Privacy Policy

Privacy Policy

TheSMA is committed to protecting and respecting your privacy. This privacy policy outlines what personal data we process, why we hold it, and what your rights are. This policy will be updated from time to time and can be accessed from our website, www.thesma.co.uk.

For more information regarding the General Data Protection Regulation (GDPR), which is enforced from 25 May please visit here. Additional information regarding your rights can be found at the Information Commissioner’s Office here.

What data do we process? 

The type of data we process, which varies depending on the type of relationship we have with you, can include: 

Personal and contact details: Title, name, contact details, address

Date of birth and gender

Nationality and citizenship

Employment: Position, employer, work history

Communications: Records of communications with TheSMA employees

Marketing: Engagement with marketing campaigns

Financial: Transaction history, invoices

Why do we hold data?

There will be multiple reasons why we need to process your data. Examples include:

  • Providing services through direct contractual engagement
  • Providing services on behalf of a contracted business partner
  • Sending marketing information which you have chosen to receive via a clear opt-in
  • To develop relationships with existing or previous clients
  • Contacting you about changes to services
  • To comply with legal and regulatory obligations.

What is the legal basis for processing data? 

Under GDPR there are six lawful reasons for processing data. These are consent, performance of a contract, legal obligation, to protect vital interests, public interest, and legitimate interest. All of the data that TheSMA processes falls within these definitions. Careful consideration is given to each piece of data that we process in order to justify why we are holding it, and what is the legal basis for us to hold it.

Do we share data? 

In some circumstances, we are required to share data with contracted partners in order to provide services. This could include circumstances where you have provided your data to one of our business partners, who subsequently transfer the data to us so that we can fulfil our contractual obligations. We also use third parties in order to fulfil some business functions, such as marketing or access to our web-based services. Whenever data is transferred, either to us or from us, we take steps to ensure both the integrity and the security of that data.

How long do we hold data?

We hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
  • For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
  • Retention periods in line with legal and regulatory requirements or guidance.

What are your rights?

Under GDPR your rights are as follows:

  • The right to be informed about the processing of your personal information
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • The right to object to the processing of your personal information
  • The right to restrict processing of your personal information
  • The right to have your personal information erased (the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it
  • The right to move, copy or transfer your personal information (“data portability”)
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

Contacting Us

If you want to contact us about the data we hold on you, correct data, or to request that data be removed, please contact us at enquiries@thesma.co.uk.

Alternatively, you can write to us at: TheSMA, The Barn, Goring Heath, Reading, RG8 7RH, UK.