Privacy Policy
Westhill Solutions Limited takes data privacy very seriously and this notice is designed to help you understand how we use your personal information.
We encourage you to read the whole notice. Alternatively, if you wish to read about specific privacy practices that interest you, please click on the relevant links below.
THE PURPOSE OF THIS PRIVACY POLICY
1. Identity
2. Our use of personal information
3. This privacy notice
4. Updating this privacy notice
5. What is personal information?
6. Our responsibility to you
7. Data protection officer
YOUR PERSONAL INFORMATION
8. Why are we collecting personal information about you?
9. What personal information do we collect about you?
10. Where do we collect your personal information from?
OUR USE OF YOUR PERSONAL INFORMATION
11. How do we use your personal information
12. Consent
13. Do we share your information with anyone else?
OTHER IMPORTANT THINGS YOU SHOULD KNOW
14. Keeping your personal information safe
15. Profiling and automated decision making
16. How long do we keep your personal information?
17. Cross border transfers of your personal information
18. Local differences
YOUR RIGHTS
19. Contacting us and your rights
20. Your right to complain
THE PURPOSE OF THIS PRIVACY POLICY
- Identity
We are Westhill Solutions Limited (registered office: 87 Church Road Hove East Sussex BN3 2BB, United Kingdom; its subsidiaries and affiliates trading under the name of Westhill Solutions.
- Our use of personal information
We provide access control solutions via hardware and software services and supplies to our clients.
In common with most online solutions, we collect, use and share information, including personal information, in connection with providing our services and running our business.
- This privacy notice
This is our main general privacy notice that applies across our business, although we may publish additional privacy statements that apply to:
- our operations in specific countries in order to help ensure our compliance with local data protection requirements
- specific services that we offer to our clients from time to time
If an additional privacy statement is relevant to you because of the way in which you engage with us and there is a conflict between the information set out in this notice and the additional privacy statement, then the additional privacy statement will take precedence over the information set out in this notice.
We have a separate privacy notice that sets out how we process the personal information of our staff, which current and former members of staff should refer to.
- Updating this privacy notice
This notice may be updated from time to time. This version is dated 12th July 2021.
- What is personal information?
Personal information is information that relates to you or allows us to identify you. This includes obvious things like biometric data, your photographic likeness, name, address and telephone number but can also include less obvious things like your attendance at a particular location or analysis of your travel information and associated data.
There are different types of personal information. The most important types for you to know about are:
- Special categories of personal information: these categories of personal information often have additional protection under data protection laws around the world. These categories include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership, your genetic data and biometric data, and information concerning your sex life or sexual orientation
- Criminal convictions information: this is information relating to your criminal convictions and offences. Local data protection laws may restrict the way in which we can use this information when compared to, for example, your name and address
- Our responsibility to you
We process your personal information in our capacity as a controller. This means that we are responsible for ensuring that we comply with relevant data protection laws when processing your personal information.
- Data protection officer
We have a data protection officer whose job is to oversee our data protection compliance. You can contact our data protection officer by sending:
- an email to: dpo@secandi.associates
- a letter to: The Data Protection Officer, Secandi Associates Ltd, 87 Church Road Hove East Sussex BN3 2BB, United Kingdom.
YOUR PERSONAL INFORMATION
- Why are we collecting personal information about you?
We only collect personal information about you in connection with providing our services and running our business. We will hold information about you if:
- you are a customer or user of the software and hardware solutions provided by Westhill Solutions
- you are the representative of a customer or end user in an ongoing project or installation
- your information is provided to us by a customer or end user, or we otherwise obtain your information, in connection with the provision of our goods and services
- you provide services to us (or you represent a company which provides services to us)
- you represent a regulator, certification body or government body which has dealings with us
- you attend our seminars or events, receive our updates or visit our offices or websites
- you are an applicant for a job with us
- What personal information do we collect about you?
The types of information we process about you may include:
Types of Personal Information Details
Individual details: Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you
Identification details: Identification numbers issued by government bodies or agencies, such as your national insurance number, passport number, tax identification number and driving licence number
Financial information: Bank account or payment card details, expenses, income or other financial information
Travel details: Information about you which is relevant to a holiday or flight or location on / at which we are supplying our goods and services to a customer
Credit, anti-fraud and sanctions data: Credit history, credit score and information received from various anti-fraud and sanctions databases relating to you
Special categories of personal information: Information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership; your genetic and biometric data; and information about your sex life or sexual orientation
Criminal convictions information: Information relating to your criminal convictions and offences
Identifiers: Information which can be traced back to you, such as an IP address, a website tracking code or electronic images of you
- Where do we collect your personal information from?
We collect your personal information from various sources, including:
- you
- your employer
- our customers and our service providers
- other third parties such as witnesses, experts, accountants, book keepers, solicitors and investigators
- credit reference agencies
- anti-fraud databases, sanctions lists, court judgements and other databases
- government agencies and publicly accessible registers or sources of information
- by actively obtaining your personal information ourselves, for example through the use of website tracking devices
Which of the sources apply to you will depend on why we are collecting your personal information. Where we obtain your information from a third party, in particular your employer or our customers, we may ask them to provide you with a copy of this privacy notice (or a shortened version of it) to ensure you know we are processing your information and the reasons why.
OUR USE OF YOUR PERSONAL INFORMATION
- How do we use your personal information?
We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:
- Where you have consented before the processing.
- Where we need to perform a contract we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Purposes for which we will use your personal data
Purpose/activity |
Type of data |
Lawful basis for processing |
To install the App and register you as a new App user |
Identity Contact Financial Device |
Your consent |
To process in-App purchases and deliver Services including managing payments and collecting money owed to us |
Identity Contact Financial Transaction Device Marketing and Communications Location |
Your consent Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you including notifying you of changes to the App or any Services |
Identity Contact Financial Profile Marketing and Communications |
Your consent Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ Services) Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions) |
To enable you to participate in a prize draw, competition or complete a survey |
Identity Contact Device Profile Marketing and Communications |
Your consent Performance of a contract with you Necessary for our legitimate interests (to analyse how customers use our products/Services and to develop them and grow our business) |
To administer and protect our business and this App including troubleshooting, data analysis and system testing |
Identity Contact Device |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) |
To deliver content and advertisements to you To make recommendations to you about goods or services which may interest you To measure and analyse the effectiveness of the advertising we serve you To monitor trends so we can improve the App |
Identity Contact Device Content Profile Usage Marketing and Communications Location |
Consent Necessary for our legitimate interests (to develop our products/Services and grow our business) |
- Consent
We do not generally process your personal information based on your consent (as we can usually rely on another legal basis). Where we do process your personal information based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent please email us at dpo@secandi.associates or, to stop receiving our marketing emails or business news, please click on the unsubscribe link in the relevant email you receive from us.
- Do we share your information with anyone else?
We do not sell your information nor make it generally available to others. But we do share your information in the following circumstances:
- our business is made up of a number of different entities. Where it is necessary or appropriate for the purposes for which we hold your information, we share your relevant information across our network businesses. All of our business entities manage your personal information in the manner and to the standards set out in this notice, subject to any local jurisdictional compliance requirements
- if you are a customer, licensee of the software solution or end user, then we might provide your relevant information to search companies so they can verify your identity
- in the course of providing our goods and services, we may require the assistance of various external providers of professional services and of support services. The use of these services might involve the service provider receiving your relevant information from us
- where we have collected your personal information in respect of a project or location on which we are assisting a customer, we may provide your personal information to the customer or to other parties involved in the matter - for example, another party's compliance advisers - where it is necessary for us to do so in relation to the project or location
- we use the services of various external companies to help us run our business efficiently, particularly in relation to our IT systems. Some of these services (such as email hosting and data backups) involve the service provider holding and using your personal information
- where we use external companies to organise or host events for us, we may need to provide these service providers with your relevant information
- if we sell our business, then your information will be transferred to the new owner to enable the continuation of the business
- we share your personal information with other third parties, such as relevant regulators, where we are required to do so to comply with legal or regulatory requirements
In each case where we share your information with one of our service providers, the service provider is required to keep it safe and secure. They are also not permitted to use your information for their own purposes.
OTHER IMPORTANT THINGS YOU SHOULD KNOW
- Keeping your personal information safe
We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss or unauthorised disclosure of the personal information we process.
- Profiling and automated decision making
We do not use profiling (where an electronic system uses personal information to try and predict something about you) but our systems do use automated decision making (where an electronic system uses personal information to make a decision about you without human intervention).
- How long do we keep your personal information?
We do not keep your personal information forever.
We keep your personal information in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of relevant data protection laws and the purpose for which the information is collected and used, taking into account legal, accountancy and regulatory requirements to retain the information for a minimum period, limitation periods for tax investigations, taking legal action, good practice and our business purposes.
- Cross border transfers of your personal information
We are currently operating solely in England and Wales but in the future may become a global business that provides cross-jurisdictional advice and related services to our clients.
When and if relevant, the global nature of our business will mean that your personal information may well be transferred across national boundaries, including, potentially, to countries that do not require organisations by law to look after your personal information in the way in which you have come to expect in your own country.
Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data protection laws. Generally, this means where we transfer your personal information to a third party that is located in a country which does not have adequate privacy protection, we will put in place a contract with the third party that includes the standard international data transfer contractual terms approved by the European Commission.
If you would like further details of how your personal information is protected when transferred from one country to another then please email us at dpo@secandi.associates
- Local differences
Whilst this notice describes the data protection practices adopted by us generally across the world, local data protection laws vary and some countries may place restrictions on our processing activities. This means our actual data protection practices in certain countries may vary from those described here in order to help us ensure we comply with local requirements. Country-specific differences in our data protection practices to help us comply with local requirements will be uploaded as and when relevant to our business.
YOUR RIGHTS
- Contacting us and your rights
If you have any questions in relation to our use of your personal information, please email us at dpo@secandi.associates.
Under certain conditions, you may have the right to require us to:
- provide you with further details on the use we make of your personal information
- provide you with a copy of the personal information we hold about you
- update any inaccuracies in the personal information we hold about you
- delete any of your personal information that we no longer have a lawful ground to use
- where processing is based on consent, stop that particular processing by withdrawing your consent
- object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
- restrict how we use your personal information whilst a complaint is being investigated
- transfer your personal information to a third party in a standardised machine-readable format
In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
We are obliged to keep your personal information accurate and up to date. Please help us to do this by advising us of any changes to your personal information.
- Your right to complain
If you are not satisfied with our use of your personal information or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then you have the right to complain to the authority that supervises our processing of your personal information or, where you are based in the EU, the data protection authority in your country.
We view the UK data protection regulator, the Information Commissioner's Office (ICO), as our lead data protection supervisory authority. Details of the ICO can be found at https://ico.org.uk.
If you are unsure of the authority that supervises our processing of your personal information then please email us at dpo@secandi.associates
34 Duke Street,
Brighton,
England,
BN1 1AG