-
Our Services
-
Our Resources
-
Our Story
Featured
Armed Forces Covenant
Read more
Search
This privacy notice is provided in a layered format so you can click through to the specific areas set out below.
Purpose of this privacy notice
This privacy notice explains how Sureserve collects and processes your personal data through your contact with us, including your use of this website and any data you may provide through this website, for example when you sign up to our news announcements or
fill out a contact form.
This website is not intended for children, and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using
your data. This privacy notice supplements the other notices and is not intended to override them.
Controller
Sureserve is the controller and responsible for your personal data (collectively referred to as Sureserve, the “Company”, "we", "us" or "our" in this privacy notice). Sureserve is registered as a data controller with the Information Commissioner’s Office (ICO), the UK’s independent supervisory authority for data protection issues. Our ICO registration number is ZA150588.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
Contact details
Further information on our data protection policies and procedures can be obtained from
Norfolk House
13 Southampton Place
London
WC1A 2AJ
Email: SSG.DataProtection@sureserve.co.uk
Sureserve will only collect the personal information we need from you and about you. This information will vary depending on the services we provide or offer to you and on any contractual relationship between you and Sureserve.
We may process different kinds of personal data about you, which are set as follows:
Personal data – This is any information that can be used to identify you, for example your name, address, date of birth, National Insurance number, email and/or postal address. We may also collect technical data such as your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Special category of personal data – This is sensitive personal information, such as your racial or ethnic origin, health information. Sureserve will, however, only collect your sensitive personal information should there be a clear and lawful need for us to do so, such as to assess which services may be relevant to you, to offer appropriate support or for diversity and equal opportunities monitoring.
Criminal record data – Sureserve will collect and use information about any criminal convictions for the purposes of recruitment. This is to prevent fraud, protect information and equipment and to protect the health and safety of our employees and customers.
We use different methods to collect data from and about you, including through:
Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns.
We collect this personal data by using cookies, server logs and other similar technologies.
Please see our cookie policy for further details.
Third parties or publicly available sources. We may obtain information from other individuals or organisations if you have given permission for them to share it with us. This might include central government, local authorities, landlords, health professionals or other organisations on whose behalf Sureserve may deliver a service to you.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email.
You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we use your personal data
A description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so, are set out below. We have also identified what our legitimate interests are where appropriate.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason. This other reason must be compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
Examples of specific purposes for collecting your data include:
Credit Reference and Affordability Checks
To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).
We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.
The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.
Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:
Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may have to share your personal data with third parties for the purposes set out in section 4 above. These include:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Sureserve will never:
Wherever possible we do not transfer your personal data outside the European Economic Area (EEA).
Should a lawful need arise to transfer personal data outside the EEA:
Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us. In some circumstances you can ask us to delete your data: see the right to erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
The Data Protection Act 2018 provides individuals with a number of rights concerning their personal data:
The right to be informed
You have the right to be informed about how Sureserve collects and uses your personal information. This privacy policy forms part of this right and concise and clear privacy notices will also accompany any requests for information that be made to you by us.
The right of access
You have the right to ask to see the personal data we hold about you and ordinarily the right to have us provide you with a copy of this data. A request to see this information is known as a ‘subject access request’ (“SAR”).
SARs need to be made in writing or by email to the Data Protection Officer using the contact details above. Before processing we will seek proof of your identity, or your consent should you use the services of a third party to request your information. If you require specific
information, it is helpful if this is clear in your request, for example, information from a particular time period or about a specific correspondence.
Sureserve will provide the first copy of this information free of charge, but additional copies may be subject to a reasonable fee. This does not mean that we will charge for all subsequent subject access requests.
We will aim to provide you with the information you have asked for within one calendar month. The data provided to you will be a copy of the personal information we hold that relates to you.
The right to rectification
You can as us to correct your personal data if it is inaccurate of incomplete. You can also help us keep our records accurate by informing us of any changes to your details.
The right to erasure
In some circumstances, you have the right to the erasure of your personal data. This may include, for example:
We may not always be able to comply with your request of erasure for specific legal reasons but we will notify you of any reason, if applicable, at the time of your request.
The right to object
You have an absolute right to object to our processing of your personal data for marketing purposes.
You can also object where we are relying on one of the following lawful bases:
Any objection must give specific reasons why you are objecting to the processing of your data and these should be based upon your particular situation.
In these circumstances this is not an absolute right, and Sureserve may continue processing if:
The right to restrict processing
In some circumstances, you may ask us to suspend the processing of your personal data. This includes:
Where processing has been restricted on this basis, we may continue to store your data but observe the restrictions on processing unless
The right to data portability
Where you request, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
This right only applies to information that you provided to Sureserve as a data controller.
Rights in relation to automated decision making and profiling
You have the right to challenge the validity of any decisions made through automated decision making (decisions made without any human input). You may also ask us not to process your information in this way.
Sureserve does not currently undertake any automated decision making or profiling.
If you wish to exercise any of the rights set out above, please contact us.
If you have concerns about how we collect, use, store or otherwise process your personal data, you have the right to make a data protection complaint directly to us. You can do this by contacting us using the details provided in this Privacy Notice. We will acknowledge receipt of your complaint and investigate it in accordance with applicable data protection laws. We encourage you to contact us first so that we have an opportunity to address your concerns.
To understand more about what a data protection complaint is or isn’t, please view the following link to the ICO website that will provide further details: What are data protection complaints? | ICO
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters, if you believe that we have not handled your personal data in accordance with data protection law. Further information about making a complaint to the ICO can be found on the ICO's website. www.ico.org.uk