Our Contact Information
Emrys Technology & Consultancy
erika@emrys.group
+44 20 3062 7514
https://emrys.group/
Company number: 14341811.
1. Introduction
Emrys Technology & Consultancy is committed to protecting the privacy and security of personal data. This Data Protection and UK GDPR Policy outlines our approach to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and other relevant data protection legislation.
2. Policy Statement
We are committed to:
- Ensuring the lawful, fair, and transparent processing of personal data.
- Protecting personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
- Upholding the rights of individuals whose personal data we process.
3. Scope
This policy applies to all employees, contractors, and third parties who process personal data on behalf of Emrys Technology & Consultancy. It covers all personal data processed by the organisation, regardless of format.
4. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on personal data, such as collection, storage, use, transfer, or deletion.
- Data Subject: An individual whose personal data is being processed.
- Data Controller: The entity that determines the purposes and means of processing personal data.
- Data Processor: The entity that processes personal data on behalf of the Data Controller.
5. Data Protection Principles
We adhere to the following principles when processing personal data:
5.1. Lawfulness, Fairness, and Transparency
- Process personal data lawfully, fairly, and in a transparent manner.
5.2. Purpose Limitation
- Collect personal data for specified, explicit, and legitimate purposes and not process it further in a manner incompatible with those purposes.
5.3. Data Minimisation
- Ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
5.4. Accuracy
- Take reasonable steps to ensure personal data is accurate and kept up-to-date.
5.5. Storage Limitation
- Keep personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
5.6. Integrity and Confidentiality
- Process personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
5.7. Accountability
- Be responsible for, and be able to demonstrate compliance with these principles.
6. The Type of Personal Information We Collect
We may collect, use, store or transfer different kinds of personal data about you when you use our website or when you receive services or communication from us.
We have categorised the different kinds of personal data as follows:
- Identity Data includes your first name and last name.
- Photographic images.
- Contact Data means the data we use to contact you including your billing address, email address and mobile number.
- Financial Data means the payment method and card association used to process your payments for your services. We do not process financial transactions, which are handled by the payment services providers, banks or financial institutions that we use.
- Communication Data means details about communication you have made on our website including any information or other details you have provided in relation to the services you may purchase or request from us.
- Testimonials or client feedback that we will use to improve service quality.
- Technical Data means details about the device(s) you use to access our website including your internet protocol (IP) / MAC address, browser type and version, location, browser plugin types and versions, referrer URL, hostname of the accessing computer, operating system and platform and other technology on the device(s) you use to access this website. This information will not be combined with data from other sources and we do not share such information with third parties other than service providers that we retain to support the site’s operation.
- Social Media means that for your convenience this site may contain hyperlinks to other websites that are not under our control, including Facebook, YouTube and LinkedIn.
- Usage Data includes information about how you use our website, products and services. This includes your browsing patterns and information such as how long you might spend on one of our webpages and what you look at on our website, the page that referred you to our site and the click stream during your visit to our website, page response times and page interaction information (clicks you make on a page).
- Profile Data includes your username (email address), name and any details you share in the message fields or text boxes on this website.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences. We only use your data to provide you with the services you have requested or purchased. We do not use your data for any other purpose.
7. How We Get the Personal Information and Why We Have It
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- Direct interactions: by using our website, filling in forms or by corresponding and communicating directly with us by post, phone, email, in person or otherwise.
- Automated technologies or interactions: as you interact with us, we may automatically collect usage data and technical data about your equipment, browsing actions and patterns.
We use the information in order to:
- Respond to your enquiries.
- Provide you with IT consulting and other related technology services.
- Provide the services offered on the website.
- Send you marketing communication.
8. Lawful Basis for Processing
We will identify and document the lawful basis for processing personal data before any processing activities. These may include:
- Consent: The data subject has given clear consent for the processing of their personal data for a specific purpose.
- Contract: The processing is necessary for a contract with the data subject or to take steps at their request before entering into a contract.
- Legal Obligation: The processing is necessary for compliance with a legal obligation.
- Legitimate Interests: The processing is necessary for the legitimate interests of Emrys Technology & Consultancy or a third party, provided the interests and fundamental rights of the data subject do not override those interests.
9. Rights of Data Subjects
We respect and uphold the rights of data subjects under the UK GDPR, including:
9.1. Right to be Informed
- Provide clear and transparent information about how personal data is collected, used, and processed.
9.2. Right of Access
- Allow data subjects to access their personal data and obtain information about how it is being processed.
9.3. Right to Rectification
- Correct inaccurate or incomplete personal data upon request.
9.4. Right to Erasure (Right to be Forgotten)
- Delete personal data upon request, subject to certain conditions.
9.5. Right to Restrict Processing
- Restrict the processing of personal data in certain circumstances.
9.6. Right to Data Portability
- Provide personal data in a structured, commonly used, and machine-readable format and transfer it to another data controller upon request.
9.7. Right to Object
- Allow data subjects to object to the processing of their personal data in certain circumstances.
9.8. Rights Related to Automated Decision-Making and Profiling
- Ensure safeguards are in place for processing involving automated decision-making and profiling.
You would not usually be required to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
10. Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data.
- Regular testing, assessment, and evaluation of the effectiveness of security measures.
- Ensuring the confidentiality, integrity, and availability of processing systems and services.
11. Data Breach Management
In the event of a data breach, we will:
- Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach is likely to result in a risk to the rights and freedoms of individuals.
- Communicate the breach to affected data subjects without undue delay if it is likely to result in a high risk to their rights and freedoms.
- Document all data breaches, regardless of their impact.
12. Data Protection Impact Assessments (DPIAs)
We will conduct DPIAs for processing activities that are likely to result in a high risk to the rights and freedoms of individuals. This includes:
- Describing the nature, scope, context, and purposes of the processing.
- Assessing the necessity, proportionality, and compliance measures.
- Identifying and assessing risks to individuals.
- Identifying measures to mitigate those risks.
13. Training and Awareness
We will provide regular training and awareness programs to ensure that all employees understand their responsibilities under the UK GDPR and this policy.
14. Third-Party Processors
We will ensure that third-party processors are compliant with data protection requirements by:
- Conducting due diligence prior to engaging third-party processors.
- Entering into data processing agreements that stipulate the processor’s obligations and responsibilities.
- Monitoring the processor’s compliance with data protection obligations.
15. International Data Transfers
We will ensure that personal data transferred outside the UK is protected by appropriate safeguards, including:
- Standard contractual clauses approved by the ICO or European Commission.
- Binding corporate rules.
- Adequacy decisions by the European Commission.
16. About cookies
Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date.
A session cookie will expire at the end of the user session, when the web browser is closed.
This site uses cookies.
17. Links to Other Websites
This website may contain links to other websites that are not operated by us. If you click any of these links, you will leave our website. We are not responsible for the content of any third-party sites, and we strongly advise you to read the privacy notice of any third-party sites that you visit.
18. Monitoring and Review
We will regularly monitor compliance with this policy and review it annually to ensure it remains effective and aligned with current data protection laws and best practices.
19. How to Complain
If you have any concerns about our use of your personal data under the UK Data Protection Act 2018 or GDPR, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s contact details are as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Approval and Implementation
This policy has been approved by Dr Erika Szita-Szegedi, Chief of Legal Officer, on 23/07/2024, and is effective immediately.
Signed:
Dr Erika Szita-Szegedi
Chief of Legal Officer
23/07/2024