The purpose of this privacy statement is to explain how Sabre MS processes all personal data to fulfil its data protection responsibilities. This statement will be supplemented by ‘specific to client’ privacy notices when needed.
The scope of this statement covers all related activities by the staff and associates/ consultants of Sabre MS referred to as SMS hereafter.
The role of SMS in data protection terms is that of a data controller where it determines the purpose and use of personal data collected. Once received it becomes the responsibility of the SMS privacy officer (PO), supported by an external DPO, to ensure that it is processed in accordance with the latest UK data protection legislation. The PO & the DPO can be contacted by email using email@example.com.
The sort of personal data processed by SMS will only be basic contact information for the purposes of networking, business development, preparing contracts and setting up invoices. Banking details will also be collected for the purpose of paying creditors.
SMS’ duty of confidentiality means that SMS staff will treat your personal data with due respect and in confidence. It is only disclosed to those that need to know it. SMS expects the same duty of confidentiality of all third parties with whom it shares your personal data.
Ordinarily SMS does not process your personal data outside the UK but if it necessary, SMS will take the appropriate measures to ensure it is done lawfully and securely.
SMS will always process personal data lawfully and in such instances as described below:
In all cases the processing of personal data by SMS shall be done in accordance with the principles of UK data protection law.
SMS will share personal data with some or all of the following third parties:
SMS uses reasonable organisational and technical measures to ensure personal data is kept secure in line with its internal information security policy. When appropriate, SMS uses encryption to secure data. Other than mobile phone contact data, all personal data in automated form is processed and backed up using an HM Government accredited supplier. Further details can be found under the ‘SERVER SECURITY’ section on the homepage of our website.
SMS follows a retention schedule to determine the length of time it holds different types of personal data. The retention schedule is shown below:
At the end of the retention schedule SMS will either return, destroy or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, it will put it beyond operational use. It should be noted that SMS allows up to 3 months after the retention schedule to complete the action.
SMS websites may link to websites for your interest. If used, you should be aware that SMS has no responsibility for the processing of personal data by these websites.
The UK General Data Protection Regulation defines the rights that you have (although these do not apply in all situations), For convenience, these rights are shown below:
Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.
Raising concerns, exercising rights or making queries about our processing of your personal data can be done by contacting the SMS PO or the DPO using the contact address provided above. Please be aware that we will need to be sure of your identity before responding fully. For that reason, you may be asked for proof of ID or other material that, in context, will enable us to verify your identity. Alternatively, you may wish to contact the ICO directly.