Call us on 03450 21 21 51

SRM Solutions
Privacy Policy

Privacy Policy

Security Risk Management Ltd (SRM) take the privacy of your data seriously and understand our obligations to ensure it is handled and managed in a secure and legal manner. This Privacy Policy explains how we use any personal information we collect about you. SRM are the Data Controller for the personal data we collect and process for our clients (and their employees), potential clients and new employees. We are the Data Processor for the services we provide to our clients.

What is this Privacy Policy for?

This Privacy Policy relates to all personal data processed by SRM, and governs the way privacy is handled to ensure that SRM operate within the law. This Privacy Policy details the areas where user privacy is relative and outlines the obligations & requirements of SRM, its users, the website and website owners. Furthermore, the way SRM processes, stores and protects user data and information is also detailed within this policy.

Additional Information:


Data Processing

Type Information Processed Purpose Legal Basis for Processing Data Retention
Website Users We collect information about you on specific pages that provide registration to watch a webinar or This information includes: • Name • Email address • Contact number This allows us to inform you of any potential updates to such services that SRM provide.Website usage information is collected using cookies. Sales contacts may be sourced from publicly available social media sources. f) LEGITIMATE INTERESTS – processing is necessary under the Legitimate Interests of the Controller or Third Party, unless these interests are overridden by the individual’s interests or fundamental rights. 3 years
Client Contracts We collect information about you to facilitate contact and communications associated with the provisioned service/s.This information includes: • Name • Company Address • Email address • Contact number This allows us to provide appropriate communications in conjunction with the contractual obligations for the service provisioned and its delivery. b) CONTRACTUAL – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for the Controller to take pre-contractual steps at the request of the individual. 3 years
Potential Customers We collect information about you to facilitate contact and communications associated with the request made. This information includes: • Name • Company Address • Email address • Contact number • Business Type This allows us to obtain an understanding of the requirements and potential scope of work to allow the development of an appropriate service work assessment and ‘quote’ to undertake such work. b) CONTRACTUAL – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for the Controller to take pre-contractual steps at the request of the individual. 3 years
Potential Employees We collect information about you to facilitate initial assessment of candidate suitability for role. This information includes: • Name • Address • Email address • Contact number • Previous/current experience • Qualifications This allows us to facilitate assessing experience, qualifications and potential suitability to fulfil an advertised or future job roles. b) CONTRACTUAL – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for the Controller to take pre-contractual steps at the request of the individual. 6 months of decision

How will we use the information about you?

If you no longer wish to be contacted in relation to the services we provide, please download the SRM Data Subject Rights Request Application Form and complete this document. Please then send it to Alternatively once completed, send to SRM at the address detailed at the end of this notice.


Your Rights

The Right to be Informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This has been provided within this Privacy Policy and any related communications we may send you.

The Right of Access

You may request a copy of the personal data we hold about you free of charge. Once validation and verification of your identity has been conducted and where necessary the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information: a) The purposes of the processing b) The categories of personal data concerned c) The recipients to whom the personal data has been disclosed d) The retention period or envisioned retention period for that personal data e) When personal data has been collected from a third party, the source of the personal data However, if there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If such a request is deemed to be non-serious or irritating, SRM reserve the right to refuse them. If responding to such a request is likely to require additional time and effort or incurs unreasonable costs (which you may have to meet), we will inform you.

The Right to Rectification

When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

The Right to Erasure (the ‘right to be forgotten’)

The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:

  • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
  • When the individual withdraws consent.
  • When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
  • The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
  • The personal data may be erased in order to comply with a legal obligation.

The Right to Restrict Processing

You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing: a. The accuracy of the personal data is contested b. Processing of the personal data is unlawful c. We no longer need the personal data for processing but the personal data is required for part of a legal process d. The right to object has been exercised and processing is restricted pending a decision on the status of the processing

The Right to Data Portability

This allows individuals to obtain and reuse their personal data to be transferred to another controller or processor. This allows the movement, copying or transferring personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This must provide the personal data in a structured, commonly used and machine-readable form. This can be transmitted directly from one controller to another, where technically feasible.

The Right to Object

You have the right to object to our processing of your data where:

  • Processing is based on legitimate interest;
  • Processing is for the purpose of direct marketing;
  • Processing is for the purposes of scientific or historic research;
  • Processing involves automated decision-making and profiling.


Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour Information. This information is used to track visitor use of the website and to compile statistical reports on website activity For further information visit: or or Your browser can be set to not accept cookies and the above website/s provide details of how cookies can be removed. However, be mindful that such removal may impact the website and some features may not function as expected.


Other websites

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites, please ensure you have familiarised yourself with their privacy policies.


Social Media Platforms

Communication, engagement and actions taken through external social media platforms that the SRM website and SRM participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively. Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email. The SRM website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.


Shortened Links in Social Media

The SRM website and SRM through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URLs (web addresses). Users are advised to take caution and good judgement before clicking any shortened URLs published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URLs are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.


Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 30th May 2018.


How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you: By email: Or write to us at: Data Protection Team, Security Risk Management Ltd (SRM) Grainger Suite Dobson House Gosforth Newcastle upon Tyne NE3 3PF