GDPR – Privacy Notice

This privacy notice sets out the basis on which Steanne Solutions Limited (Steanne) uses and protects any information that we collect from you or that you provide to us. Please click here if you would prefer to download a pdf version of this notice.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Although the UK has expressed its intention to leave the EU in March 2019, the GDPR is applicable in the UK from 25th May 2018 and is expected to continue in UK law post Brexit.

Steanne is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, it will only be used in accordance with this privacy statement.

Who we are and what we do
Steanne Solutions Ltd is a SaaS (Software as a Service) company, producing Asset Management, Work Planning and Mobile systems used primarily by local authorities and contractors.

Information that you give to us or we may collect about you
Most of the customer data collected by Steanne is business data, which is not relevant under GDPR. However, any personal data or information about you that we may collect is detailed below and this data is processed under the lawful basis for processing of either ‘Contract’ or ‘Legitimate Interests’ – see notes on Purposes of the data processing below.

Information from our website
The Steanne website identifies the business IP addresses of website visitors and these are matched to a database of businesses and business information. No personal IP addresses, mobile devices or any other data than that associated with the business are identified.
The following contact information of key decision makers at the organisations that have pro-actively visited the Steanne website may also be collected:

  • First name, last name, email address and LinkedIn profile


Information from other sources
We obtain publicly available information available from sources such as the Directors’ Register at Companies House, Dun & Bradstreet and LinkedIn. We may also from time to time purchase business information from selected third party data vendors, segmented to ensure that only decision makers from registered businesses are procured.

Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, please note that we do not have any control over other websites and cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites. These sites are not governed by this privacy statement and you should check the privacy statement applicable to the website in question.

Lawful Basis for Processing Personal Data
Under the EU General Data Protection Regulation (GDPR) there are six lawful bases for processing personal data (source: ico.org.uk – February 2018).
These are detailed as follows:

  • Consent – The individual has given clear consent their personal data to be processed for a specific purpose
  • Contract – The processing is necessary for a contract with the individual, or because they have asked for specific steps to be taken before entering into a contract
  • Legal Obligation –The processing is necessary to comply with the law (not including contractual obligations)
  • Vital Interests – The processing is necessary to protect someone’s life
  • Public Task – The processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law
  • Legitimate Interests – The processing is necessary for legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests


Purposes of the data processing
We use information held about you in the following ways:

  • To carry out our obligations arising from any contracts that we have entered into or intend to enter into between us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your organisation.
  • To provide you with information about other goods and services we offer that are similar to those that you have already purchased, been provided with or enquired about.
  • To follow up any website visitors in order to serve their needs and generate business sales as appropriate.

For the purposes of data protection legislation currently in force, the data controller is: Steanne Solutions Ltd, Hyde Park House, Cartwright Street, Newton, Hyde, SK14 4EH and our nominated representative is Tom Crompton.

Disclosure of your information inside and outside the EEA
We do not share any personal information with third parties, either in or outside the European Economic Area (EEA).

Data Storage and Retention
All Steanne data is processed and stored in the UK within a secure environment. Personal data (eg: CVs no longer required once a vacancy has been filled) is deleted once it is no longer required.

Your rights
The GDPR provides you with the following rights regarding your personal data:

Request for Access
You may request that we send you a full copy all of the data we hold that relates to you.

Request for Rectification
You may request that we correct any personal data if it is found to be inaccurate or out of date.

Request for Erasure
You may request that we delete all the data that we hold that relates to you (aka. the right to be forgotten). If you request this, we will remove any data we hold about you from our database. However, if your details are removed from our files, there is a risk that your data may be added again in the future, for example if you visit our website again. If you do not want Steanne to process your personal data in the future, we would recommend you request to object or to restrict processing (see below) rather than request for erasure, as this will ensure that your details remain marked as not to be used for correspondence.

Request to Object or to Restrict Processing
You may request that your details are no longer used for any data processing and/or correspondence, although your details would be retained in our database.

Request for Transfer
You may request that we send all of your data that we hold to a third party.

For any of the above requests, please make your request in writing, either by emailing: gdpr@steanne.co.uk or by writing to: Steanne Solutions Ltd, Hyde Park House, Cartwright Street, Newton, Hyde, SK14 4EH
All requests will be actioned within 30 days. Please note that this applies only to the processing of your personally identifiable data, not that of any business data which does not fall under the remit of GDPR.

Changes to this Privacy Notice
Steanne policies are reviewed periodically to ensure compliance with current legislation; this notice was last reviewed and updated on the 25th May 2018. For any questions relating to this notice, please contact us at gdpr@steanne.co.uk.

Any changes that we make to this privacy notice in the future will be posted on this page and if appropriate, notified to you by email.