Privacy Policy

1. Introduction
Abigail Edmunds at Social Media Resilience ("we") is committed to protecting your privacy and ensuring compliance with the data protection laws applicable to our activities. This policy describes how we process personal data from website visitors, clients' employees, individual customers, and potential clients. For the purposes of the UK's data protection laws, the data controller is Abigail Edmunds, registered in England and Wales, as a sole trader under the business trading name Social Media Resilience.

2. How We Process Your Personal Data
We collect, use, and store personal data for the purposes outlined below, relying on the legal bases specified for each category of use.

3. Types of Personal Data We Obtain

Website Usage Data
: Includes technical data about your device and browser, IP address, geographic location, and usage details such as page views, navigation paths, and interactions with our website.

Business Operations Data: Includes contact information such as names, business email addresses, and telephone numbers of our clients and their representatives, necessary for fulfilling contracts and providing our services.

Business Development Data: Includes contact details of individuals at organisations interested in our services, obtained through public sources or direct interactions (e.g., at events).

Facilitator-Led and Digital Participant Data: Involves collecting data from participants in our sessions, including contact details and feedback, and from users of our digital products, such as session history and device information.

3.1 Why We Use Personal Data

Core Processing
: To operate our website effectively, improve user experience, and ensure security. Legal basis: Legitimate interests.

Service Delivery: To provide and follow up on our services to clients. Legal basis: Performance of a contract and legitimate interests.

Marketing: To communicate with you about our products and services if you have shown interest. Legal basis: Consent and legitimate interests.

Analysis and Business Improvement: To analyse use and gather feedback to enhance our services. Legal basis: Legitimate interests.

4. Cookies
Our websites use cookies to enhance user experience, analyse site usage, and support our marketing efforts. Detailed information on the types of cookies used and their purposes can be found in our Cookie Policy.

5. Disclosure of Personal Data
Social Media Resilience Ltd recognizes the importance of protecting the privacy of your personal data. We may disclose your personal data to the following categories of recipients only when necessary for the operational, legal, or regulatory purposes as outlined in this policy:

Service Providers: We engage various third parties to help manage, support, and operate our business. This includes cloud hosting providers, customer relationship management services, marketing and analytics platforms, and payment processing services. These service providers are bound by contractual obligations to implement appropriate security measures and handle personal data in accordance with our instructions and applicable laws.

Professional Advisers: We may share your personal data with professional advisers such as lawyers, accountants, auditors, insurers, and financial consultants. These disclosures occur as needed for the provision of their services to us, such as obtaining legal advice, complying with our audit requirements, or facilitating business transactions.

Affiliates and Subsidiaries: Personal data may be shared among our affiliates or subsidiaries for internal administrative purposes, business operations, and client service enhancements based on our legitimate interests in conducting our business effectively.

Regulatory and Government Bodies: When required by law or as necessary to protect our legal rights, we may disclose your personal data to regulatory and government bodies, law enforcement agencies, courts, and other public authorities. This may include fulfilling legal obligations, responding to requests pertaining to national security or law enforcement requirements, or addressing issues related to fraud or safety.

Business Transfers: In the event that we are involved in a merger, acquisition, bankruptcy, reorganisation, or sale of assets, your personal data may be sold or transferred as part of that transaction. We will notify you of any change in control or use of your personal data or if your personal data becomes subject to a different privacy policy as a result.

Social Media Platforms: If you interact with our social media accounts or use social media plugins on our websites, certain personal data may be shared with social media platforms, such as Facebook, Twitter, and LinkedIn. This data sharing enables enhanced integration and social media interaction.

Public Forums and User Contributions: Any personal data that you voluntarily disclose through our websites, such as on message boards, chat rooms, or other public areas, may be available to other users and in some cases may be publicly accessible.

Marketing Partners: With your consent or where permitted by law, we may share limited personal data with partners or third parties who wish to send you information about their products and services that may interest you.

6. International Transfers
Personal data may be transferred outside the EEA or UK under strict safeguards, such as adequacy decisions and standard contractual clauses, to ensure compliance with data protection laws.By using our services, you consent to the transfer of your personal data to countries outside your country of residence, which may have different data protection rules than in your country. Whenever we transfer your personal data internationally, we will take legally required steps to ensure an adequate level of protection.This section provides a detailed overview of the potential scenarios under which your personal data may be shared and the safeguards Social Media Resilience Ltd implements to protect your data privacy.

7. Service Providers
At Social Media Resilience Ltd, we engage various third-party service providers who perform functions on our behalf. These service providers are integral to the operation of our business and assist us in delivering our services efficiently. The following provides an overview of the types of service providers we use, the nature of services they provide, and the practices we follow to safeguard your personal data:

Cloud Storage and Data Management: We use reputable cloud service providers to store and manage data, including personal and sensitive data. These providers are selected based on their robust security measures and compliance with local and international data protection laws.

Customer Relationship Management (CRM) Systems: To manage customer relations and communications, we utilise CRM systems that help us maintain customer data, track interactions, and enhance customer service.

Payment Processors: For processing customer payments, we employ third-party payment gateways and processors. These providers are PCI DSS compliant and ensure the security of your payment data through encrypted channels.

Marketing and Analytics Services: To better understand the needs of our customers and to deliver targeted marketing campaigns, we use third-party analytics and marketing automation platforms. These services comply with our directives for data handling and respect user privacy through anonymization and secure data processing protocols.

Legal and Consulting Services: External legal advisors, consultants, and auditors may be engaged as needed. These services may have limited access to personal data within the scope of their consultancy to ensure regulatory compliance and to provide legal or strategic advice.

Data Sharing Practices with Service Providers:

Contractual Safeguards
: All service providers are bound by contractual obligations that enforce standards for data protection, confidentiality, and security. Contracts explicitly state the purpose for which personal data is processed and limit the use of data to the provision of specified services.

Data Access and Transfer: Access to personal data by service providers is restricted to what is necessary for the provision of their services. We take measures to prevent any unauthorised access or transfer of data. When data is transferred internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or reliance on the service provider’s adherence to international frameworks such as the Privacy Shield.

Data Retention and Disposal: Service providers are instructed to retain personal data for the duration necessary to fulfil the contracted services and are obliged to dispose of or return the data securely at the end of the contract term in accordance with our data retention policies.

8. Security Measures
At Social Media Resilience, we will take appropriate technical and organisational precautions to secure the personal data we process and prevent accidental or unlawful destruction, loss or alteration and unauthorised disclosure of, or access to, that personal data.Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will notify affected individuals and any applicable regulator of any personal data breach where we are legally required to do so.

9. Data Retention
Our data retention practices are guided by the need to fulfil operational and legal obligations while respecting individual privacy rights:

Retention Period: We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Review and Deletion: Regular reviews are conducted to determine whether data retention is still justified. Personal data that is no longer necessary is securely deleted or anonymized.

Legal Compliance: We adhere to applicable legal requirements regarding data retention, considering various factors such as the nature of the data, potential risk from unauthorised use or disclosure, and statutory obligations.

10. Your Rights
Under data protection laws, you have various rights concerning the processing of your personal data:

Right to Access: You can request access to your personal data and obtain copies of the data we process about you.

Right to Rectification: You have the right to correct any inaccurate or incomplete data we hold about you.

Right to Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes collected.

Right to Restrict Processing: You can request that we restrict the processing of your personal data under certain circumstances.

Right to Data Portability: You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format.

Right to Object: You may object to the processing of your personal data based on your particular situation.

10.1 How to Exercise Your Rights
To exercise your rights under data protection law, please contact us via email at hello@socialmediaresilience.org.uk. To handle your request effectively, we may need to verify your identity. We aim to respond to all legitimate requests within one month. Note that we reserve the right to charge a fee or refuse requests that are unfounded or excessive.

11. Accessing Your Personal DataYou are entitled to request details on the personal data we process about you. This includes:

Data Use: Information on how we use your data and the purposes.
Data Disclosure: Details on who your data has been disclosed to, including in other countries.
Retention Period: The expected retention period for your data or the criteria used to determine the retention period.

12. Links to Other Websites
Our website may include links to third-party websites not operated by us. Please be aware that we do not control these external sites and are not responsible for their privacy policies or practices. We encourage you to read the privacy statements of each website you visit that collects personal information.

13. Changes to This Privacy Notice
We may update this privacy notice from time to time. Changes will be posted on our website and notified as appropriate.

14. Contact
For any questions or comments regarding this privacy notice, please contact us at abi@socialmediaresilience.co.uk.