The General Data Protection Regulation (GDPR) due on May 25th 2018 provides new rights to individuals regarding the collection, storage and use of their personal data.
Who is the Data Controller?
Sarim Shami & Co Limited
Data Controller contact details
What is personal data?
Personal data means any information which relates to a living individual who can be identified either directly or indirectly by reference to an identifier such as their name, email address and other personal details.
How we may collect your personal data?
We obtain personal data about you, for example, when:
- you request a proposal from us in respect of the services we provide;
- you OR your employer OR our clients engages us to provide our services and also during the provision of those services;
- you contact us by email, telephone, post or social media (for example when you have a query about our services);
- from third parties and/or publicly available resources (for example, from your employer or from Companies House).
What types of personal date do we collect?
The information we need from you in order that we can provide service to you may include:
- your personal details (such as your name, address, DOB, email address, your contact number);
- details of contact we have had with you in relation to the provision, pr the proposed provision of our services;
- details of any services you have received from us;
- our correspondence and communications with you;
- information from research, surveys, and marketing activities;
- information we receive from other sources, such as publicly available information
New rights under the General Data Protection Regulation
You have some additional rights under the GDPR.
- Access: Data Subject Access Request. You have the right to access the personal information we may hold about you. On receipt of such a request we will endeavour to respond to you as soon as possible, but at least within one calendar month. You must provide us with 2 forms of personal identity to ensure that we only disclose to you information which is relevant to you personally.
- Rectification: You have the right to request that we amend any personal information that may be incorrect or require updating.
- Erasure: You have the right to request that we delete any personal information pertaining to you. Any questions about these rights may be sent to email@example.com
- Data Portability: Under GDPR there is a new right to data portability, primarily designed to make it easier for individuals to switch between service providers. This is unlikely to be relevant to your relationship with Sarim Shami & Co
- The right to restrict or suspend processing: Individuals have a right to ‘block’ or suppress processing of personal data. If you decide to do this, we will continue to store the data, but not further process it until we have agreed a solution to the issue you have raised.
- Data breach reporting. You have the right to be informed of a data breach if there is material damage which might affect you. We have a process in place just in case this unlikely event happens.
How do we use your personal data?
We may use your data in the following ways:
- to provide you with our professional services;
- to manage our professional relationship with you;
- to contact you regarding other services that we think may be of interest to you based on our knowledge of your business and or personal affairs (to the extent that we are lawfully entitled to do so); and
- to send you our newsletter (if we are lawfully entitled to do so).
In order to personalise and improve the quality of our services, when you instruct us to provide personal services we may also ask you about the nature of your business or personal circumstances and how you found us in order that we might gain a clearer understanding of who you are. However, you do not need to provide this information in order for us to provide services to you. We may need to collect further information in order to provide you with products or services that you have asked for such as your e-mail address if this has not already been provided to us.
What are our grounds for lawful processing?
We collect your consent to deliver to you what you have signed up for. You always have a choice of opting out or unsubscribing or by contacting us using the details provided above.
How to stop receiving communications
Sarim Shami & Co will not send marketing communications to individuals who have unsubscribed, opted-out or otherwise asked us to stop direct marketing. Where we collect contact information from you which may be used for marketing purposes, we will let you know how to stop receiving such information if that’s what you prefer.
Surveys or marketing research
We may contact you from time to time to seek your views via a short survey to inform our strategic direction, your thoughts about our work, and other matters. You always have the choice about whether to take part in our research.
Is data processed outside of the UK? – If so how is it protected?
We do not process personal data outside of the UK.
Is data shared with 3rd parties and if so, who?
We do not share personal data with 3rd parties for any purposes unless required to by law.
Disclosure to other organisations, e.g. authorities, data processor
We sometimes disclose personal data to our suppliers in order for them to process personal data on our behalf. When we do so we have a contract in place compliant with the GDPR to ensure the security of any personal data that each processor or sub-processor processes. We are called upon to disclose data on legal and tax issues, where they apply, to the regulatory authorities.
Data security – how we protect your data
We follow appropriate security procedures in the collection, storage and use of your Information so as to prevent unauthorised access by third parties.
We process data at our offices at Kemp House, 160 City Road, London, EC1V 2NX with access restrictions in place and at the sites of our data processors within the UK. Our IT specialist retains our data at a different location equally protected behind the appropriate firewalls and other security devices.
However, unfortunately, the transmission of Information via the Internet is not completely secure. We cannot ensure the security of your Information transmitted by you to us via the internet. Any such transmission is at your own risk and you acknowledge and agree that we shall not be responsible for any unauthorised use, distribution, damage or destruction of your Information, except to the extent we are required to accept such responsibility by the GDPR, The Privacy and Electronic Communications Regulations or the Data Protection Act. Once we have received your Information we will use security procedures and features to prevent unauthorised access to it.
Data Retention Policy
How long we store your personal information depends upon the kind of information that we are holding and the purpose for which we need it. We will keep your personal data for as long as you remain a client of ours, to enable us to contact you, keep a record of your instructions and provide you with our services. Our policy is to retain data only as long as this is necessary to fulfil our obligations to you or to meet our legitimate business interests or legal requirements.
If you unsubscribe or opt-out we may keep your personal data on a suppression list so that we don’t contact you again.
What to do if you have a concern?
Please contact us at firstname.lastname@example.org and we’ll be happy to help you.
The Regulator of GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003, updated 2004 and 2011 is the Information Commissioner’s Office. If you feel you wish to draw the Regulator’s attention to the way and the purposes for which we are processing personal data, you may contact the ICO by clicking here
External links not covered by this policy
Please remember that when you use a link to go from our website to another website or you request a service from a third party, our Policy no longer applies. Your browsing and interaction on any other website or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies. We do not monitor, control, or endorse the Information collection or privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices. This Policy applies solely to Information collected by us through our website or services and does not apply to these third party websites and third party service providers.
Cookies are harmless files which can help improve the experience. Cookies allow websites to respond to you as an individual. The website can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. By accepting cookies, we are able to provide you with a better service and customise your experience with us.
Some cookies used on this website are essential in order to enable you to move around the website and use its features.
Some cookies used on this website collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages.
These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
Some cookies used on this website allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features.
These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Cookies may also be used to improve the user experience and to enable some of the functionality provided by this website.
Please note that some cookies may be placed by third party service providers who perform some of these functions (or other services) for us. Cookies may be used on this website for the following third party services: Google Analytics, LinkedIn Follow button, Facebook Like Button, Twitter Follow button etc. Some of these services may be used to track your behaviour on other websites and we have no control over this.
By continuing to use this website without adjusting your browser’s cookie settings, you agree that we can place these cookies on your device.
As is true with most websites, our server will automatically log data regarding each visit such as your IP address, browser type, referring/exit pages, and operating system. We may use this information to monitor server errors, server administration or to monitor visitor behaviour. It is not possible for this to be disabled on a per-user basis so you must leave this website (and the internet entirely) if you do not agree to this happening.