How we use your information
This Privacy Notice tells you what to expect when EACS Limited collects, stores and processes personal information. It applies to information we collect about:
- visitors to our websites;
- complainants and other individuals in relation to a data protection complaint or enquiry;
- people who use our services, e.g. who subscribe to our newsletter or request a publication from us;
- people who notify under the General Data Protection Regulation (GDPR) or UK Data Protection Act (1998);
- job applicants and our current and former employees.
Visitors to our websites
When someone visits www.eacs.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out the number of visitors to parts of the site. This information is only processed in a way which does not identify a person. We do not make, and do not allow Google to make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will ask for your explicit consent first. We will make it clear when we collect personal information and will explain what we intend to do with it inline with our data protection policy
Our search tools do not store any information about a person. It's a jQuery script that indexes the site and does fairly common keyword matching algorithms to give results based on keyword weighting.
Online Ordering tool
Our online ordering portal collects only personal data which is required to enable EACS to process the order. This information is stored and secured separately, and the data retained is reviewed periodically and if no further orders have been made, then the information is deleted and destroyed from the system.
Security and performance
EACS uses a trusted third party service under contract to help maintain the security and performance of the EACS website. To deliver this service it processes the IP addresses of visitors to the EACS website and does not store personal information.
We use WordPress.org, to publish our website, blog, and some of our conference microsites. These sites are hosted by EACS. It does not store any information about a person. It's a jQuery script that indexes the site and does fairly common keyword matching algorithms to give results based on keyword weighting.
People who contact us via social media
We use a third party provider acting as a data processor, Hootsuite to manage our social media interactions.
If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations.
People who call our helpline
We do not automatically collect or save any information when individuals call the EACS's helpline, unless they request further information regarding a particular EACS offering or product.
No call information is captured, recorded or retained.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who use our LiveChat service
We use a third party provider, ZenDesk, to supply and support our LiveChat service, which we use to handle customer enquiries in real time.
If you use the LiveChat service we will collect your name, email address (optional) and the contents of your LiveChat session. This information will be retained for two years and will not be shared with any other organisations.
You can request a transcript of your LiveChat session if you provide your email address at the start of your session or when prompted at the end.
People who make a complaint to us
EACS has a published complaints procedure. When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies a person
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will treat the storage of personal information in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will only be provided to authorised staff.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. We do not identify any complainants unless the details have already been made public.
People who use EACS services
The EACS offers various services to the public. We use a third party organisation to deal with some publication requests, but they are only allowed to use the information provided and do not any store information
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes.
Service providers reporting a breach
Public electronic communications service providers are required by law to report any security breaches involving personal data to EACS.
We provide an online form for this purpose, hosted by Egress. We use the data collected by the form to record the breach, to make decisions about the action we may take, and as relevant in order to carry out those actions. We retain personal information only for as long as necessary to carry out these functions, and in line with our retention schedule. This means that logs and breach reports will be retained for two years from receipt, and longer where this information leads to regulatory action being taken. We retain de-personalised information about organisations for as long as is necessary to help inform future actions, but no individuals are identifiable from that data.
The EACS and Egress have measures in place to ensure the security of data collected and transferred to the EACS via this form. Egress is a data processor for the EACS and only processes personal information in line with our instructions.
Job applicants, current and former EACS employees
When individuals apply to work at EACS, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with the EACS, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with EACS has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Complaints or queries
EACS tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Access to personal information
EACS tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the General Data Protection Regulation. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to the EACS for any personal information we may hold you need to put the request in writing addressing it to the Data Protection Officer, or writing to the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Data Protection Officer.
Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies. Further information is available in our Information Charter about the factors we shall consider when deciding whether information should be disclosed.
You can also get further information on:
- agreements we have with other organisations for sharing information;
- circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymized statistics;
- our instructions to staff on how to collect, use and delete personal data; and
- how we check that the information we hold is accurate and up to date.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 31 October 2017.
How to contact us
Data Protection Officer
Unit 7 Ramsay Court
Hinchingbrook Business Park
Email Address: email@example.com