Privacy Notice

Privacy Notice

Privacy Notice for End Customers

Last Updated: 22/01/2025

Contents

  1. Introduction
  2. What is personal data?
  3. Personal data we collect, how we process it and the lawful basis of the processing
  4. How we collect your personal data
  5. Sharing your personal data
  6. International transfers
  7. How long we keep your personal data
  8. Security of your personal data
  9. Your rights
  10. How to complain
  11. How to contact us

1. Introduction

SERG Technologies Limited (“SERG Technologies”, “we, “our”) is committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (“you/your”).

Our partners (healthcare providers and educational institutions) may use our technologies and health platform to collect personal and sensitive information about you. In this regard SERG Technologies acts as the processor, while our partners are the controllers. Questions about privacy and data protection that concern the information collected by our partners about you, should be addressed directly to the organisation providing these services to you.

The purpose of this privacy notice is to explain what personal data we collect about you when you visit our website and interact with SERG Technologies. When we do this, we are the controller.

Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at info@sergtechnologies.com.

2. What is personal data?

‘Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.

‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

3. Personal data we collect, how we process it and the lawful basis of the processing

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to and our wider operations in the European Economic Area (EEA).

The personal data we collect includes:

Information you give us:

‘Enquiry data’, this data is collected from completing the contact form on our website, from call enquiries, meetings and marketing events. This data may include: your name, email address, telephone number, company name and job title. This data is collected from you. It will be processed for the purposes of communicating with you. The lawful basis for this processing is our legitimate interest in responding to your enquiry and growing our business.

‘Newsletter data’, this data is collected when completed the newsletter sign up on our website, this data will include your first name, surname and your email address. Our lawful basis for this processing is consent. You can withdraw this at any time by following the unsubscribe link within our newsletters.

‘Trial/Study participant data’, this data is collected when you participate in a trial/study that we run/collaborate on. This data includes: your name and email address. This data will be used to contact you to invite you to complete questionnaires and surveys that we may wish to send you regarding your experiences. If you no longer wish to receive invites to complete these, then please let us know. Our lawful basis for this processing is our legitimate interest to gain a greater insight into the effectiveness of the work we are conducting.

‘Questionnaire data’, this data is collected if you participate in a questionnaire or survey that we send you. The data collected will be listed within the questionnaire. In most cases we anonymise this data once it has been collected and will let you know if this is not the case. Our lawful basis for this processing is consent. Please note that in instances where your data has been anonymised that we will no longer be able to withdraw your responses from a dataset.

For more information regarding our collection and processing of your personal data as part of our job application process, please see our Job Applicant Privacy Notice.

Where Personal Data is processed because it is necessary for the performance of a contact to which you are a party, we will be unable to provide our services without the required information.

4. How we collect your personal data

We collect all of this personal data directly from you—in person, by telephone, text or email and/or via our website.

5. Sharing your Personal Data

We do not routinely share your personal data with other parties. Where we do, we will always enter into a written agreement with the other party which includes appropriate data protection provisions. Where we share your personal data with another party we will inform you of this, and the format within which this should be shared, in advance of processing your personal data.

6. International Transfers

When we collect your personal data, it may be processed outside the UK or the European Economic Area (“EEA”). This is because the organisations we use to provide our services to you are located outside of these territories’ countries.

We have taken appropriate steps to ensure that where personal data processed outside the UK or EEA, it has an essentially equivalent level of protection as it has within the UK or EEA. We do this by ensuring that:

  • Your personal data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation, or adequacy decision confirmed by the European Commission)
    • This includes any organisations certified under privacy frameworks, such as the UK Extension to the EU-US Data Privacy Framework; or
  • Where personal data is transferred from the UK, we enter into either International Data Transfers Agreements (IDTAs) or Standard Contractual Clauses with the UK Addendum (UK SCCs) (whichever is applicable) with the receiving organisation and ensure that supplementary measures are also applied, where necessary.
  • Alternatively, where we transfer personal data from the EEA, we enter into Standard Contractual Clauses with the receiving organisation and ensure that supplementary measures are also applied, where necessary.

7. How long we keep your personal data

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.

At the end of the retention period, your personal data will be securely deleted or anonymised.

8. Security of your personal data

We have implemented appropriate technical and organisational measures to safeguard your personal data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access.

In addition to the technical and organisational measures we have put in place, there are a number of simple things you can do to in order to further protect your personal information, such as;

  1. Always send confidential information by encrypted email where possible this reduces the risk of interception.
  2. If you’re logged into any online service do not leave your computer unattended.
  3. Close down your internet browser once you’ve logged off.
  4. Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.

Secure Online Services

You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.

9. Your rights

You have certain rights in relation to the processing of your personal data, including to:

  • Request access to your personal data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the personal data we hold about you.
  • Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. If you object to us using your personal data for marketing purposes we will stop sending you marketing material.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party (data portability).
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to our partners for the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent from our partners, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.

How to exercise your rights

You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded orexcessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, please contact us at info@sergtechnologies.com.

10. How to complain

You have the right to lodge a complaint with the supervisory authority, if you believe we are infringing the UK data protection laws or you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

  • Contact us | ICO
  • Or by telephone on 0303 123 1113

11. How to contact us

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, then please address your correspondence to: SERG Technologies Ltd, Pall Mall Deposit, 124-128 Barlby Road, North Kensington, London, W10 6BL, United Kingdom,

Alternatively, you can email us at info@sergtechnologies.com.

We have also appointed a Data protection Officer (“DPO”). Our DPO Evalian Limited and can be contacted by emailing dpo@sergtechnologies.com or via our postal address. If sending correspondence to our postal address, please mark the envelope to the ‘Data Protection Officer’