Essiell takes the protection of your personal information seriously. We conduct our business in compliance with the UK General Data Protection Regulation (UK GDPR) and all other applicable laws on privacy, data protection and data security. When you entrust us with your personal data (meaning any personal information in relation to an identified or identifiable individual) we will apply the necessary technical and organisational measures and safeguards to ensure that your information is kept private and secure.
- Data Subjects
- a visitor to our site;
- contacting us;
- a prospective employees; and/or
- an existing or former supplier, contractor, or client.
- Collected personal information
Under data protection law, we can only use your personal information if we have a lawful reason for doing so. This may be:•
- where you have given consent;
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
We may collect the following personal information where we have a lawful reason for doing so:
- full name and title;
- contact details including address, telephone, email, LinkedIn details;
- job title and company name and address;
- device identifier information (e.g. unique IP address), browser plug in type and version;
- identification information;
- other personal information relevant to your application or enquiry.
- How we use personal information:
Visitors to our site
When you visit our site we use a third party service provider to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is processed in a way which does not identify anyone and we do not make, and do not allow the third party to make, any attempt to find out the identity of those visiting our site.
We also use a third party service provider to maintain the security and performance of our site. To do this it may process the IP addresses of visitors to our site.
People who contact us by email
When you contact us we will use such personally identifiable information as is necessary to respond to your enquiry. This information will be retained for no longer than is necessary for the purposes for which the personal information was collected and will not be shared with any third parties without your express consent unless we are required to do so by applicable laws or regulations or unless there is another lawful basis for doing so. We will update your information whenever we can to keep it current, accurate and complete.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please ensure that any email you send does not contain any illegal, offensive or dangerous content.
Suppliers, contractors and clients
- relationship management and file opening procedures (including security and verification checks);
- administrative purposes;
- to facilitate the supply of goods and/or services under a contract;
- to carry out assessments of technical and organisational measures and other security measures relating to a contract;
- to comply with our contractual obligations and our legal and regulatory obligations;
- to conduct performance management and audits; and
- to deal with enquiries.
This information will be held by us for as long as our contract with you persists. In some circumstances, such as to meet our legal or regulatory obligations, resolve disputes, prevent fraud and abuse, or enforce the terms and conditions of our contract with you, we may hold on to your personal information after the contract has ended.
If you have opted in to receive marketing information from us via our site, or where you are an existing or former client of Essiell then we may use your personal information in order to send to you marketing materials or to make you aware of any new services, events or initiatives offered by us which we think may be of interest. We may also use your personal information in order to obtain your feedback in relation to our events or services. In most cases, our lawful ground for processing your personal information for these marketing purposes is that it is in our legitimate business interest to do so in order to promote our business. For certain other marketing purposes we will strive to obtain your consent if we intend to use your personal information and in such circumstances our lawful ground for processing your personal information will be based on your consent for us to do so. Where we have your consent, we may use personal information that you have either provided to us directly or personal information that we have collected regarding your use of our site and services, either alone or in combination with personal information that we have received about you from third parties. Where we use personal information about you from such third parties for marketing purposes, we use it on the basis that the third party has obtained your consent to such disclosure and use. If at any time you decide that you no longer wish to receive marketing information or other communications from us or if you would like to amend your marketing preferences then please follow the “unsubscribe” link found at the foot of any email communications we have sent to you or contact us. We may ask you to confirm or update your marketing preferences.
- Where your personal data is held
Your personal data may be held at our secure storage facility in Brighton, England and/or stored in the UK by our third party cloud storage provider, Amazon Web Services EMEA SARL (“AWS”).
- Queries or Complaints
We are happy to provide any additional information or answer any queries. Please provide as much detail as possible and we will endeavour to resolve your query. Where we receive your query we will only use the information you have supplied to us for the purpose of dealing with your query.
If you wish to make a complaint then we will make up an electronic file containing the details of your complaint. The file will contain a record or your identity and the identity of any other individuals involved in the complaint. We will only use the personal information which is collected to process the complaint and to check on the level of service we provide. We may disclose your identity to whoever the complaint is about. If you do not want information identifying you to be disclosed then we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. Unless there is a specific legal requirement to keep your personal information, we will retain personal information relating to your complaint for no longer than is necessary for the purpose for which it was collected or for which it is to be further processed. You also have the right to lodge a complaint with your relevant regulatory authority regarding the use of your personal information. In the UK this is the Information Commissioner’s Office.
- Your rights to your information
The following rights are available to you (depending on how we have collected your personal information):
- right to be informed about what we do with your personal information;
- right to access to your personal information;
- right to correct your personal information;
- right to object to, or restrict, the use of your personal information;
- right to delete your personal information;
- right to stop receiving direct marketing messages from us;
- right to portability of your personal information; and
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights. You can find out if we hold any of your personal information by making a ‘subject access request’ by email (details on our Contacts page) and if we hold information about you then we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to;
- let you have a copy of the information in an intelligible form..
Provided you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If the information we hold is inaccurate or if you would like us to remove and delete any personal information then please let us know.
Where we hold your personal information based on your express consent then you have the right to withdraw your consent at any time.
- Data Protection Registration
Details of our data protection registration with the Information Commissioner’s Office can be found here.
- Keeping your personal information secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
- Disclosure of your personal information
We may share your personal information with a third party if required to do so by applicable laws, court orders or regulations. Our lawful basis for processing your information for this purpose is because such processing is necessary for us to comply with legal obligations we are subject to. We may also share your personal information with third parties in order to help us to: perform a contract you have with us; support us in dealing with a request or enquiry we receive from you; and assist us in processing a job application we receive from you. When we do so, these third parties are required to act in accordance with our instructions and they must meet the requirements of applicable data protection legislation when processing your personal information. Our lawful basis for processing your personal information for such purposes is because it is in our legitimate business interests to do so.
- Data transfers overseas
In the event your personal information is required to be transferred to third party data processors located in countries outside of the UK then we will only transfer your personal information to those third parties where we are sure that we can protect your privacy and your rights. Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK where:
- the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects (the safeguards will usually include using legally-approved standard data protection contract clauses); or
- In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law. For example, where:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks;
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims.
And we may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your own interests, rights and freedoms.
- Contact Us