SIMOC UK Privacy Notice

SIMOC UK Privacy Notice – Introduction

SIMOC UK Limited is a private company incorporated and registered in England with company number 15054492, 6 Stratford Drive, Wootton, Northampton, England, NN4 6JT based at Hub 8, UNIT H2, The Brewery Quarter, High St, Cheltenham GL50 3FF (referred to as “SIMOC”, “we”, “us”, or “our” in this Privacy Notice). SIMOC is committed to respecting the privacy of everyone about whom we process personal data.

We process personal data about individuals (“you”, “your”) who:

• request details of our services;
• work at or are otherwise engaged by an organisation that has enrolled with us to participate in any of our Cyber Security development programmes and be kept informed;
• are journalists or stakeholders whom we communicate with;
• use our website (or related microsites); or

We do not process any personal data belonging to customers of SIMOC UK enabled services.

This Privacy Notice explains how we use your personal data. It may be amended from time to time so please check back on a regular basis.

We collect and store (and may share) the information detailed below and are responsible for how it is used. If you have a question in relation to your personal data processed by us, then please email anthony@simoc.co.uk.

Lawful Bases

We process your data on the following lawful bases:

• where it is necessary for us to perform a contract we have with you or a third party;
• because you or a third party asked us to take specific steps before entering into a contract;
• because the processing is necessary for us to comply with our legal or regulatory obligations;
• where the processing is necessary for our legitimate interests or the legitimate interests of a third party.

Some of these bases will overlap and there may be several bases that justify use of your personal data.  We may also process your data based on your consent where you have requested us to keep you informed about our work or activities and you can withdraw your consent at any time by contacting anthony@simoc.co.uk.  We review the bases for our processing decisions carefully and you can object to these activities at any time (see the “Your Rights” section of this Privacy Notice).

Retention Periods

We have a data retention policy that ensures we don’t use or store your personal data for longer than necessary. We consider the following areas determining retention periods: guidance from the Information Commissioner’s Office and industry best practice; the use(s) of the personal data; the business rationale for collection and expiry of the purpose for which personal data was collected; our ongoing ability to ensure the accuracy of the personal data; and our legal and regulatory requirements.

What Personal Data We Collect & Why

Browsing our website or downloading any OB publication:

If you browse our website (www.simoc.co.uk) or any related microsites without registering or logging in, your IP address is collected and stored for 26  months to compile statistical analysis of the pages of the Site(s) you visit and to help us develop our business, products, services and Site(s).

If you download a publication from our website such as a report you may be asked to voluntarily provide your name, your place of work or company, your email address and the country you are downloading the publication from.  Where provided, we will use this information in our legitimate interests to create a record in our database, inform us of the country our publication is being downloaded to and if it is downloaded by someone from a type of organisation involved in our ecosystem.  This is so we can identify which publications are of more interest, how well we are reaching our stakeholders and others interested in our work and activities and whether events we may be participating in around the time of the download appear successful in raising awareness of our publications.  Any analysis or information created for such purposes will be anonymised and your personal data provided for such purposes will be purged within one month unless you are already recorded in our database for any other purpose set out in this notice.

Keeping you informed about SIMOC

You have the option of asking to be kept informed about SIMOC’s activities (including marketing) by registering via our website or by providing your contact details to our staff. When you do this, we will send you updates about SIMOC UK and news about cyber security related activities which we think may be of interest to you. We will use this information to send you news and updates or invitations to participate in our activities, unless you ask us not to.

Additionally, we use your information:

• to compile analysis of the pages of the Site(s) which you visit;
• to help us develop our business, products, services and Site(s); and
• for internal administration and/or analysis.

The use of this information is necessary to support the legitimate interests of SIMOC in developing the SIMOC UK ecosystem.

SIMOC UK Services

We also use your information to:

• administer any services we provide to you, your employer or company;
• deal with technical queries raised by Participants across the SIMOC UK ecosystem;
• consider any applications or requests for information made by you; and
• comply with any legal or regulatory obligations.

Additionally, we will collect the name, job title, email address and phone number of any technical contacts who raise a ticket via the SIMOC UK Service Desk.

We may also collect the following information every time you use SIMOC UK services:

• user name;
• date and time of each successful login and unsuccessful login attempt;
• the IP addresses and protocols used to communicate with the Directory;
• technical information such as information about the browser or identity of the system used to access the Directory;
• technical information about the device used for two factor authentication which may include phone number, device ID and any other technical information used to authenticate a login; and
• details of all activities performed while logged in.

The use of this information is necessary to support the legitimate interests of SIMOC to protect the operations, security and integrity of SIMOC UK services and for help in troubleshooting problems.

This information may be retained for up to six years as it may be required to establish, exercise or defend legal claims.

Participation in SIMOC UK Working Groups and Consultative Forums

If you participate in any SIMOC UK working groups, consultative forums (or similar), your personal details, typically your name, job title and the organisation you represent, may appear in agendas, minutes and reports. SIMOC processes this data in accordance with its legal obligations. Meetings requiring minuting or other record keeping are typically recorded (through transcripts and/or audio recordings) in accordance with SIMOC’s legitimate interests.

Cyber Fraud Information Exchange

If you register on the SIMOC UK Cyber Fraud Information Exchange (the “Information Exchange”), we will collect your name and email address as part of the registration. This information will also be used by SIMOC to communicate with you about your participation in the Information Exchange and to support collaboration with the SIMOC UK ecosystem.

This data will also be processed if you use associated tools available on the Information Exchange.

Journalists and Stakeholders

One of SIMOC’s core missions is to explain how SIMOC UK works and our role in the payments and FinTech ecosystem. To facilitate this, SIMOC maintains contact information (name, email address, phone numbers) of journalists and stakeholders. Generally we have this information because you have given it to us. If you’d like us to stop talking to you about SIMOC, then please let your contact know or alternatively email anthony@SIMOC.co.uk and we’ll make sure this happens.

Sharing Your Information

We use a number of other companies to help us provide SIMOC UK services. These third parties act on our instructions and carry out services on our behalf – they are processors.

Where it is strictly necessary and / or to meet our legal obligations, we may share your information with other third parties such as:

• our professional advisers and external auditors;
• forensic investigators;
• law enforcement authorities or regulators or where required by court order;
• other Directory participants and/or the Competition and Markets Authority (if applicable); and/or

Data Export

We shall not export your data outside the UK.

Your Rights

You have rights under data protection laws in relation to your personal data. In particular, you may have rights to:

• request access to your personal data – this enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
• request correction of the personal data that we hold about you;
• request erasure of your personal data – this enables you to ask us to remove personal data in order to comply with local law, or where there is no good reason for us continuing to process it or you have successfully exercised your right to object to processing or we may have processed your information unlawfully;
• object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel the processing impacts on your fundamental rights and freedoms;
• request that we cease sending you marketing materials;
• request restriction of processing of your personal data – this enables you to ask us to suspend the processing of your personal data in certain circumstances;
• request the transfer of your personal data to you or to a third party – this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
• withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of your above rights, or if you have any questions or concerns about our Privacy Notice or personal data we hold about you please contact anthony@SIMOC.co.uk

You also have the right to complain to the Information Commissioner’s Office. You can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/, call its helpline on +44 (0)303 123 1113, or in writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

You also have the right to seek a judicial remedy.