Privacy Policy
Essiell Compli Limited takes the protection of your personal information seriously. We conduct our business in compliance with the UK General Data Protection Regulation (UK GDPR) and all other applicable laws on privacy, data protection and data security. When you entrust us with your personal data (meaning any personal information in relation to an identified or identifiable individual) we will apply the necessary technical and organisational measures and safeguards to ensure that your information is kept private and secure.
Our Privacy Policy sets out what personal information we collect from you, how we collect it and what we do with it. When you provide us with personal information you accept and consent to the practices described in this Privacy Policy unless we hear otherwise from you.
1. Data Subject
Our Privacy Policy tells you what you can expect when we collect personal information from you, the data subject. You may be:
- a visitor to our site;
- contacting us;
- a prospective employee; and/or
- an existing or former supplier, contractor, or client.
2. Collected personal information
Under data protection law, we can only use your personal information if we have a lawful reason for doing so. This may be:•
- where you have given consent;
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
We may collect the following personal information where we have a lawful reason for doing so:
- full name and title;
- contact details including address, telephone, email, LinkedIn details;
- job title and company name and address;
- device identifier information (e.g. unique IP address), browser plug in type and version;
- identification information;
- other personal information relevant to your application or enquiry.
3. How we use personal information:
Visitors to our site
When you visit our site we use a third party service provider to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is processed in a way which does not identify anyone and we do not make, and do not allow the third party to make, any attempt to find out the identity of those visiting our site.
We also use a third party service provider to maintain the security and performance of our site. To do this it may process the IP addresses of visitors to our site.
People who contact us by email
When you contact us we will use such personally identifiable information as is necessary to respond to your enquiry. This information will be retained for no longer than is necessary for the purposes for which the personal information was collected and will not be shared with any third parties without your express consent unless we are required to do so by applicable laws or regulations or unless there is another lawful basis for doing so. We will update your information whenever we can to keep it current, accurate and complete.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please ensure that any email you send does not contain any illegal, offensive or dangerous content.
Prospective Employees
If you apply to work for us then we will prepare an electronic file relating to your application. The information contained in this file will be kept secure and will only be used and retained for purposes directly relevant to your application. Most personal data will be collected directly from you however, with your consent, we will collect information from our third party employee screening provider that carries out verification, reference and CRB checks on a prospective employee. If your job application is unsuccessful then, unless you advise us otherwise, we will delete your personal information within three (3) months of completion of the recruitment exercise. If your application is successful then your personal information will be held in accordance with the provisions of our Employee Privacy Policy.
Suppliers, contractors and clients
Your personally identifiable contract information (information you provide to us in connection with the performance of a contract with us) such as name, username, phone number, email address and billing information will be collected and processed in accordance with the terms of this Privacy Policy. Whilst most personal data will be collected directly from you, we may also collect data from publicly accessible sources such as Companies House and, with your consent, we may also collect reference information from third parties. We may use this personal data for:
- relationship management and file opening procedures (including security and verification checks);
- administrative purposes;
- to facilitate the supply of goods and/or services under a contract;
- to carry out assessments of technical and organisational measures and other security measures relating to a contract;
- to comply with our contractual obligations and our legal and regulatory obligations;
- to conduct performance management and audits; and
- to deal with enquiries.
This information will be held by us for as long as our contract with you persists. In some circumstances, such as to meet our legal or regulatory obligations, resolve disputes, prevent fraud and abuse, or enforce the terms and conditions of our contract with you, we may hold on to your personal information after the contract has ended.
This Privacy Policy does not form part of the terms of any contract which is in place between us and you, or the company you are authorised to represent.
4. Marketing
If you have opted in to receive marketing information from us via our site, or where you are an existing or former client of Essiell Compli Limited then we may use your personal information in order to send to you marketing materials or to make you aware of any new services, events or initiatives offered by us which we think may be of interest. We may also use your personal information in order to obtain your feedback in relation to our events or services. In most cases, our lawful ground for processing your personal information for these marketing purposes is that it is in our legitimate business interest to do so in order to promote our business. For certain other marketing purposes, we will strive to obtain your consent if we intend to use your personal information and in such circumstances, our lawful ground for processing your personal information will be based on your consent for us to do so. Where we have your consent, we may use personal information that you have either provided to us directly or personal information that we have collected regarding your use of our site and services, either alone or in combination with personal information that we have received about you from third parties. Where we use personal information about you from such third parties for marketing purposes, we use it on the basis that the third party has obtained your consent to such disclosure and use. If at any time you decide that you no longer wish to receive marketing information or other communications from us or if you would like to amend your marketing preferences then please follow the “unsubscribe” link found at the foot of any email communications we have sent to you or contact us. We may ask you to confirm or update your marketing preferences.
5. Use of cookies
Our Cookies Policy sets out how we use cookies on our website.
6. Where your personal data is held
Your personal data may be held at our secure storage facility in Brighton, England and/or stored in the UK by our third party cloud storage provider, Amazon Web Services EMEA SARL (“AWS”).
7. Queries or Complaints
We are happy to provide any additional information or answer any queries. Please provide as much detail as possible and we will endeavour to resolve your query. Where we receive your query we will only use the information you have supplied to us for the purpose of dealing with your query.
If you wish to make a complaint then we will make up an electronic file containing the details of your complaint. The file will contain a record or your identity and the identity of any other individuals involved in the complaint. We will only use the personal information which is collected to process the complaint and to check on the level of service we provide. We may disclose your identity to whoever the complaint is about. If you do not want information identifying you to be disclosed then we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. Unless there is a specific legal requirement to keep your personal information, we will retain personal information relating to your complaint for no longer than is necessary for the purpose for which it was collected or for which it is to be further processed. You also have the right to lodge a complaint with your relevant regulatory authority regarding the use of your personal information. In the UK this is the Information Commissioner’s Office.
8. Your rights to your information
The following rights are available to you (depending on how we have collected your personal information):
- right to be informed about what we do with your personal information;
- right to access to your personal information;
- right to correct your personal information;
- right to object to, or restrict, the use of your personal information;
- right to delete your personal information;
- right to stop receiving direct marketing messages from us;
- right to portability of your personal information; and
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights. You can find out if we hold any of your personal information by making a ‘subject access request’ by email (details on our Contacts page) and if we hold information about you then we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to;
- let you have a copy of the information in an intelligible form..
Provided you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If the information we hold is inaccurate or if you would like us to remove and delete any personal information then please let us know.
9. Consent
Where we hold your personal information based on your express consent then you have the right to withdraw your consent at any time.
10. Data Protection Registration
Details of our data protection registration with the Information Commissioner’s Office can be found here.
11. Keeping your personal information secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
12. Disclosure of your personal information
We may share your personal information with a third party if required to do so by applicable laws, court orders or regulations. Our lawful basis for processing your information for this purpose is because such processing is necessary for us to comply with legal obligations we are subject to. We may also share your personal information with third parties in order to help us to: perform a contract you have with us; support us in dealing with a request or enquiry we receive from you; and assist us in processing a job application we receive from you. When we do so, these third parties are required to act in accordance with our instructions and they must meet the requirements of applicable data protection legislation when processing your personal information. Our lawful basis for processing your personal information for such purposes is because it is in our legitimate business interests to do so.
13. Data transfers overseas
In the event your personal information is required to be transferred to third party data processors located in countries outside of the UK then we will only transfer your personal information to those third parties where we are sure that we can protect your privacy and your rights. Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK where:
- the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects (the safeguards will usually include using legally-approved standard data protection contract clauses); or
- In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a
third party country or international organisation where an exception applies under relevant data protection law. For example, where:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks;
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims.
And we may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your own interests, rights and freedoms.
14. Changes
We keep our Privacy Policy under regular review and we may change its content from time to time. The date of the last review was May 2022. Please check our site for any updates.
15. Contact Us
If you have any questions about our Privacy Policy or the information we hold about you or if you wish to exercise a right under data protection law or make a complaint then please refer to our Contacts page. Essiell Compli Limited’s registered office is The Courtyard, High Street, Ascot, SL5 7HP (c/o Kirk Rice LLP).