Privacy & Cookies Policy
As a company, we commit to the following:
- Recognising our responsibilities as both a Controller and Processor of Personal Data
- Any Personal Data which is collected will be for specified explicit and legitimate purposes and will not be processed further in any way incompatible with the initial purposes
- We will not hold more information than is needed for the purpose(s) notified
- Personal Data held by the company will be accurate and where necessary, kept up to date
- The company will only keep Personal Data for as long as necessary for the purposes collected
- All data will be processed in a manner that ensures appropriate security of the Personal Data including protection against unauthorised or unlawful processing and against accidental loss destruction or damage, using appropriate technical or organisational measures
- Personal Data will not be processed outside the European Union apart from when appropriate measures have been taken to ensure its security – for example, a US company who is part of Privacy Shield
Controller’s contact details
Our Parent Company Eastpoint Global is the controller for the personal information we process, unless otherwise stated.
There are 2 ways you can contact us regarding your personal data; by phone and email
Phone number: 01502 52 55 55
Email address: firstname.lastname@example.org
Data Protection Officer (DPO)
The company has assessed the need for a DPO and have concluded that there is no need to appoint such person however for any enquiries relating to GDPR please contact email@example.com.
How do we get information?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made an enquiry to us
- You have made an information request to us
- You wish to attend, or have attended, an event
- You subscribe to our e-newsletter
- You have applied for a job with us
- You are representing your organisation
We also receive personal information indirectly, in the following scenario:
An employee of ours gives your contact details as an emergency contact or a referee.
Reasons for processing Personal Data
We will only process Personal Data when one of the following applies:
- Consent has been obtained
- A contractual obligation
- A legal obligation
- A vital interest
- A public task
- A legitimate interest
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
Your right to object to processing
You have the right to object to processing of your data. You can read more about this right here.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. You can read more about this right here.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
Sharing your information
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct in line with the GDPR requirements.
Links to other websites
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review to make sure it is up to date and accurate.
We do not provide services directly to children or proactively collect their personal information. However, we do collect and store consent forms when we take videos or photographs of our products in use, these are signed by a parent or guardian. The information in the relevant parts of this notice applies to children as well as adults.
Calling our phone number
When you call us (01502 52 55 55) we collect Calling Line Identification (CLI)
information. This is the phone number you are calling from (if it’s not withheld). We hold a log of the phone number, date, time and duration of the call, and audio-record the call itself. We use these recordings to improve our service through training to our staff, and if an issue arises we may use recorded calls as evidence. Only one person in the company has access to the recordings system and all calls are password protected with a secure password.
We use a third-party provider, HubSpot, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by HubSpot. It will not be shared with any other organisations.
We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry or a complaint.
We use Transport Layer Security (TLS) to encrypt and protect email traffic. Most webmail such as Gmail and Hotmail use TLS by default.
We’ll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.
When you visit our website, we use some third-party services; HubSpot, Mouseflow, Twitter and Google Analytics.
These are used to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. If you visit our website and submit a form we then track your activity but only on our website, this is to tailor your experience to you.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
You can choose to manage the cookies we use on our website through your internet browser settings at any time.
Purpose and legal basis for processing
The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users.
The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
What are your rights?
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
The company takes all appropriate measures to prevent a data breach. In the unlikely event of a breach, we will take the following steps:
- Notify the appropriate Supervisory Authority within 72 hours where feasible unless a breach is unlikely to result in a risk to individuals
- Notify individuals if the breach is likely to result in high-risk to the individuals affected