This policy highlights:
- How and what personal data we collect
- How we use your data
- How we ensure customer privacy
- Your rights when it comes to personal data
This policy also applies to information we collect about people who use our services and our website.
e-PA is a registered trademark of LM & CO Services Ltd, trading as e-PA. Under the General Data Protection Legislation (‘GDPR’) we are ‘the Data Controller’ and the individual whose data we have collected is referred to as the data ‘subject’. If you require information you can contact our Data Protection Officer via firstname.lastname@example.org or via post to our Data Protection Officer, e-PA, 8 High Street, Shanklin, Isle of Wight, PO37 6LB.
What data does e-PA collect?
When you register or contact us about services, we may ask you for the following:
- Name and job role
- Contact information, such as email address and phone number(s)
- Payment details for billing and payment processing
- Names and contact details for your contacts
- Information you believe is relevant in relation to services supplied, e.g. preferred contacts times, commitments, the phone number used to contact us.
When e-PA, collect personal data we are known as the data ‘controller’ in instances where our clients supply the personal data we are known as the data ‘processor’. When acting as a data processor we will manage on your behalf the personal information you require from your clients.
What does e-PA do with this information
- Providing a tailored and personalised service to clients and customers
- Internal audit and training purposes
- Improving our services
- Processing payments
e-PA may on occasion send you promotional content via email, SMS or by post. The lawful basis on which we process data for this purpose includes:
- If you’re a customer – a customer/contractual consent
- If you’ve enquired about our services – either consent (where we’re obliged to obtain), or legitimate interest will apply
For how long does e-PA hold data?
e-PA will hold information for as long as we are providing you a service or are likely to provide a service following an enquiry. We retain records after our business relationship has ended in accordance with our Data Retention Policy. After this time your data will be deleted securely.
Where data is processed for promotional purposes, all information we hold for promotional purposes are kept unless we are notified by you that you no longer wish to receive promotional information. In order to ensure a continuous quality improvement, we may use your data in a way which would reasonably be expected as part of operations and services. This will be done in a way that does not affect your rights, freedoms or interests.
For example, we may use previous service agreements to offer personalised deals. We may choose to contact you by phone, SMS, email or post.
You can choose to stop receiving marketing communications at any time by emailing us via email@example.com, or via post to our Data Protection Officer via, e-PA, 8 High Street, Shanklin, Isle of Wight, PO37 6LB.
Sharing your data
e-PA carefully selects Service Providers for specific purposes that aid or enhance services provided to our customers. Including, for example, companies that assist us with technological services or payment processing. We only share personal data that enable Service Provider services and is always shared in a secure fashion.
We may share personal data with other organisations in the following circumstances:
- If the law or a public authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights;
- To an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you to. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us; or
- To any other successors in title to our business
How we protect data
This section highlights some of the measures we have in place to keep data secure.
- We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
- We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).
- We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.
- Records are backed-up and removed from site daily and resides in a fireproof container while on site.
However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us. All data, when no longer required will be treated in accordance with our Data Retention Policy.
Under data protection legislation, you have rights in relation to the use of your personal data:
- The Right of Confirmation and Access. As a data subject you have the right to obtain confirmation from the data controller as to whether or not personal data concerning you is being processed. You also have the right to obtain from us free information about your personal data stored at any time, and a copy of this information. Furthermore, you have the right to obtain information as to whether personal data is transferred to a third country or to an international organisation. Where this is the case, you also have the right to be informed of the appropriate safeguards relating to the transfer.
- Right to Rectification and Erasure (Right to be Forgotten). You have the right to ask us to rectify inaccurate data or to complete any incomplete personal data that we hold. You have the right to ask us to erase your personal data without delay where one of the statutory grounds applies, so long as the processing is not necessary. If you request us to erase your personal data, then this means that our business relationship will end as we cannot provide our service without processing your data.
- Right of Restriction of Processing/Right to Object. You have the right to restrict the processing of your personal data under certain circumstances, including if you have contested its accuracy and while this is being verified by us, or if you have objected to its processing and while we are considering whether we have legitimate grounds to continue to do so. You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal data concerning you.
- Right of Data Portability. You also have the right for certain data you have given us to be provided to you in a structured and commonly used electronic format (for example, a Microsoft Excel file), so that you can move, copy or transfer this data easily to another data controller. You may also request that we transmit this data directly to another organisation where it is practical for us to do so.
- Automated individual decision-making, including profiling. You have the right not to be subjected to a decision based solely on automated processing, including profiling. e-PA do not process any personal data in this way.
- Data protection for Employment and Recruitment Procedures. Details of how we process data for recruitment or employment procedures are covered separately and will be provided to applicants/employees as part of the HR process.
How to exercise your rights: If you wish to contact us in respect of any of the Rights described above, please get in touch with our Data Protection Office via email at firstname.lastname@example.org. We will respond to your request free of charge and usually within one month.
How to complain about the use of your data: If you wish to raise a complaint about how we have handled your personal data, including in relation to any of the rights outlined above, you can contact us on the details below at the start of this notice and we will investigate the matter for you.
If you are not satisfied with our policy, or believe we are processing your data unfairly or unlawfully, you can complain to the Supervisory Authority - Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can find further information about the ICO and their complaints procedure here: https://ico.org.uk/concerns/
e-PA may change this notice by updating this policy to reflect changes in the law or our privacy practices. Please note, your Personal Data won’t be used in any new ways without your prior consent.