Skip to content

Privacy Policy

Website Privacy Notice

Introduction

This Privacy Notice explains how we use personal information we collect about you and how you can exercise your data subject rights, which are available to everyone. We will collect, process and store your personal information, for the purposes listed in this Privacy Notice.

Please read this Privacy Notice carefully, to inform you, how your personal information is processed by us. We are committed to protecting and respecting how we treat your personal information, as if it was our own.

Details of who we are

Sheraton Systems Limited, trading as Websure are the Controllers under the UK General Data Protection Regulation, Data Protection Act 2018 and other applicable national implementing legislation.

You may contact SSL Limited to make requests, for example to exercise your data protection rights, to provide positive feedback or to make complaints by writing to us at the address below.

Sheraton Systems Limited and Websure are referred to as “SSL”, “we”, “us” and “our”.

Our Contact Details

Name: Sheraton Systems Limited, trading as Websure, company number 02348058
Address: Sheraton Systems Limited, 34 The Broadway, Wickford, Essex SS11 7AN
Phone Number: +44 (0)20 7977 8255
Email: ITsecurity@websure.com
Sheraton Systems Limited ICO Registration: ZA213388

We have appointed a representative in the EU, who can be contacted by using the contact details below:

Name: Mishcon de Reya Representative Services (Europe) Limited
Address: 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
Email: representative@mishcon.com

The type of personal information we collect

You can visit our website without revealing who you are or providing any personal information about yourself. However, our website uses Cookies, therefore please read our Cookie policy by clicking the link below in the section entitled Cookies and other similar technologies below.

If you choose to provide your personal information by emailing us or by completing and submitting the enquiry form, on our website, we will process the following types of personal information:

  • Contact Information: name, email addresses and telephone numbers
  • Usage Data: including information about how you use our website.
  • Technical Information: IP addresses, your log-in data, browser type and version, timezone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s).

When you apply for a role that has been advertised, please visit our Recruitment Privacy Notice to understand how we process your personal information.

The purposes of processing your personal information

  • Customer enquiries
  • Customer complaints
  • Legal claims
  • Responding to your feedback
  • Business to business communications with a supplier of services and payment of services

What is the lawful basis to process your personal information

When we use the lawful basis of legitimate interests, we ensure that our processing is not overridden by your data protection interests or fundamental rights and freedoms.

The purposes of processing your personal informationLawful basis used
Customer queriesThis is necessary for our legitimate business interest to enable us to address your query
Customer complaintsThis is necessary for our legitimate business interest to enable us to address your complaints.
Legal ClaimsWe may have a legal obligation to process personal information about you, or may need to process personal information in order to exercise, establish or defend legal claims.
Responding to your feedbackThis is necessary for our legitimate business interest to enable us to review and respond to your feedback.
Business to business communications with a supplier of services and payment of servicesThis is necessary for our legitimate business interests, namely to with a view to providing your service to SSL, and for performance of contract.

When we use the lawful basis of legitimate interests, we ensure that our processing is not overridden by your data protection interests or fundamental rights and freedoms.

What is the lawful basis to process your special category of personal information

We do not collect or process your special categories of personal information, for the purposes listed above.

What if you will not provide us with your personal information

SSL cannot deliver its services to you, unless you have provided us with your personal information.

How we get your personal information and why we have it

Most of the personal information SSL process, is provided by our direct interaction with you, such as:

  • visiting any of SSL’s websites, cookies, IP address, server logs and other similar technologies
  • completing an online enquiry form
  • communicating with use by phone, text, email, letters or otherwise
  • using SSL’s social media LinkedIn platform
  • proving feedback
  • conference/ networking events

Cookies and other similar technologies

Our website uses Cookies.

Click here for our Cookie policy and full list of Cookies used on our website.

Who do we share your personal information with

Within SSL, only those members of the workforce who have a valid business ‘need to know’ will be granted access to your personal data. Further, individual team members will only be given access to the part of your data that they need to perform their roles. These members of our team:

  • Provide sales and product services to you
  • Provide client services to you

Externally, your data may be shared with the following types of organisations for the reasons set out:

  • IT – website hosting, office 365, Teams, system administration, web developers, Sales Force etc.
  • Telephony providers
  • Information Commissioner’s Office and other authorities who require reporting of SSL’s processing activities in certain circumstances
  • SSL’s professional advisers (including auditors, accountants, solicitors, bankers and insurers)
  • Due diligence with external third parties
  • Potential purchasers of SSL’s business. We may choose to sell, transfer, or merge parts of our business or our assets. We may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may use your personal information in the same way as set out in this policy.
  • SSL’s shareholders
  • Where we are legally required by law to disclose your personal information
  • To further fraud protection and reduce the risk of fraud

Wherever possible the data shared are either anonymised and/or minimised and only those with a valid business ‘need to know’ in the receiving organisation are granted access.

Details of transfers of personal information to any third countries and safeguards

We may transfer your personal information outside the United Kingdom / Europe, to a third country, that does not benefit from an adequacy decision.

To ensure a similar degree of protection, we will enter into the UK International Data Transfer Agreement or International Transfer Addendum to the European Commission Standard Contractual Clauses for International Data Transfers

If you have any queries regarding our transfers of personal information to third countries, please use the contact details in this Privacy Notice.

Retention period or criteria used to determine the retention period

We retain information for as long as there is a need to keep it in connection with the purposes for which it was collected. We may keep your personal data after a particular matter or exchange has concluded, but purely for record keeping purposes and to be able to respond to queries and in accordance with our Retention Policy.

How we store your personal information

Your information is securely stored on servers in the United Kingdom and we implement appropriate technical and organisational measures, to protect your personal information.

Your data protection rights

You have the right to exercise the following rights under UK data protection law. These rights are not absolute and will depend on which legal basis we use to process your personal data.

Please contact us using the contact details set out above if you wish to exercise any of these rights:

  • Transparency – we must provide you with all the information set out in this privacy notice in a concise, transparent, intelligible and easily accessible form, using clear and plain language, so that you may understand how and why we process your data and what your rights are. We must keep you informed in timely manner about our progress in responding to requests from you to access your rights under data protection law.
  • Rights of access by the data subject – you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to access your personal data.
  • Right to rectification – you have the right to have the personal data concerning yourself rectified without undue delay, if it not accurate. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.
  • Right to erasure (‘right to be forgotten’) – in some limited circumstances, you may have the right to obtain from us the erasure of your personal data without undue delay, when and if:
    • Processing your personal data is no longer necessary in relation to the purposes for which your data were collected.Where you withdraw consent for processing, but only if consent was the legal basis relied upon for that processingYou object to processing and there are no overriding legitimate grounds for the processing or where you withdraw your consent to marketing.
    NB This does not apply to employees or former employees or applicants where we have a legal obligation to retain your data
  • Right to restriction of processing – In some limited circumstances you have the right to request that the processing of your personal data is restricted, in some cases for a limited time only, specifically when:
    • You are contesting the accuracy of your personal data while we verify its accuracy or correct it
    • The processing is unlawful and you oppose the erasure of your data;
    • Where we no longer need your personal data for the purposes for which it was obtained but where you require the data for the establishment, exercise or defence of legal claims
    • Where you have objected to the processing of your data pending the verification whether legitimate grounds of the Controller override your interests.
    • You have the right to be informed by the Controller before the restriction of processing is lifted
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing – we will let you know when the following things happen, unless it proves impossible or disproportionate to do so:
    • When we have rectified your data
    • When we have erased your personal data
    • When we have restricted the processing of your personal data
    • When we intend to lift any restriction to the processing of your personal data
    • We will also advise you about any recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort
  • Right to data portability – upon your request and where the legal basis for processing your personal data is ‘consent’ or ‘contract’, we will provide you with a copy of your personal data that you have provided to us and which are processed by automated means, in a structured, commonly used and machine-readable format. Upon your request and where technically feasible, we will also transmit those data to another data controller.
  • Right to object – In some limited circumstances, you have the right to object to our processing of your personal data. When certain conditions are met we, as Controller, will no longer process your personal data. This right can be exercised only when:
    • You are contesting the accuracy of your personal data while we verify its accuracy or correct it
    • The processing is unlawful and you oppose the erasure of your data;
    • Where we no longer need your personal data for the purposes for which it was obtained but where you require the data for the establishment, exercise or defence of legal claims
    • Where you have objected to the processing of your data pending the verification whether legitimate grounds of the Controller override your interests.
    • You have the right to be informed by the Controller before the restriction of processing is lifted
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing – we will let you know when the following things happen, unless it proves impossible or disproportionate to do so:
    • Either the processing is necessary for the performance of a task carried out in the public interest or processing is necessary for the purposes of our legitimate interests (including profiling), but where we cannot demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or where processing is necessary for the establishments, exercise or defence of legal claims
    • Processing for direct marketing purposes, including profiling
    • When personal data are processed for scientific or historical research purposes or statistic purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest
  • Automated decision-making, including profiling – you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significant effects. At the current time SSL does not perform automated decision making or profiling.
  • Details of whether you are under a statutory or contractual obligation to provide the personal data – this does not apply to SSL.
  • The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences – SSL does not currently perform automated decision making or profiling.
  • Your personal data has been unlawfully processed
  • Your personal data has to be erased to comply with a legal obligation to which the Controller is subject
  • Your personal data has been collected in relation to the offer of information society services to children

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us, by using the contact details provided above, in this Privacy Notice.

Please ensure that you state ‘Data Protection Complaint’ in the subject field.

You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

Sheraton Systems Limited ICO Registration: ZA213388

Changes to our Privacy Notice

Any changes SSL make to this Privacy Notice in the future will be posted on our website.

Current Notice Date: 26 June 2024

Terms & Conditions
Privacy Policy
Recruitment Privacy
Cookies Policy

flexible-by-design-black