GDPR AND OUR PRIVACY POLICY

1. Purpose of this Notice

This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act [1998 or 2018] and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).

2. About Us

Exiom Technologies is an independent ERP systems consultancy. We are situated and registered at 1st Floor, 3 Hobbs House, Harrovian Business Village, Bessborough Road, Harrow, HA1 3EX.

For purpose of Data Protection Legislation and this notice, we are the ‘data controller’. This means we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.

3. How we may collect your Personal Data?

We do not seek to collect information from any individuals directly or indirectly who are not employed by us.

We obtain personal data about you when you contact us via email in the form of a CV, telephone query about our services or job opportunities, or from a third party, for example recruitment agencies.

4. What Information we hold About You

The information we hold about you may include the following:

  • Your personal details, such as your name, address, telephone number, email and other information to comply with legal requirement.
  • Details of any services you have received from us.
  • Our correspondence and communications with you.
  • Information we receive from other sources, such as a CV directly or via recruitment agencies.

5. How we use Personal Data we hold About You

Your privacy is very important to us. We therefore never share your personal data to any third-party without your consent and you are free to withdraw this at any time.

We need to obtain and process your personal data for legal purposes or to respond to any enquiry you make regarding our services or apply for a job.

We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice.

Where we request sensitive personal data from you, the reason(s) for the request will be clearly given along with the purposes of the processing

Situations in which we will use your personal data

We may process your personal data for purposes necessary for the performance of our contract with (you and our client and to comply with our legal obligations). This may include processing your personal data where you are an employee, subcontractor or customer of our client.

We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

If you refuse consent to provide information we request from you, would mean we are unable to perform the contract we have entered with you. Additionally, we may also be unable to comply with our legal or regulatory obligations.

6. Data Retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • The requirements of our business and the services provided.
  • Any statutory or legal obligations.
  • The purposes for which we originally collected the personal data.
  • The lawful grounds on which we based our processing.
  • The types of personal data we have collected.
  • The amount and categories of your personal data.

Change of purpose

Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.

Should you wish to remove your CV from our records please contact us at the address below.

7. Data Sharing


Why might you share my personal data with third parties?

We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

Which third-party service providers process my personal data?

“Third parties” includes third-party service providers such as bank services and accountants.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal data with other third parties, for example with a regulator or to otherwise comply with the law.

8. Rights of Access, Correction, Erasure, and Restriction

Under certain circumstances, by law you have the right to:

  • Request access to your personal data. We will provide you with personal data we hold about you.
  • Request to update, change or restrict the processing of your personal information. Under due diligence you must inform us of any changes to your personal information (e.g. change in address) in order for us to keep records up to date.
  • Request erasure of your personal data. This allows you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

Any information that you have provided consent to retain by us, will be kept securely until the necessary retention period and only accessed by a member of the Data Policy Team, however, you have the right to withdraw consent at any given time and we will delete this data.

If you want to exercise any of the above rights, please contact Data Policy Team. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

9. Data Security

We have put in place reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Only authorised persons will have access to this data.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

10. Changes to our Privacy Policy

Any changes we may make to our privacy policies in the future will be updated and available to view on our website www.exiom.co.uk.

11. Contact

If you have any questions regarding this notice, or raise a complaint or you would like to speak to us about how we have handle your data please contact:

  Data Policy Team
  Exiom Technologies Ltd
  1st Floor, 3 Hobbs House
  Harrovian Business Village
  Bessborough Road
  Harrow HA1 3EX
  Email: info@exiomtechnologies.com