the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
the existence of the right to request from Siami access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
the existence of the right to withdraw consent at any time, if applicable;
whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
This privacy notice is included in each client engagement letter or service agreement.
Where a client provides personal data of third party data subjects to Siami, no notice will have to be provided to those third party data subjects by Siami if such information must remain confidential subject to an obligation of professional secrecy. Siami will never pass on this data.
2. Lawful Processing
Siami will only process personal data, including sensitive personal data, lawfully where it has a valid basis for the processing.
Generally, personal data must not be processed without a legal ground. In the context of Siami, personal data are typically processed on the basis of:
processing is necessary for the performance of a contract to which the data subject (e.g. the client) is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing necessary for the legitimate interests pursued by a client or Siami, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This ground may apply to the processing of the personal data of any third party data subjects whose personal data are provided by the client;
a legal obligation to which Siami is subject and where compliance with such obligation necessitates the processing of personal data by Siami;
data subject’s consent, where such consent is procured from the client.
3. Purpose Limitation
Siami will only collect personal data for a specific, explicit and legitimate purpose. Any subsequent processing should be compatible with that purpose, unless Siami has obtained the individual’s consent or the processing is otherwise permitted by law.
Siami will typically process:
the personal data of its clients as required for the purposes of providing its professional services and the administration of its client relationships;
the personal data of its personnel as required for the administration of personnel;
the personal data of its suppliers as required for the administration of its supplier relationships, if applicable; and
the personal data of its clients, personnel and suppliers as is necessary in order to comply with its legal obligations.
Siami will generally not carry out any unsolicited electronic marketing, but to the extent it does, it will have to comply with the law.
4. Data Minimisation
Siami will only process personal data that is adequate, relevant and limited to what is necessary for the purpose for which it was collected.
Siami asks that each client ensures that only the minimum necessary personal data is provided in connection with the professional services sought.
5. Data Accuracy
Siami takes reasonable steps to ensure personal data is accurate, complete, and kept up-to-date.
Siami asks that each client ensures that any personal data provided in connection with the professional services sought is accurate, complete and up to date.
Siami will endeavour to keep an accurate record of personal data in relation to its clients and personnel.
6. Individual Rights
Siami allows individuals to exercise their rights in relation to their personal data, including their rights of access, erasure, rectification, portability and objection.
Siami will ensure that all Individual Rights Requests are correctly identified and appropriately responded to, subject to any applicable exemptions.
7. Storage Limitation
Siami only keeps personal data for as long as it is needed for the purpose for which it was collected or for a further permitted purpose.
Siami will keep all records as long as required by applicable law or as may be necessary having regard to custom, practice or the nature of the documents concerned.
Siami will annually clear out and dispose of personal information received from data controllers which is no longer required.
Save for personal data included in records which must kept for a prescribed period or preserved permanently in compliance with any legal obligations to which Siami is subject, personal data shall be kept for no longer than necessary for the relevant purpose. For example, all personnel records will be kept for no longer than 12 months following the termination of employment or contract, unless a longer retention is required under applicable law.
8. Data Security
Siami uses appropriate security measures to protect personal data.
1. Siami has the following security measures:
1. Physical security measures
physical security of premises, e.g. locked office;
confidential documents kept in locked cabinets;
reduced access privileges to only those needed;
access granted to only such personnel who need to have access in connection with their duties;
Siami disposes of confidential documents using a cross cut shredder;
2. Organisational security measures
Siami vet personnel and suppliers on a continuing basis;
Siami implement non-disclosure agreements – if requested - prior to entering into formalised agreements;
Siami provides training to personnel where appropriate;
3. Technical security measures
firewalls which are properly configured and using the latest software;
real-time protection anti-virus, anti-malware and anti-spyware software;
unique passwords of sufficient complexity and regular (but not too frequent) expiry;
encryption of all portable devices ensuring appropriate protection of the key;
4. data backup;
We have implemented reasonable technical and organisational measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration or disclosure. However, the Internet is an open system and we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use your personal information for improper purposes.
9. Accountability
Siami must take steps to comply with, and be able to demonstrate compliance, with the Data Protection Principles.
Siami has implemented appropriate governance processes as set out in this policy.
Personal information
we collect on our websites. You do not have to give us any personal information in order to use most of the website. However, if you wish to contact us about a product or service or employment via our enquiry form, subscribe to receive content, request more information or volunteer feedback we may collect the following personal information from you:
o name, address, phone number and email address; and
o employment details, employer details
When we request information from you, a statement will appear near or next to that part of the website, where the capture of data occurs, explaining what we need your data for and with a reference to this privacy statement.
In addition, we may automatically collect information about the website that you came from or are going to. We also collect information about the pages of this website that you visit, IP addresses, the type of browser you use and the times you access this website. However, this information is not used to identify you.
When someone visits our websites we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
No user-specific data is collected by either Siami or any third party.
How we will use your personal information
The personal information we collect via our website allows us to
o respond to your enquiry;
o provide the products and services you have ordered;
o administer our website and provide customer services;
o meet legal, regulatory and compliance requirements;
o gather management information to form statistical and trend analysis;
o communicate with you;
o contact you about our products and services which we think might be of interest to you (where we have the appropriate permissions to do so);
o contact you regarding employment opportunities.
Marketing communications
Where you have given us the appropriate permissions during the registration process to the website/ website services (as applicable), we may from time to time contact you by email or telephone or post about our products and services that may be of interest to you.
If at any point, you would like to opt-out of receiving marketing communications from us please email us, stating your preferences, at hello@amritchandan.com. If requested all your personal data stored will be deleted entirely from our system.
Where your personal data is held
Any information obtained via our website, is held electronically at Siami, 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX and via a third party which provides a secure and fully encrypted CRM solution. If requested, all the personal data we hold can be disclosed to you.
Should we discover that our data has been breached you will be notified within 72 hours.
Third parties
We do not sell, trade or rent your information to other parties.
We may employ the services of third party service providers to help us in certain areas, such as website hosting, maintenance and print. In some cases, the third party may receive your information.
However, at all times, we will control and be responsible for the use of your information.
We may disclose your information if required to do so by law for information such as a court order, witness summons, or complaint from governmental authorities
Cookie use
Cookies are pieces of data that are often created when you visit a website and are stored in the cookie directory of your computer either temporarily or permanently. We only use cookies to measure how you interact with our site; this does not include any personal information and remains anonymous.
Data Processing Assurance
Siami will ensure, by way of training or otherwise, that staff carry out their tasks in a way that will ensure compliance with data protection laws (including GDPR). Each member of staff shall have access to this policy and shall have an obligation to comply with it.
Siami will comply with data protection obligations in accordance with its service agreement including, where appropriate, a data processing agreement.
Siami shall periodically review this Policy and other policies to ensure that they continue to comply with the relevant legal requirements.
Links
Our website may contain links to other websites. We are not responsible for privacy policies or practices of other websites to which you choose to link from this site. We encourage you to review the privacy policies of those other websites so you can understand how they collect, use and share your personal information.
How to contact us
If you have any questions about this policy or your personal information, please contact us at hello@amritchandan.com
APPENDIX: GLOSSARY
Controller - A party which determines the purposes and means of the data processing
Data - Any information which is recorded electronically or, where recorded in a manual format (e.g. on paper), is organised by reference to an individual.
Data subject - The individual to whom the personal data relates.
Individual Rights Request - A request from a data subject in respect of their personal data, e.g. to access, erase, or rectify their personal data, or object to its processing.
Personal data - Any data relating to an identified or identifiable natural person. This can include (but is not limited to) names, addresses, email addresses, positions held, photographs, job applications, personnel files and correspondence to and from an individual.
Personnel - All employees of Siami at all levels.
Processing - Any opera6on performed on personal data, such as collection, recording, storage, retrieval, use, combining it with other data, transmission, disclosure or deletion.
Processor - A party processing personal data on behalf of a controller, under the controller’s instructions.
Supplier - Any external vendor, supplier, consultant or similar third party engaged to provide services to Siami.