Home » Gdpr Commitment Statement

SIRUSS Ltd is committed to protecting all its clients, suppliers and team members by maintaining best practice data protection processes in line with all UK and EU law including GDPR.

SIRUSS is engaged in selling services to companies, businesses and organisations only (B2B). All marketing activity is directed at these companies, businesses and organisations.

In the legitimate pursuit of this business SIRUSS may hold data on individuals working in these organisations. This data is limited to name, job title, organisation email address and telephone numbers. We do not hold personal data such as home addresses, any personal credit card or bank details or any data as listed under Article 9 of GDPR.

SIRUSS has undertaken a review of its data protection policy and implemented the following:

  • Reviewed what data we hold

  • Performed data cleansing – this involved deleting duplicate and redundant data

  • Identified how data we hold was/is collected

  • Reviewed how we communicate that this data is only used for the legitimate pursuit of business to business activity

  • Reviewed our processes for responding to requests to delete, amend or restrict data

  • Reviewed our processes for providing access to data when legitimate requests are made

  • Reviewed our legitimate use of data for business to business activity

  • Reviewed our consent mechanism. SIRUSS has interpreted that the GDPR consent guidelines do not wholly apply to B2B activity and that our Unsubscribe policy meets best practice and legislative guidelines.

  • Reviewed our security and ability to prevent, detect and report data breaches in line with GDPR and ISO27001

  • Reviewed the need for a Data Protection Impact Assessment

  • Appointed a Data Protection Office

  • Reviewed and updated our Cookies and Privacy Policy

Third Party Software Providers & Data Handlers

Below is a list of software we use to process business and personal data to allow us to carry out normal business activities in relation to services we provide to you – or in the case of suppliers, services which you supply to us.

As the providers of the software to us are third party providers, we have complied this list to illustrate to you how and where your data is stored, for what purpose it is retained, to illustrate the type of data we hold in each software and to provide a link to the provider’s privacy policy.

All our third party software is carefully selected with both operational functionality and security/confidentiality as equal priorities. We have reviewed the privacy policies of each supplier and at the time of writing we are confident that they are working strongly toward GDPR compliance and have provided as secure a software as possible.

Where data is stored in the US, we have ensured that the third party supplier fully complies with the EU-US. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

To learn more about the Privacy Shield program, and to view the certification of the suppliers listed below, where relevant, please visit https://www.privacyshield.gov.

Insightly

We use Insightly as our Customer Relationship Management (CRM) software. We hold data about your company and individuals within your company to enable us to make contact and perform development or SEO services on your behalf.

The information we hold in regards to your company and employees may include the following:

  • Your general company details including company name, addresses and general telephone numbers.

  • Details of individuals within your organisation who we identify as our point of contact. Details including name, email address, position and direct telephone number.

  • Website username & login details for website administration purposes.

  • Login details for 3rd party service supplier related to integrations in your website, for example; MailChimp or Google Analytics.

  • Meeting notes and notes regarding development or SEO/Digital Marketing work we provide to you.

Insightly’s privacy policy can be viewed at https://www.insightly.com/privacy-policy

Teamwork PM

We use Teamwork PM as our project management software. We hold data about your company and individuals within your company to enable us keep you updated on the progress of a web development project.

The information we hold in regard to your company and employees may include the following:

  • Company name

  • Details of individuals within your organisation who have been identified by your company as being involved in the progress of the project. These details will include the individual’s name and email address.

  • Project documentation and agreements specific to an individual project.

Teamwork PM’s privacy policy can be viewed at https://www.teamwork.com/privacypolicy

Intuit QuickBooks

We use QuickBooks as our accounting software. We hold data about your company and individuals within your company to enable us to manage your financial accounts with Siruss, this includes issue invoices, credits and estimates for work that have been requested by your company for us to supply.

The information we hold in regard to your company and employees may include the following:

  • Company details, including; company name, address, general telephone and registration and VAT numbers.

  • Details of individuals within your organisation who we have been allocated by your company as being the point of contact for accounts. This information may include; individual names, direct telephone line, email address and position in the company.

  • We store records of all financial transactions between us and your company. These are stored digitally within the software and are not stored as hard-copy. These are store for general accounting purposes for our financial records.

Intuit QuickBooks’s privacy policy can be viewed at https://quickbooks.intuit.com/uk/privacy-policy/

Google Drive

We use ‘G Suite’ Business for all our file and correspondence activities. Part of ‘G Suite’ Business is Google Drive; we use Google Drive for storage of documentation relative to any service we may provide to you.

The information we hold that may contain references to your company or employees may include the following:

  • Project documentation

  • Documentation you have sent to us in relation to a service we are providing to you

  • Digital documentation that you have sent to us in relation to services we are providing to you

  • Digitised copies of hard copy documentation that you have sent to us in relation to services we are providing to you

Google’s privacy policy can be viewed at https://policies.google.com/privacy

Gmail

We use ‘G Suite’ Business for all our file and correspondence activities. Part of ‘G Suite’ Business is Gmail. We use Gmail as our email provider, we may store, within Gmail, emails that contain references to your company or its employees.

All emails stored in Gmail are in relation to general business activities and conversation relative to services we provide to you.

We may also store contact details for your employees, if the employee has corresponded with a member of our team. This may include, the individual’s name, email address and telephone number. This information is stored in a contacts address book.

Google’s privacy policy can be viewed at https://policies.google.com/privacy

Siruss – Stored Data Access

During our normal working operations, Siruss staff members will be required to have access to our third party software to perform business functions in relation to providing a service to you or to request a service from you, if you are a supplier.

Siruss developers, marketers and general management have access to only the following third party software:

  • Insightly

  • Teamwork PM

  • Google Drive

  • Gmail

This access is via individual username/password combinations with a restriction imposed on the minimum length of password of 8 characters.

Siruss staff are required to change their passwords every 26 weeks.

Where portions or segments of the software need to be separated to protect what we would class as sensitive data*, access restrictions can be applied within the software to restrict access to senior management, accounts staff and directors of the company.

* We class sensitive data as data that is only relevant to senior management, accounts staff and directors of the company. This data is not required by developers, marketers and general management to be able to perform their daily duties in relation to any service we provide to you, or any service we request from you, if you are a supplier.

Siruss do not store any sensitive data as identified in Article 9 of GDPR, these types of data are - genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

Former employees of Siruss do not have access to any data we have stored. All access for former employees is removed immediately on termination or cessation of their employment.

Siruss – Employee Personal Data

We keep personal data relevant to the employment of the individual that allows the employment process.

Article 9 of GDPR defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.

In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.

  • We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.

  • We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.

  • Data about an employee’s criminal convictions will be held as necessary.

  • In order to fulfil our statutory responsibilities as an employer, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.

If you enjoyed this post, please share

We'd Love To Hear From You

Please tick to confirm you have read our privacy policy. We want to make sure you fully understand why we collect your contact details and how they will be used and stored.