S-RM is committed to protecting and respecting your privacy. We comply with the applicable data privacy and security requirements in the countries in which we operate.
S-RM Intelligence and Risk Consulting Limited (company number 05408866) whose registered office is at 4th Floor, Beaufort House, 15 St. Botolph’s Street, London, EC3A 7DT is responsible for this website. The found here.group is made up of different legal entities globally, details of which can be
Where we process Website Data and Client Data (as described below), S-RM, or the relevant group company, is the data controller. Where we process Client Services Data, S-RM may act as a controller or a processor depending on our client instructions (as explained in more detail below).
We collect the following types of Personal Data (as defined under the UK General Data Protection Regulation ("GDPR")) as part of our business operations:
We collect the following Personal Data directly from clients and prospective clients to enable us, and our group companies, to provide you or our clients with the requested services:
We may also collect and process the following additional Personal Data about you:
Where we provide you with our services, the collection of your Personal Data is a requirement for the performance of a contract between you and us, namely to enable us to provide to you the services you have requested. Where we provide our services to clients, we process your Personal Data for our and our clients' legitimate business interests in order to provide them with the requested services. You are not under an obligation to provide us with any of your Personal Data. However, this might result in us being unable to provide you with the requested services.
We may also use your Personal Data for the following purposes:
In some circumstances, such as where we are legally required, we may seek your consent to process your Personal Data in which case we will ensure that our request for such consent is clear and transparent.
We use Website Data in the following ways where it is necessary for our legitimate interests:
Where applicable, we use Website Data to perform our obligations arising from any contracts entered into between you and us. We may also seek your consent for certain uses of your personal data, e.g. to register you for any requested subscriptions to newsletters and other communications.
We do not sell or disseminate Website Data to third parties or provide host mailing on behalf of third parties. We do enter Website Data into our contacts database, and we maintain it there, unless you ask us to remove it. You may ask us to remove your Personal Data from our database at any time by emailing us at firstname.lastname@example.org.
We will never sell your Personal Data and will only ever share it with organisations we work with where necessary and where we have taken steps to ensure its privacy and security.
For any enquiries to the website about possible employment with S-RM, we process personal data in line with our Employee Data Processing Notice (available on request).
S-RM provides cyber security, corporate intelligence (including strategic intelligence, regulatory and compliance due diligence, disputes and investigations and litigation support services) and crisis response services to clients (including both corporates and individuals). As part of providing these services, our clients may require us to collect information on individuals. Personal Data may be provided to us by our client or by you or collected from public records such as corporate registries, court filings and media reports as well as from human sources. Depending on the nature of the client engagement and the nature of the processing and the extent of control and decision making we have in respect of the data, S-RM may act as a data controller or as a data processor on behalf of its client.
Where acting as a data controller, we take steps to establish a lawful basis of processing. Our lawful basis is typically that the processing is necessary for our legitimate interests of providing professional services to our clients to assist them in fulfilling their legal, regulatory or compliance obligations, to gain insights into businesses, industries and markets or to support other legitimate business interests of our client. We have carried out assessments of our legitimate interests and weighed these against the interests, fundamental rights and freedoms of the individuals whose personal data we process.
Client Services Data may include:
How we use Client Services Data
We use Client Services Data to:
S-RM typically retains Personal Data only for as long as necessary for the purpose for which it is collected. In the case of Client Data and Website Data, this is usually for the duration of the client relationship. For Client Services Data, we typically retain Personal Data for the duration of the relevant client engagement pursuant to which the data was collected. However, in all cases, we retain certain records for longer periods in order to comply with legal or regulatory obligations or to defend ourselves against legal claims.
S-RM typically stores Personal Data on servers hosted in the UK. We may transfer your Personal Data to our group companies and third-party suppliers and service providers, as well as our clients on whose instructions we may act, both in and outside the UK and the European Economic Area (“EEA”) including to the US. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with the relevant data protection requirements and that the transfers of Personal Data are subject to appropriate safeguards including, where applicable, reliance on an adequacy decision by the UK or European Commission, or, in the case of absence thereof, the use of relevant contractual safeguards such as Standard Contractual Clauses approved by the European Commission or the Information Commissioner’s Office.
S-RM has in place industry standard technical and organizational security measures in order to keep your Personal Data safe and to prevent against unauthorised access, use or disclosure.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling Personal Data.
We may disclose your Personal Data to any of our group companies (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) to assist us in provision of the services requested by you. We may also disclose your Personal Data to our suppliers and service providers from time to time to enable us to provide our services and to our clients on whose instructions such data might have been collected. Any such disclosures will be in accordance with GDPR using relevant safeguards. We also disclose Client Services Data to our clients and their related entities/related parties on a confidential basis.
We may also disclose your Personal Data to third parties:
You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
In addition to the right set out above, GDPR provides individuals the following rights:
Such requests should be made to the data controller which, in most cases, will be S-RM’s client. If we receive a request directly from a data subject where we act as processor of Personal Data on behalf of a client, we will contact the controller client for instructions on how to deal with the request. In certain cases, we may, with the consent of the client and without prejudice to our position as data processor, elect to deal with the request on behalf of the controller client to ensure that the request is dealt with expeditiously.
If you consider that our processing of your Personal Data breaches any of your rights under GDPR or you are otherwise dissatisfied with the way your Personal Data is handled by us, you have the right to complain to the Information Commissioner’s Office, https://ico.org.uk/.
Our Data Protection Officer is:
4th Floor, Beaufort House
15 St. Botolph’s Street
Our website may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that S-RM does not accept any liability for any Personal Data you provide to those websites or your use thereof. Please check these policies before you submit any Personal Data to these websites.
Any questions you have in relation to this policy and how we use your data should be sent to firstname.lastname@example.org.
We reserve the right to make changes to this Policy. Any updated Policy will be posted on our Website.