Effective August 2019
EnOC Technologies Limited (“we”) and members of our group are committed to keeping your personal data safe and to ensuring the integrity and security of any personal data we may process¹. We welcome the introduction of the new European legislation including the General Data Protection Regulation (“GDPR”) which came into force on 25 May 2018, and applicable national acts implementing the GDPR such as the UK Data Protection Act 2018 (or such other UK laws implementing the GDPR in the UK), with the objective of establishing greater protection of personal data and enhancing your rights in respect of your personal data.
We ask you to read this privacy statement very carefully as it contains important information on the way in which we will process your personal data, in particular:
– The personal information we collect about you;
– Our legal bases for processing your personal data;
– What we do with your personal information;
– Who your personal data may be shared with; and
– Your rights as a data subject under the Data Protection regulations.
Personal data includes any information that directly or indirectly identifies an individual. We collect personal data relating to you and your use of our services from a variety of sources, which are detailed below.
We may collect certain personal data, such as personally identifiable information (such as name, date of birth), contact information (such as telephone number, address, email), financial information, employment and education data, information about your health (see below), other information gained during interactions or correspondence with you and, with your explicit consent, sensitive personal data (such as physical or mental health conditions).
We may collect your personal data directly from you, as well as from other parties. This includes personal data where you apply for a joint product or service (e.g. joint accounts) or where you agree to act as a Third Party Authority for a client of ours, as well as from third parties, such as credit reference agencies, fraud prevention agencies, electoral roll, financial advisors, court records of debt judgments and introducers and other publicly available sources.
We will only process your data where we have a legal basis for doing so. We may rely on the following legal bases for collecting and further processing your personal data:
– Contractual necessity e.g. to fulfil our obligations in respect of your account, policy or service;
– Legal or regulatory obligation;
– Legitimate interest; or
We will process your personal data for the following purposes:
– In order to perform our contract with you e.g. to fulfil our obligations in respect of your account, policy or service;
– To the extent necessary for our own legitimate business interests (detailed below); and
– To the extent necessary to comply with a legal obligation e.g. for compliance with legal and regulatory requirements or for the establishment and/or defence of legal rights or for activities relating to the prevention, detection or investigation of crime.
We are required to gain your explicit consent prior to processing any sensitive information about you², for example information about your physical health.
We may use your personal data for our legitimate business interests in order to allow us to provide the best services and customer experience and to ensure our service remains relevant and tailored to your needs. For example, we may rely on our legitimate interest to process your personal data for the following purposes:
– Marketing, relating to products and services compatible with the original purpose for which we originally gained the information;
– To send you company updates, newsletters or other marketing communications;
– To enhance, modify, personalise or otherwise improve our services and communications for your benefit; and
– To determine the effectiveness of promotional campaigns to inform marketing strategy.
Please note you have the right to object to any processing for which we rely on legitimate interest as the legal basis. You can do so by using the contact details set out at the end of this privacy statement.
We share your data with approved third-party providers that have adequate data protection measures in place that align with the requirements of the data protection regulation. For example:
– Members of the Walker Crips Group;
– Professional companies and other persons providing services to us including legal, professional advisers, auditors, tax and accountancy advisers and printing services;
– Credit reference agencies, identity reference agencies and fraud prevention agencies; and
– Government bodies and agencies in the UK e.g. HMRC.
Your data may be shared with organisations outside of the United Kingdom that are subject to appropriate data protection legislation and have adequate data protection safeguards. We do not sell your personal data or other information to any third party.
Access rights: You can request a copy of the personal information we hold about you.
Right to request rectification: We take reasonable steps to keep your information accurate, but you can also ask us to change any information we hold about you to keep it accurate, complete and current.
Right to request erasure (‘to be forgotten’): You have the right to ask us to delete the personal information we hold on you; however, please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it.
Portability: You have the right to request that we send the personal data you provided to us to another data controller in a commonly used electronic format, where technically feasible.³
Right to request restriction: You can request that we restrict our processing of your personal information.
Right to raise an objection to our processing: Where our processing of your information is performed on the basis of ‘legitimate business interests’, then you can request we stop.
Right to complain to a supervisory authority: If you are dissatisfied with our use or management of your personal information, you have the right to complain to an EU Data Protection Supervisory Authority. In the UK, the relevant Data Protection Supervisory Authority is the Information Commissioner's Office (ICO) and you can contact them via their website: www.ico.org.uk
You acknowledge that you must have the authority to provide any third party’s personal data to us and agree to share this data protection statement with such third parties and inform them of the details you have advised us of.
We will regularly review our records to ensure that we do not retain your personal data longer than is necessary, unless there is a legal reason for extended retention.
There are cookies we use that are strictly necessary and essential for the use of our website because you will not be able to complete online activity without them.
We may make changes to this policy from time to time and will post such updates on our website.
EnOC Technologies is a data controller for the purposes specified in this privacy statement. You can contact us directly if you have any questions about this privacy statement or in order to exercise your data subject rights by addressing your questions and requests to firstname.lastname@example.org or by using the details below.
EnOC Technologies Limited
Old Change House
128 Queen Victoria Street
+44 (0) 20 3100 8000
1 Process and processing have very wide meanings under the GDPR. They mean any operation (or set of operations) performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2 Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
3 A data controller determines the purposes and means of processing personal.