South East Clicks Logo

Data Protection

Our comprehensive approach to protecting your business data and ensuring compliance with UK data protection laws.

1. Our Data Protection Commitment

South East Clicks is committed to protecting the privacy and security of personal data belonging to our business clients, their employees, and website visitors. We comply with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR).

Data Protection Principles

We process all personal data in accordance with the six data protection principles: lawfully, fairly and transparently; for specified purposes; data minimisation; accuracy; storage limitation; and integrity and confidentiality.

2. Types of Data We Process

2.1 Business Contact Data

  • Company names and business addresses
  • Professional email addresses and phone numbers
  • Job titles and professional roles
  • Business registration information

2.2 Financial Data

  • Billing addresses and contact information
  • Payment processing information (handled by secure third parties)
  • Invoice and transaction histories
  • VAT numbers and tax information

2.3 Technical Data

  • Website analytics and usage patterns
  • System access logs and security monitoring
  • Technical specifications and configurations
  • Performance metrics and optimisation data

2.4 Marketing Data

  • Communication preferences and consent records
  • Campaign engagement and response data
  • Lead generation and qualification information
  • Event attendance and networking contacts

3. Legal Basis for Processing

Contract Performance

Processing necessary to deliver our SEO, web design, and marketing services

Legitimate Interest

Business development, customer support, and service improvement activities

Legal Obligation

Compliance with tax, accounting, and regulatory requirements

Consent

Marketing communications and optional data processing activities

4. Data Security Measures

4.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based permissions
  • Network Security: Firewalls, intrusion detection, and monitoring systems
  • Backup Security: Encrypted backups with secure key management
  • Regular Updates: Automated security patching and vulnerability management

4.2 Organisational Measures

  • Staff Training: Regular data protection and security awareness training
  • Access Management: Principle of least privilege and regular access reviews
  • Incident Response: Documented procedures for security breaches
  • Vendor Management: Due diligence and contracts for all data processors
  • Regular Audits: Internal and external security assessments

4.3 Physical Security

  • Secure data centres with controlled access
  • Environmental controls and redundancy systems
  • Clean desk and clear screen policies
  • Secure disposal of physical media

5. Data Sharing and Transfers

5.1 Third-Party Processors

We only share data with vetted third parties who provide adequate protection:

  • Cloud Hosting: AWS, Google Cloud (UK/EU regions)
  • Payment Processing: Stripe, PayPal (PCI DSS compliant)
  • Analytics: Google Analytics (data processing agreements in place)
  • Email Services: Mailchimp, SendGrid (GDPR compliant)
  • CRM Systems: HubSpot, Salesforce (adequacy decisions/SCCs)

5.2 International Transfers

When transferring data outside the UK, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Certification schemes (ISO 27001, SOC 2)
  • Transfer impact assessments

6. Data Retention

Data TypeRetention PeriodLegal Basis
Client Contract Data7 years post-terminationLegal obligation
Financial Records7 years from transactionHMRC requirements
Marketing Data3 years or until consent withdrawnLegitimate interest
Website Analytics26 months from collectionLegitimate interest
CCTV Footage30 daysLegitimate interest

7. Your Data Protection Rights

Right of Access

Request copies of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete information

Right to Erasure

Request deletion of your data (subject to legal obligations)

Right to Restriction

Limit how we process your data

Right to Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests

8. Data Breach Response

8.1 Detection and Assessment

  • 24/7 monitoring and alerting systems
  • Incident response team activation within 1 hour
  • Risk assessment and impact analysis
  • Evidence preservation and forensic investigation

8.2 Notification Requirements

  • ICO Notification: Within 72 hours if high risk to rights and freedoms
  • Individual Notification: Without undue delay if high risk
  • Client Notification: Immediate notification for client data breaches
  • Remediation: Immediate steps to contain and resolve the breach

9. Privacy by Design

We implement privacy by design principles in all our services:

  • Data Minimisation: Collect only necessary data for specified purposes
  • Purpose Limitation: Use data only for stated, legitimate purposes
  • Default Privacy: Maximum privacy protection by default
  • Transparency: Clear information about data processing
  • User Control: Easy access to privacy settings and preferences

10. Data Protection Impact Assessments

We conduct DPIAs for:

  • New services involving personal data processing
  • Systematic monitoring or profiling activities
  • Processing of sensitive or special category data
  • Large-scale processing operations
  • Use of new technologies or AI systems

11. Training and Awareness

Our commitment to data protection includes:

  • Mandatory data protection training for all staff
  • Regular security awareness updates
  • Role-specific privacy training programs
  • Annual compliance assessments
  • Incident response drills and simulations

12. Exercising Your Rights

To exercise your data protection rights, please contact us with:

Required Information

  • • Full name and contact details
  • • Description of your request
  • • Proof of identity (for security)
  • • Specific data or processing activity (if applicable)

Response Time: We will respond to your request within one month. For complex requests, we may extend this by up to two months with explanation.

13. Contact Information

Data Protection Officer

South East Clicks

Email: info@southeastclicks.co.uk

Phone: 07594366228

Subject: Data Protection Request

Supervisory Authority

Information Commissioner's Office

Website: ico.org.uk

Helpline: 0303 123 1113

Email: casework@ico.org.uk

14. Updates and Changes

This Data Protection notice is reviewed annually and updated as necessary to reflect changes in our processing activities, legal requirements, or regulatory guidance. Material changes will be communicated to affected individuals.

Document Version: 1.0
Next Review Date: 30/08/2026