The term ‘company’ refers to us, Evopos Ltd
The term ‘individual’ refers to anyone the company holds personal data on, including prospects, customers, suppliers and staff.
The company is committed to preserving the privacy of individuals and to comply with GDPR (General Data Protection Regulation).
Personal data updating
The company will ensure that any personal data collected is within the boundaries of what is required for business, legal and accounting use.
This personal data may be used for communications, business, accounting and legal reasons.
Data can also be collected from visiting our web site(s). This is normally a small file, known as a ‘Cookie’ which can store your preferences and other data designed to enhance your experience and help us analyse trends. You can choose to not to accept cookies or delete them. This may prevent you from taking full advantage of the website. Data may also be collected from search and analytical engines such as Google Analytics.
Data is regularly reviewed and updated to help ensure it is accurate and up to date. When personal data is no longer required, it will be deleted or securely disposed of.
Personal data will not be given to 3rd parties unless it is for legitimate business reasons, legal reasons or specific consent has been given.
Security and storage of Personal Data
When personal data is stored electronically:
- Access to personal data is kept securely.
- Personal data is only stored on designated devices.
- Personal data is backed up frequently and the backups kept securely.
- Devices containing personal data and connected to the internet are protected by security software and firewall.
When personal data is stored on paper:
- The paper(s) are kept securely.
- When no longer required, paper(s) are disposed of securely.
If a breach of data is discovered, then the individuals it relates to will be informed within 72 hours.
Right to access Personal Data
Individuals who have personal data held are entitled to know what personal data the company holds about them. This is known as a Subject access request.
When a Subject access request is made:
- The identity of the individual must be verified before handing over any information.
- The first request is Free. Subsequent requests may be charged at £10.
- The data will be provided within 30 days.
If an individual feels that any personal data is missing, inaccurate or should not be held, then they should inform the company so it may be updated.
Individuals are also entitled to know the company is meeting its data privacy obligations. This information is detailed in this Privacy Notice.
Right to be Forgotten
An individual has the right to their personal information being forgotten.
When an individual requests to be forgotten, then personal data concerning them will be deleted, with the exception of details that are required for Business or Legal reasons.
An individual can also request not to be contacted (see Conditions to Communicate below).
The identity of the individual must be verified before deleting or clearing information.
Conditions to Communicate
Communications may be made at various times by the company to individuals by Email, Mail, Phone or Text.
If an individual requests not to be contacted, for marketing, reminders or both, then the data will be updated to show this and that individual will be excluded from these communications except in the case of ones required for legal, business or contractual reasons.
Communications are normally either made under GDPR Article 6, Part 1, Condition: B (entering into a contract), or Condition: F (for the legitimate interests of the company). When Condition: F is used, the comparison of the company interests versus the rights and freedoms of the individual is referred to as the “Balancing test”. This test is documented by the company to show that the test was carried out. Because these conditions are adhered to, specific consent from individuals is not required.
Privacy Notice updates
This document may be updated as necessary to reflect best practice in data management, security and control and to ensure continuing compliance with current GDPR.
The latest version of this Privacy Notice can be viewed on the company’s Web Site.
In case of any queries or questions in relation to this policy please contact the company or email to firstname.lastname@example.org .
Updated 22 May 2018.