GDPR POLICY

GDPR Policy for Sumcor Ltd – Trading as Spreadsheet Solutions

We take data protection seriously, as we know that it is important to you. We want you to understand what data we collect, how we collect it, and what we use it for. We also want you to know that we are prepared to delete all your personal data, should you wish, as long as you contact us and let us know. Please look through the information below, which will show our procedure when it comes to data collection and usage. If you are still not clear as to what is being done with your data, please contact us, we would be happy to explain.

How we collect data

  1. Online forms
  2. Via email
  3. Verbally
  4. Via your website, email signature or company documents
  5. Email signups
  6. Shared access
  7. Business Cards

What data we collect and how we use it

  1. Online forms

We have various online forms which you can complete on our website. Any information which you provide on those forms will be stored in order to produce invoices (if required), contact you regarding any requests, or to perform the task outlined on the signup form page. This information is manually captured, but does automatically appear on a database plugin, which is cleared periodically. The database is there to ensure that no contact emails are lost. Any information captured will be kept indefinitely, in order to log the work which has been done. The data from any online order forms will be used to generate an invoice, and will be kept for future records. If you have opted in for future updated products, you will be contacted should any become available. We will NOT ask you for your bank details, unless we have been paid funds incorrectly which need to be returned once cleared and authorised. If payment is required, we will send you an invoice with our bank details.

  1. Via email

Once we undertake any work, or in fact during the tender process, we may ask you for details of the work you wish for us to undertake. Any documents provided will be kept for the duration of the project in order to complete what we are contracted to complete or to provide any quotations. If you have provided us with any sensitive data which you would like us to delete once it has served its purpose, please inform us of such (in writing). We will completely delete any such files as soon as they are no longer required. We create ‘job cards’ for clients, and those who require a quote. Information collected is used to generate the quote, invoices, and other correspondence with you. Such information includes (but is not limited to) your company name, contact numbers, email addresses, invoice and physical address, contact person’s name, company website and VAT number. These details will be kept for the duration of the life of the business, in order to keep records of work completed.

  1. Verbally

As per ‘Via email’, you may provide us with information telephonically, via an online platform, or in person. These details may be added to your ‘job card’ and stored indefinitely.

  1. Via your website, email signature or company documents

In order to be more productive, we often gain information for the ‘job card’ from your email signature, website, or other company documents. All of this information is stored in one place for each client. If you would like to know what information of yours we have in your file, please just ask. We would be happy to let you know. We may contact you if required, but you will NOT be added to an automated mailing list, unless you complete the relevant email signup forms.

  1. Email signups

We have online signup forms, which you would need to complete to receive our monthly email newsletter. This newsletter is for general news, launching new products and free downloads, as well as marketing. We will NOT add you to this list without you using one of the forms to sign up. This service is provided by Mailchimp, so please see their privacy policy for details as to how this data is stored. If you wish to unsubscribe from the emails, you can do so by clicking the relevant link on the email.

  1. Shared access

From time to time our clients give us access to their online cloud storage or shared files, so that we can complete work. We will take utmost care when doing so, and will not download any files without informing you or doing so under your instruction. As you will be giving us access to your files, please ensure that you set the correct permissions. As per other data collected, if we do have any sensitive data, please inform us in writing. If informed, we will delete any such data as soon as we have completed the work for which we required the data.

  1. Business Cards

When the directors are networking (and at other times) we meet other professionals whose services we would like to refer. We may take your business card and add you to a ‘referral database’. You will not be added to any marketing list. If we meet someone who asks for a referral, we may use the database to gain access to your contact details, in order to put you forward as a referral. If you would like to know what details we have of yours (contact details usually on your business card), please contact us. We would be happy to remove you from the database if you wish.

Where we store the data and who has access to it

We store all of our documents on a Sharepoint site, which is a Microsoft product, allowing cloud storage and collaboration. This data is synced with our computers. We take various precautions with regard to security of our computers and our online storage. We obviously cannot guarantee against being hacked, but we have taken precautions against such an attack. There are currently two people with access to this data – the two directors, Richard Sumner and Wendy Sumner. All devices and cloud storage sites are fully password protected, and only accessible by the two company directors. We may outsource work from time to time, but we will inform you of this before doing so. Outsourcing will NOT include access to our devices or cloud storage sites, but may include access to required documents. 

Who the information may be shared with

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the General Data Protection Regulation (GDPR). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required, we may share information with (with permission):

  1. Family, associates and representatives of the person whose personal data we are processing
  2. Current, past and prospective employers
  3. Educators and examining bodies
  4. Central government
  5. Credit reference agencies
  6. Suppliers and service providers
  7. Debt collection and tracing agencies
  8. Financial organisations

We only share information in extremely rare circumstances.

Who the information is processed about

We process personal information about our:

  1. Employees
  2. Customers and clients
  3. Suppliers and service providers
  4. Advisers, consultants, and other professional experts
  5. Complaints and enquirers

Would you like to know what data of yours we hold?

If you would like to know what data of yours we hold, please email Richard at richard@spreadsheetsolutions.biz, and we will inform you. Any spreadsheets that we have created for you will not be deleted, as they remain our intellectual property, however personal data will be completely deleted upon request.

Action taken if data is breached

In the event of a data breach, we will contact those whose data has been affected in order to inform them. We take precautions against such an attack, like password protection on all devices, networks and shared drives, but we cannot be held liable for any data stolen during a breach.

Nothing on this document overrules any of our terms and conditions.