GDPR AND OUR PRIVACY POLICY
1. Purpose of this Notice
This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act [1998 or 2018] and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
2. About Us
Exiom Technologies is an independent ERP systems consultancy. We are situated and registered at 1st Floor, 3 Hobbs House, Harrovian Business Village, Bessborough Road, Harrow, HA1 3EX.
For purpose of Data Protection Legislation and this notice, we are the ‘data controller’. This means we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
3. How we may collect your Personal Data?
We do not seek to collect information from any individuals directly or indirectly who are not employed by us.
We obtain personal data about you when you contact us via email in the form of a CV, telephone query about our services or job opportunities, or from a third party, for example recruitment agencies.
4. What Information we hold About You
The information we hold about you may include the following:
- Your personal details, such as your name, address, telephone number, email and other information to comply with legal requirement.
- Details of any services you have received from us.
- Our correspondence and communications with you.
- Information we receive from other sources, such as a CV directly or via recruitment agencies.
5. How we use Personal Data we hold About You
Your privacy is very important to us. We therefore never share your personal data to any third-party without your consent and you are free to withdraw this at any time.
We need to obtain and process your personal data for legal purposes or to respond to any enquiry you make regarding our services or apply for a job.
We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice.
Where we request sensitive personal data from you, the reason(s) for the request will be clearly given along with the purposes of the processing
Situations in which we will use your personal data
We may process your personal data for purposes necessary for the performance of our contract with (you and our client and to comply with our legal obligations). This may include processing your personal data where you are an employee, subcontractor or customer of our client.
We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.
Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
If you refuse consent to provide information we request from you, would mean we are unable to perform the contract we have entered with you. Additionally, we may also be unable to comply with our legal or regulatory obligations.
6. Data Retention
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- The requirements of our business and the services provided.
- Any statutory or legal obligations.
- The purposes for which we originally collected the personal data.
- The lawful grounds on which we based our processing.
- The types of personal data we have collected.
- The amount and categories of your personal data.
Change of purpose
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
Should you wish to remove your CV from our records please contact us at the address below.
7. Data Sharing
Why might you share my personal data with third parties?
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
Which third-party service providers process my personal data?
“Third parties” includes third-party service providers such as bank services and accountants.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may share your personal data with other third parties, for example with a regulator or to otherwise comply with the law.
8. Rights of Access, Correction, Erasure, and Restriction
Under certain circumstances, by law you have the right to:
- Request access to your personal data. We will provide you with personal data we hold about you.
- Request to update, change or restrict the processing of your personal information. Under due diligence you must inform us of any changes to your personal information (e.g. change in address) in order for us to keep records up to date.
- Request erasure of your personal data. This allows you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Any information that you have provided consent to retain by us, will be kept securely until the necessary retention period and only accessed by a member of the Data Policy Team, however, you have the right to withdraw consent at any given time and we will delete this data.
If you want to exercise any of the above rights, please contact Data Policy Team.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
9. Data Security
We have put in place reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Only authorised persons will have access to this data.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
10. Changes to our Privacy Policy
Any changes we may make to our privacy policies in the future will be updated and available to view on our website www.exiom.co.uk.
11. Contact
If you have any questions regarding this notice, or raise a complaint or you would like to speak to us about how we have handle your data please contact:
Data Policy Team
Exiom Technologies Ltd
1st Floor, 3 Hobbs House
Harrovian Business Village
Bessborough Road
Harrow HA1 3EX
Email: info@exiomtechnologies.com