Privacy policy

Introduction

---

Seccl Technology Limited and Seccl Custody Limited (collectively referred to herein as “Seccl”) value your privacy and appreciates that protecting your Personal Data is a priority. This Privacy Policy will allow you to see how Seccl intends to look after your Personal Data as a customer and inform you of your rights and how the law protects you.

Controller

Seccl is a Data Controller within the definition of Article 4 GDPR and is responsible for maintaining and protecting your Personal Data.

The Data Seccl Collects about you

Personal Data means any information about an individual from which that person can be identified. Where possible your Personal Data will be anonymised or pseudonymised but treated the same in accordance with this privacy policy.

Seccl collects, uses, stores and transfers different kinds of Personal Data about you as follows:

• First name, last name, email address, password details, telephone numbers, marital status, title, date of birth and gender.
• Billing and delivery address, debit card details and bank account details.
• Details about payments, purchases or orders made by you and other details of products and services you have purchased via Seccl.
• Details on your feedback of Seccl’s service and products, interests, preferences and survey responses.
• Information about how you use the Seccl platform, products, services and website including your preferences in receiving marketing from Seccl and associated third parties and your communication preferences.
• Any other Personal Data otherwise obtained which is reasonable for Seccl to hold and use in accordance with this policy.

Seccl also collects, stores, transfers and uses demographic or statistical data for any purpose as compiled from various sources. This collective data can be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, Seccl may aggregate average customer usage data to calculate the number of users accessing or interested in a specific feature or product. Where Seccl combine others’ usage and Personal Data with your usage and Personal Data, it will not directly or indirectly identify you. Seccl will still treat the combined data as Personal Data which will be controlled in accordance with this privacy policy.

Seccl does not collect any special category of Personal Data about you ie: details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health/medical history, and genetic and biometric data, nor does Seccl collect any information about criminal convictions and offences. The only exceptions to this form of data collection are when Seccl is required to process such data in order to fulfil contractual obligations or to conform to regulatory requirements.

How Seccl Collects Your Personal Data

Seccl will use different methods to collect data from and about you including by:

Direct Interactions

You may provide Seccl with your Personal Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This will include Personal Data you provide to Seccl when you:

• Apply for/purchase Seccl products or services;
• Create an account on the Seccl website/platform;
• Enter a competition, promotion or surveys;
• Provide Seccl with feedback or contact Seccl directly;
• Request marketing to be sent to you;
• Subscribe to Seccl’s service or publications; and
• Engage in any other interaction with Seccl.

Automated Technologies or Interactions

As you interact with the Seccl website, it will automatically collect technical data about your browsing actions, equipment, and patterns. Seccl collect this Personal Data by using cookies, (in accordance with the cookie policy, as amended from time to time), server logs and other similar technologies.

Third Parties or Publicly Available Sources

Seccl will receive Personal Data about you from various third parties and public sources as set out below;

• Technical data from the following parties:

  • Analytics providers such as Google based outside the UK;
  • advertising networks based inside or outside the UK; and
  • search information providers based inside or outside the UK.

• Contact, financial and transaction data from providers of technical, payment and delivery services.

  • Identity and contact data from data brokers or aggregators.
  • Identity and contact data from publicly available sources.

You have the right to more information on how your personal data is being processed. If you would like more information, you can contact Seccl with the details at the end of this Policy.

How Seccl Use Your Personal Data

Seccl will only use your Personal Data in accordance with the relevant laws, industry regulations and this policy.

Seccl’s primary purpose in collecting this data is to provide you with a bespoke, efficient and safe experience and to provide the services you have requested. Most commonly, Seccl will use your Personal Data in the following circumstances:

• Where Seccl need to perform a contract you are about to enter into or have entered into.

• Where it is necessary for Seccl’s Legitimate Interests (or those of a third party) and your interests and rights do not override those interests.

• Where Seccl need to comply with a legal and/or regulatory obligation.

• Where Seccl have obtained your consent to do so.

Seccl intend to use your Personal Data for the following purposes, all of which constitute Seccl’s legitimate business interests:

• To administer Seccl’s internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

• To comply with professional and regulatory obligations arising from any contracts entered into between you and Seccl and to provide you with the information, products and services that you request from us;

• To ensure Seccl offer safe and secure operating platforms;

• To make routine contact with you as necessary including to share updates to our services and newsletters;

• To measure or understand the effectiveness of relevant advertising provided by Seccl;

• To measure, understand and gain feedback on the effectiveness of Seccl’s services so that Seccl can enhance its ability to consequently improve the services it provides;

• (For job applicants) to review your application for employment;

Seccl will not obtain express consent for processing your Personal Data on every single occasion, although Seccl will request your consent before sending third party direct marketing communications to you via email or text message.

You have the right to erasure (aka: the right to be forgotten) and/or to withdraw consent or object to Seccl using your Personal Data. You are also entitled to ask Seccl to delete, remove or stop using your Personal Data if there is no need for Seccl to retain it e.g. to fulfil Seccl’s regulatory requirement including record keeping obligations. These are addressed in more detail below.

NB: There may be legal or regulatory reasons preventing Seccl complying with your request including the need to keep or use your Personal Data.

You can exercise any of these rights or make the above requests at any time by contacting Seccl as below.

If You Fail to Provide Personal Data

Where Seccl need to collect Personal Data by law, or in order to perform a contract Seccl have with you, and you fail to provide that data when requested, Seccl may not be able to perform the contract or enter into one with you. In this case, Seccl have the right to cancel a product or service you have purchased but you will be notified.

Marketing

Seccl strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising.

Promotional Offers From Seccl

Seccl may use your Personal Data to form a view on what Seccl thinks may be of interest to you. Seccl will use your Personal Data to infer which products, services and/or offers may be relevant for you.

You will receive marketing communications from us if you have requested information from us or opted in to receiving marketing. You can also opt out of such marketing at your own discretion.

Third-Party Marketing

Seccl will obtain your express opt-in consent before Seccl share your Personal Data with any third party for marketing purposes.

Opting Out

You can ask Seccl or third parties to stop sending marketing messages at any time.

Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Change of Purpose

Seccl will only use your Personal Data for the purposes for which Seccl collected it, unless Seccl reasonably consider that it is necessary for it to be used for another reason and that reason is compatible with the original purpose or Legitimate Interest. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact Seccl as below.

If Seccl need to use your Personal Data for an unrelated purpose, you will be notified and Seccl will explain the legal basis which permits this.

Please note that Seccl may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Your Legal Rights

You have the right under data protection laws to request access of your Personal Data held by Seccl. Your rights are as follow:

• Request access to your Personal Data;
• Request correction of your Personal Data;
• Request erasure of your Personal Data;
• Object to processing of your Personal Data;
• Request restriction of processing your Personal Data;
• Request transfer of your Personal Data; and
• Right to withdraw consent.

Data Subject Access Request.

This entitles you to receive a copy of the Personal Data that Seccl hold about you and to check that Seccl are lawfully processing it. To contact Seccl for these purposes and any of the purposes laid out below, contact Seccl through the details provided at the end of this policy under the ‘Contact Details’ section.

Request A Correction

This entitles you to request that Seccl correct any incomplete or inaccurate Personal Data that Seccl holds about you. Seccl may need to take necessary and reasonable steps to verify the accuracy and authenticity of the new data you intend to provide.

Request Erasure

This entitles you to request that Seccl erase your Personal Data. You can request that Seccl erase or remove Personal Data where there is no good reason for Seccl to continue to possess or process it. You also have the right to ask Seccl to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where Seccl may have processed your information unlawfully or where Seccl are required to erase your Personal Data to comply with law.

Seccl may not always be able to comply with your request of erasure for specific legal reasons which you will be notified of, if applicable, at the time of your request.

Object to Processing

This entitles you to request that Seccl cease processing your Personal Data where Seccl are relying on a Legitimate Interest (or those of a third party). You can object to Seccl processing your Personal Data on this ground if you feel it impacts your rights and freedoms.

You also have the right to object where Seccl are processing your Personal Data for direct marketing purposes. In some cases, Seccl may demonstrate a compelling Legitimate Interest or ground to process your information which overrides your rights and freedoms.

Request Restriction of Processing

This entitles you to request that Seccl suspend the processing of your Personal Data in the following scenarios:

• If you want Seccl to establish the data’s accuracy;
• Where Seccl’s use of the data is unlawful but you do not want it erased;
• Where you would like Seccl to continue to hold the data even if there is no longer a requirement for it as you need it to establish, exercise or defend legal claims.
• Where you have objected to Seccl’s use of your Personal Data but Seccl still need to verify whether there are overriding legitimate grounds to use it.

Request Transfer

This entitles you to request that Seccl transfer your Personal Data to you or to a third party. Seccl will provide you, or your nominated third party, your Personal Data in a structured, commonly used, machine-readable format.

This right only applies to automated information which you initially provided consent for Seccl to use or where Seccl used the information to perform a contract with you.

Withdraw Consent at Any Time

This entitles you to withdraw consent for the use, retention, processing and sharing of your Personal Data where Seccl are relying on that consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, Seccl may not be able to provide certain products or services to you. You will be advised if and when this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact Seccl as below.

Disclosures of Your Personal Data

Seccl may share any of your Personal Data with the following parties for the purposes set out above.

• Internal Third Parties.
• External Third Parties.
• Third parties to whom Seccl may choose to sell, transfer or merge parts of the business or assets. Alternatively, Seccl may seek to acquire other businesses or merge with them. If a change happens to the business, then the new owners may use your Personal Data in the same way as set out in this privacy policy.

Internal third parties and external third parties are defined below, under the ‘Third parties’ heading.

Seccl require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. Seccl do not allow third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with Legitimate Interests.

Your personal data may be shared and processed by (internal or external) parties situated both inside and outside the UK.

International Transfers

Whenever Seccl transfer your Personal Data out of the UK, Seccl aim to take appropriate measures to ensure that your data is given an equivalent level of protection to that afforded to it by data protection legislation within the UK.

This transfer may occur under the one of the following safeguarding mechanisms:

• An adequacy decision has been made by UK authorities which confirms that the recipient country has an adequate level of data protection. Countries within the EEA fall under this category;

• Standard Contractual Clauses (SCCs) approved by UK authorities have been signed by the recipient of your personal data. These provide your personal data similar levels of protection offered by UK legislation;

• Ad-hoc contractual clauses which afford your personal data the same protection afforded to it within the UK have been signed by the recipient;

• Or any other transfer safeguard mechanisms approved by UK authorities. This may include new mechanisms introduced following the end of the Brexit transitionary period on the 31st December 2020 – mechanisms that may not exist at the time that this Privacy Policy was written;

Please contact Seccl (contact details provided at the end of this policy) if you would like further information on the specific mechanism used when transferring your Personal Data outside of the UK.

Security

Seccl have in place the appropriate security measures which aim to prevent your Personal Data from being lost (accidentally or otherwise), accessed, altered, disclosed or used in an any unauthorised manner. Seccl strives to limit access to your Personal Data to those employees, agents, contractors and other third parties who have a legitimate business need to know. Seccl aim to ensure that any third party only processes your Personal Data with your instructions and consent and that they too are subject to a duty of confidentiality.

Seccl have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where Seccl are legally required to do so.

Retention and Storage

Seccl will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any accounting, legal, regulatory, reporting or tax requirements. Seccl may retain your Personal Data for a longer period in the event of a complaint or if Seccl reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for Personal Data, Seccl will consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which Seccl process your Personal Data and whether Seccl can achieve those purposes through other means, and the applicable accounting, legal, regulatory, tax or other requirements.

In any circumstances where it is appropriate to do so Seccl will anonymise your Personal Data insofar as you will not be able to be identified from it for research or statistical purposes, in which case Seccl may use this information indefinitely without further notice to you.

Fee

This is no fee applicable to accessing your Personal Data (or to exercise any of the other rights listed above). However, Seccl reserve the right to charge a reasonable fee to cover administrative burden, if your request is clearly excessive, groundless or made more than twice for the same and already provided information. Seccl may refuse to comply with your request entirely in extreme circumstances and is at the discretion of Seccl Data Privacy Manager.

Information Seccl Requires from You

Seccl may from time to time request specific information from you to help Seccl confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights listed herein). This is a routine security measure to ensure that Personal Data is not improperly disclosed to any person who has no right to receive it. Seccl may also contact you to ask you for further information in relation to your request to speed up the response time.

Time Limit to Respond

Seccl will aim to respond to a legitimate request within one (1) month. Occasionally it may take longer than a month depending on the volume of Personal Data Seccl holds, if the request is uncommonly complex or if you have made a number of requests. In this case, Seccl will notify you and keep you updated.

Third Parties

Internal Third Parties

Other companies in the Seccl Group and inclusive IT and system administration services and undertake leadership reporting.

External Third Parties

• Service providers who provide IT and system administration services.
• Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

Third-Party Processing

Seccl may process your Personal Data with a third-party processor however so permitted by law, regulations and this policy.

Third-party processors will only be used in instances where they are required in order for Seccl to performs its legitimate business interests as detailed in ‘How Your Personal Data Is Used’; or in instances where Seccl cannot reasonably be requested to perform the processing itself.

Third-party processors may be used in order to (but not limited to) perform the following functions, which all constitute Seccl’s legitimate interests:

• To handle your data using a CRM (Customer Relationship Management) tool;

• To send you surveys or process feedback;

• To provide web and usage analytics;

Third-Party Links

This website, our products or services may include links or an association to third-party applications, contributors, plug-ins and/or websites. By clicking on those links or enabling those connections may allow third parties to collect or share data about you. Seccl does not control third-party websites and are not responsible for their privacy statements. When you leave Seccl’s website, please ensure you consult and consider the relevant third parties’ privacy policy.

Changes to Seccl’s Privacy Policy / Your Duty to Inform Seccl of Changes.

Seccl aim to keep this privacy policy under regular review in line with legislation and regulatory requirements. This version was last updated January 2021.

It is important that the Personal Data Seccl holds about you is accurate and current. Please keep Seccl informed if your Personal Data changes during your relationship with us.

When you leave the Seccl website, you are encouraged to carefully read the privacy policy of every website you visit.

Contact Details

If you would like to contact Seccl about this privacy policy or Seccl’s privacy practices, please contact our Data Privacy Manager at:

Full name of legal entity: Seccl Technology Limited

Email address: operations@Seccl.tech

Postal address: Seccl, 20 Manvers St, Bath, BA1 1JW.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for any concerns you have over the handling of your Personal Data (www.ico.org.uk). Seccl would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Glossary of terms

Comply with a legal obligation means processing your Personal Data where it is necessary for compliance with legal and regulatory obligations that Seccl are subject to.

Legitimate Interest means the interest of Seccl’s business in conducting and managing the business which enable Seccl to give you the best service/product and the most secure experience. Seccl will consider and balance both the potential positive and negative impacts on you and your rights before processing your Personal Data for Legitimate Interests.

Seccl do not use your Personal Data for activities where Legitimate Interests are overridden by the impact on you (unless Seccl have your consent or are otherwise required or permitted to by law). You can obtain further information about how Seccl assess Legitimate Interests against any potential impact on you in respect of specific activities by contacting us directly as below.

Performance of/Performing a Contract (and any other variation/reference within this meaning) means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps a at your request before entering into such a contract.

Last updated: January 2021