Data Protection and Privacy Policy Summary

Data Protection and Privacy Policy Summary
EPPH Ltd is registered under the data protection act with the information commissioner’s office

(ICO) under registration reference: A8297567


Scope

EPPH Ltd retains certain information about its employees, customers, suppliers and other users to

allow it to monitor performance, achievements, health and safety and to comply with manufacturer

warranties. It applies to all data that the company relating to identifiable individuals, even if that

information falls outside the Data Protection Act 1998


To be compliant with GDPR, information is collected lawfully and used fairly, stored safely and not

disclosed to any other person unlawfully, to do this, the company complies with the Data Protection

Principles, which are set out in the Data Protection Act 1998.


Principles

EPPH Ltd, as far as, reasonably practicable complies with the Data Protection Principles contained in

the Data Protection Act to ensure all data is:


.Fairly and lawfully processed

.Processed for a lawful purpose

.Adequate, relevant and not excessive

.Accurate and up to date

.Held for any no longer than is absolutely necessary

.Processed in accordance with the rights of the data subject

.Protected in the appropriate way

.Not transferred to any other countries without adequate protection and consent

Sensitive Personal Data
EPPH Ltd ensures there is stronger legal protection for more sensitive information such as:


.Ethnic background

.Political opinions

.Religious beliefs

.Health

.Sexual health

.Gender

.Criminal records


Responsibilities

All staff who work for or with EPPH have responsibility for ensuring data is collected, stored and
handled in a safe secure and appropriate manner.

Data Protection Officer

GDPR & Privacy Summary 2.0
March 2020

EPPH Ltd has appointed the Finance Director as the Data Protection Officer dpo@epph.co.uk who will
endeavour to ensure all personal data is processed in compliance with the GDPR and the Data

Protection Act 1998


Why we need to store your Personal Data

In order to meet our legal requirements relating to the Sale of Goods Act and Government

Institutions such as HMRC and to allow us to provide the service, it is necessary to store basic

customer personal information. This information may also be required in order for EPPH Ltd to

provide extended warranties on these products and services or if a warranty or repair is to be

registered by us with a supplier.


Data Storage

Data stored electronically must be protected from unauthorised access, accidental deletion and

malicious hacking attempts. We are committed to protecting all Personal Data we collect and use. To

that end, we take all reasonable precautions to prevent the loss, misuse or alteration of your

Personal Data held within our data repositories. We use SSL encryption technology wherever

payments are made. Our data repositories are only one element in the internet communication

chain. With this is mind, please ensure you access our Websites from a trusted browser/computer

(we do not advise using shared browsers/computers for order or payment processing). You should

ensure your device has sufficient antivirus or malware protection. You are responsible for keeping

your password confidential. We will not ask you for your password and please ensure any password

you use is unique to our websites only. Questions about the storage of data can be directed to the

Data Governance team.


Data Accuracy

EPPH Ltd takes all reasonable steps to ensure data is kept accurate and up to date. The more

important it is that the personal data is accurate, the greater the effort staff must put in to ensure its

accuracy.


Right of access

Data subjects have the right of access to information held by EPPH Ltd, if an individual contacts the

company requesting this information, this is called “Subject Access Request”.

Subject access request from individuals should be made by email, addressed to the Data Governance

team via
dpo@epph.co.uk and are each charged at £10+vat (the fee must be paid prior to any
Subject Access Request being carried out.


The disclosure of data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to

government and law enforcement agencies without the consent of the data subject.


Providing information

EPPH Ltd aims to ensure that individuals are aware that their data is being processed. EPPH Ltd will

not give, sell, share or trade any Personal Data to any party outside of EPPH Ltd except as outlined in

this Policy or with appropriate consent. We may disclose or share Personal Data to a third party in

the following limited circumstances:


GDPR & Privacy Summary 2.0
March 2020

.to comply with the terms of trading, policies or other contractual requirements of EPPH Ltd
where we believe that the disclosure is necessary to establish the threat of and prevent or

respond to fraud, defend our Websites or infrastructure against possible attacks or protect
the property and safety of EPPH Ltd, our Customers, Suppliers or the public


to the extent that we are required to do so by law or in connection with any legal
proceedings or prospective legal proceedings


in connection with any potential sale, transfer, merger, consolidation or other transaction
involving all or part of EPPH Ltd or its holding companies


where required, provide our vendor partners or suppliers (or their authorised data partners)
with information which may contain Personal Data confirming the recipient and delivery
address for statistical sell out analysis or for the registering of extended or enhanced
warranties (where applicable)


to companies that provide services that help us with our business activities including but not
limited to processing customer payments, logistics and repairs


to companies that work with us to provide a product or service necessary to meet a
customer’s enquiry or requirement


Website Data

By visiting any of our Websites, we may collect anonymous information (via cookies) about your

computer and your visits to our Websites such as your IP address, geographical location, browser

type, referral source, length of visit and number of page views. We may use this information in the

administration of our Websites or to improve the website’s usability. This information may be

recorded by a third party on our behalf.


If you register or create an account directly on any of our Websites or via a third party procurement

system (usually in preparation to purchase from us), we may collect and store some basic personal

information mainly (but not limited to) your name, address, email, company or institution and

telephone number to allow us to fulfil our obligations to you when processing an order.


Marketing to you

We may send you marketing communications relating to our business which we think may be of

interest to you (providing you have opted in to receive such information or not opted out or

unsubscribed if you have previously had a contractual relationship with us by purchasing a product

or service). If you are a business (nonconsumer) contact working for a business or institution who

we have had a previous contractual history with, or again as a nonconsumer contact you have been

referred to us by one of our suppliers or vendors following your enquiry to them, we may add your

contact information to our business CRM system. We will, however, ask you to opt into receiving

marketing communication before sending any marketing information to you.


This policy summarises the main EPPH Ltd Data Protection policy written in compliance to GDPR and
the Data Protection Act 1998 and is reviewed on a regular basis by Senior Management. You should

revisit this page occasionally to ensure you are happy with any changes.

 

 

 

Shopping Basket