our policy
Privacy policy
This Policy sets out the obligations of SC Strategy Limited (we/us/our) regarding data protection and the rights of customers, business contacts etc (“data subjects”) in respect of their personal information under EU General Data Protection Regulation 2016/679 (“GDPR”) together with all other applicable legislation relating to privacy or data protection. It explains who we are, why and how we process personal information, your rights and how you can contact us if you wish to do so. This policy sets out:
- The type of personal information we collect
- How we collect the personal information and why we have it
- How we store your information
- Your data protection rights
- Changes to this policy
- How to contact us
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name, and contact details);
- Information we obtain from instructions from our clients;
- Information gathered during communications with you;
- Personal data from third parties and publicly available records such as social media, media reports, corporate records, and other publicly available databases;
How we collection personal information and why we have it
We may process personal information about you for various business purposes. Examples of type of uses of information we may process include:
- To enter into a contractual agreement with you;
- To provide our services to you;
- For conflict checks;
- To administrate and manage our relationship with you;
- To process billing enquiries and payments;
- To comply with any requirement of applicable laws or regulations.
- Your usage of our website;
We also receive personal information indirectly, from the following sources in the following scenarios:
- From third parties who we work closely with including, for example, subcontractors, business partners and open source research providers.
We may share this information with:
- Appropriate third parties for the performance of any contract we enter into with you or other dealings we have in the normal course of business;
- Our auditors, legal advisors, professional advisors or service providers;
- UK and overseas regulators, courts and authorities in connection with their duties (such as crime prevention);
- Third parties who support or provide services to us and who are subject to appropriate confidentiality terms, to obtain and verify reliable information about persons of interest.
- Any other person or organisation after a restructure, sale or acquisition.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Your consent. You are able to remove your consent at any time. You can do this by using the contact form below.
- We have a contractual obligation.
- We have a legal obligation.
- We need it to perform a public task.
- We have a legitimate interest.
How we store your personal information
We ensure that fully secure measures are taken with respect to storage of personal data and all communications and other transfers involving personal data. We monitor regularly, through human and electronic means for possible vulnerabilities and attacks. Security is supported by a variety of confidential processes and procedures, and we store information in access-controlled premises or electronic databases requiring multifactor authentication. All employees, officers or contractors of the Company and third-party providers with access to confidential information are subject to access controls and confidentiality obligations, and we require our third-party data storage providers to comply with appropriate information security industry standards.
We retain personal data provided to us by you as is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. Administrative data provided to us by you will be retained for the length of our engagement with you and a further 5 years thereafter to identify any issues and resolve and legal issues. When personal data collected and processed to allow us to deliver our services to clients, it is retained for the minimum period necessary. All reasonable steps will be taken to erase or otherwise dispose of data no longer required. This may include automatic mechanisms to enforce data retention policies.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access* – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.