Privacy Notice for Website
Epicintegration.com (“the Website”) is owned and operated by Epic Integration Ltd. This policy explains how Epic Integration may use information we collect about you, as well as your rights over any personal information we hold about you. Please read this policy carefully; by accessing the Website you confirm to have understood and agreed to them.
We are a GDPR compliant company and therefore set out to comply with the Data Protection Act 1998. Epic Integration Ltd is the Data Controller and holds personal details of our clients. Our registration number is ZA332226.
INFORMATION WE COLLECT ABOUT YOU
We may collect information about you when you:
- visit the Website, and other sites accessible from the Website.
- sign up for the newsletter
- take part in promotions, competitions, customer surveys and questionnaires.
- contact us e.g. in writing, call customer services
- place an order or have a product or service installed/maintained by us.
USING YOUR INFORMATION
Collecting your personal information helps Epic Integration to better understand what you need from us. We use your information to:
- manage and improve the Website.
- personalise our services to you.
- administer and operate your account
- maintain and support your products and services
- tell you about important changes to the Website and our services.
- manage promotions, competitions, customer surveys and questionnaires.
Your personal information is safe with us and will never be released to companies for their marketing purposes.
We confirm that any Personal Information which you provide to us (or which is available on public registers) and any User Information from which we can identify you, is held in accordance with the registration we have with the Data Commissioner’s Office. We use your information only for the following purposes:
- Processing your orders and payments;
- Providing installation and maintenance services to our clients
- For statistical or survey purposes to improve this Website and its services to you;
- To serve website content and advertisements to you;
- To administer this website;
- To notify you of products or special offers that may be of interest to you.
- To notify you of relevant updates and general customer service contact.
- To contact you for any of the above purposes whether by telephone, e-mail or in writing and you confirm that you do not and will not consider any of the above as being a breach of any of your rights under the Privacy and Electronic Communications (EC Directive) Regulations 2003.
STORING YOUR PERSONAL DATA
The GDPR states that personal data we hold shall be kept for no longer than is necessary for the purposes for which it is being processed.
We will treat all your Personal Information as confidential (although we reserve the right to disclose this information in the circumstances set out below). We will keep it on a secure server and we will fully comply with all applicable UK Data Protection and consumer legislation from time to time in place. We will hold all personal data, both paper format and digitally, on file for the minimum period as is necessary to maintain the project, however, due to the requirement to maintain systems beyond the requirement of the current owner/tenant, we reserve the right to hold personal data for longer if the project requires this. When the data is no longer required it will be deleted permanently by the Data Controller.
When you contact us to make an enquiry or request a quotation, we will collect Personal Information from you such as your name, e-mail address, billing address, delivery address, telephone number and product selection. When using our website, we may also collect, and our third party providers of advertisements and content may collect, information about where you are on the internet (e.g. the URL you came from, IP address, domain types like .co.uk and .com), your browser type, the country and telephone area code where your computer is located, the pages of our website that were viewed during your visit, the advertisements you clicked on, and any search terms that you entered on our website (“User Information”). We may collect this information even if you do not register with us.
During and after the installation process, and any future maintenance period, we may require access to personal info in addition to the above such as passwords and account details. Internal use of this data will be kept to an absolute minimum at all times and will just be purely for the purposes of maintaining the project.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online. We take data security extremely seriously and take precautions in excess of our relevant expectations to ensure your information is as secure as it can be.
MARKETING AND RESEARCH
If you have previously agreed, we may contact you:
- with offers and information about Epic Integration’s products or services
- for customer research e.g. to help improve our services
Of course, the choice is entirely yours, but if you say you do not want to receive marketing information from us this will prevent you from receiving great offers or promotions that may be of interest to you.
To change your contact preferences simply send an email confirming your preferences to firstname.lastname@example.org. If you do not want to receive commercial communications from us, select your choices by using the boxes available on that page.
We like to hear your views to help us improve our service. From time to time, we may contact you to ask your opinions. Again, if you do not want to be contacted for this purpose, please email us on the above address
C O O K I E S
To comply with new rules, we use a system of classifying the different types of cookies which we use on the Website, or which may be dropped by third parties through our websites. The classification was developed by the International Chamber of Commerce UK and explains more about which cookies we use, why we use them, and the functionality you will lose if you decide you don’t want to have them on your device. Please be reassured that we are working on other privacy and cookie-related improvements to the Website.
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
Cookies used on the Website
A list of all the cookies used on the Website by category is set out below.
These cookies collect anonymous information on the pages visited. By using the Website, you agree that we can place these types of cookies on your device.
These cookies collect information about how visitors use the Website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the Website works.
These cookies remember choices you make to improve your experience. By using the Website, you agree that we can place these types of cookies on your device.
These cookies allow the Website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Using browser settings to manage cookies
The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on’s settings or visiting the website of its manufacturer.
DISCLOSING YOUR INFORMATION
We will never disclose your information to anyone outside of Epic Integration except where we have your consent or where we are required or permitted to do so by law.
The Website may contain links to other sites which are outside our control and not covered by this policy. The operators of these sites may collect information from you that will be used by them in accordance with their policy, which may differ from ours.
ACCESSING YOUR INFORMATION
To obtain a copy of the information we hold about you, write to: Data Protection Enquiries, Epic Integration Ltd, 8th Floor, 6 Mitre Passage, Greenwich Peninsula, London, SE10 0ER enclosing a cheque or postal order for £10 payable to “Epic Integration Ltd”. Please confirm your details to help us identify and locate your information. If any of the details are incorrect or incomplete, please write to us or email us as soon as possible. We will promptly correct any information found to be incorrect.
CHANGES TO OUR POLICY
This policy replaces all previous versions and is correct as of 19th April 2018. We reserve the right to change the policy at any time.
If you have any queries, please contact us at email@example.com.
Last update: 19/04/18 Epic Integration © 2018
GDPR POLICY NOTES for clients
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
o Each member of staff and sub-contractor has been given suitable training and documentation to ensure that they understand their requirements and responsibility regarding the new GDPR Regulations.
o A Company email was also sent to all members of staff on 16th May 2018 to include a short update on GDPR.
o A section on GDPR has also been added to our Employee Handbook and issued to all members of staff.
o Our Newsletter subscribers have been sent an email explaing the updates and requesting anyone who wishes ro remain on the list to resubscribe.
o We have registered with the company with the ICO.
Information you hold
You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
o Personal data we hold includes names, postal and email addresses and phone numbers of our clients and employees, account user names and passwords where applicable, product information, physical installation and network information, and bank account details for account management purposes. It is possible for the network monitoring devices to track occupancy of a device within the location of the system.
Communicating privacy information
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
o Attached is our Privacy Notice, which was updated in May 2018 and is located on our Website.
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
o We keep all personal data on a secure server, with multiple formats of secure backup.
o Our website uses an SSL Certificate for all pages.
o We only sychronise data between staff and Office which is relevant to their role.
o Data will remain privileged and access to it is denied until permission is assigned by Office Management.
o We maintain various layers of data security to ensure protection of personal information.
o We fully comply with all applicable UK Data Protection and consumer legislation.
o We hold all personal data on file for as long as deemed necessary to maintain the project for current or future users. When the personal information is required for this purpose it will be securely destroyed.
Subject access requests
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
o To obtain a copy of the information we hold about our clients, we advise them to write to Data Protection Enquiries, Epic Integration Ltd, 8th Floor, 6 Mitre Passage, Greenwich Peninsula, London, SE10 0ER enclosing a cheque or postal order for £10 payable to “Epic Integration Ltd”. They are asked to confirm their details to help us identify and locate their information.
o Attached is our Privacy Notice where subject access requests are also detailed.
Lawful basis for processing personal data
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
o The lawful basis for our processing activity is to
· be able to maintain and service past, present and future jobs.
· Enable us to communicate with our clients (by email, telephone, post) regarding new jobs, service visits, and company news and promotions.
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
o We have sent out an email to all our existing subscribers requesting for them to resubscribe to our mailing list.
o Our Privacy Notice on our website has also been updated to comply with GDPR.
o We used photographs for marketing purposes, purely aesthetic as detailed in our Terms & Conditions. No personal information is disclosed in the photographs, including location.
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
o If a personal data breach has taken place, we implement the following procedure:
o Identify leak
o Isolate and secure the data
o Contact relevant and affected parties
o Analyse how leak occurred to prevent a future data breach.
Data Protection by Design and Data Protection Impact Assessments
You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.
Guidance Notes for PIAS and Article 29 Working Party have been read and understood by the Data Protection Officer. Digital copies are also readily available for staff members.
Data Protection Officers
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.
Nicholas Kirk, Director of Epic Integration, Data Protection Officer for the Company.