Secure Digital Exchange Privacy Notice
May 25 2018



This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

We know that there’s a lot of information here but we want you to be fully informed about your rights, and how Secure Digital Exchange Limited (formerly SDX Messaging Limited) uses your data.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

Our details

When you are using the Secure Digital Exchange website, Secure Digital Exchange is the data controller.

Our Data Protection Officer is Jo Thurgood and she can be contacted at

Our registered office address is Suite A, 6 Honduras Street, London, EC1Y 0TH.

The information we collect

When you contact us we ask you for your name, company name, job title and contact details, which are postal address, email address and telephone number.

How we collect, use and store your data

We collect your data when you complete a form on our website with your contact details requesting further information about our products and services.  We do not use cookies on our website.

We also collect your data when you call us to request further information about our products and services.  We do not record telephone calls.

We also collect your data when you interact with us on social media.

We use this information to set up contact details, create contracts and service those contracts for the purpose of supplying you with goods and services and also to stay in contact with you about our services.

We store this information on our Customer Management system, Pipedrive.  If you purchase a product or service from us we use that information to create a contract with us and this is kept in paper form at our administrative office in West Yorkshire.

We also retain an electronic copy and this is held on our shared drive where all data is held in our Google Teamdrive, a shared space in the Cloud.

We also use the information to create invoices and we store this information on our online accounting system Xero.

We also may share your data with our third party consultants should they need to contact you about the contracts we have in place.

We may disclose your data to third parties in other circumstances, in particular:

  • If we are under a duty to disclose or share your personal information to comply with any legal obligation or to enforce or apply our terms and conditions of trading and other agreements;
  • To protect the rights, property, or safety of Secure Digital Exchange Limited, our staff, our customers, or others;
  • In response to a request from a government authority, including a regulator; or
  • If we sell or buy any business or assets in which case we will disclose your data to the prospective seller or buyer of such business or assets.

We may share your information with any other companies in our Group.  The manner of how we keep you data is the same in each Group company.

We do share your information with Cloud Providers to help us store your information.

We will share your information with Lawyers representing us in the event of a legal case or matter.

We do share your information with Regulators and law enforcement agencies (if there is a legal reason to share your data with them).

The Legal Basis for collecting and processing your data

Our legal basis for these uses of your data may include that it is necessary for our legitimate interests in operating our business and/or providing you with goods and services and/or it is necessary for the performance of contracts to which you are a party with us.

Data Retention Policy

We will not retain your data for any longer than is necessary, taking into account the legal requirements for such information.

 Your Rights known as Subject Rights

You have various rights under the new GDPR regulations regarding the processing of your personal data and these include the right to:

  • Request access to the personal data we hold and details of how we process it.
  • Request us to correct any inaccurate information we hold about you.
  • Request us to delete personal data in certain circumstances.
  • Receive your personal data in a format suitable for transfer to a third party.
  • Object to and/or restrict the processing of your personal data on certain grounds.
  • Object to the processing of your data for direct marketing.
  • Object to any decision about you based solely on automated processing that produces legal effects or otherwise significantly affects you.
  • Lodge a complaint with the UK Information Commissioner’s Office.

If you have any questions about this document or the personal data that we hold about you then please contact