New legislation introduced namely the General Data Protection Regulations (GDPR) came into force on 25 May 2018. The regulations are intended to ensure that data is controlled, and the sharing of data is regulated. The nature of our business is that ALL the information we hold is and has always been treated as highly confidential consequently we do not share data with other parties accept as specifically instructed by clients. This will not change. GDPR does afford rights to individuals whose data we might hold placing an obligation under the legislation for us to provide information to those applying for data to provide it to them. To protect client confidentiality, we have adopted a policy not to keep investigation data beyond the conclusion of investigations. In this policy we will state how we will erase all but current ongoing investigation data except that required for accounting purposes which we have constructed to keep to the absolute minimum required information. The principal is simple if we do not store the data we cannot share it, or have it breached in anyway. This change of policy fulfils the requirement of law and ensures that increased rights of individuals to data held do not breach client confidentiality.
Who we are
If you have any concerns, or would like more detail about how we process your Personal Data, you can contact us using firstname.lastname@example.org
Protecting Your Personal Data
Your Personal Data isn’t just protected by the quality, commitment and high standards of EPI, it’s also protected by law. The law states that we can only process your Personal Data when there is a genuine reason to do so.
When we have a business or commercial reason to process your Personal Data this is referred to as a legitimate interest. Your Personal Data is still protected, and we must not process it in a way that would be unfair to you or your interests.
If we do use legitimate interests as a reason to process your Personal Data, you have the right to object. However, compelling grounds for processing such information may over-ride your right to object.
How long we keep your Personal Data/Periodic Erasing of Data
Whenever your data is kept by EPI we will ensure that it is appropriately protected and only used for acceptable purposes.
We will keep your data for the period that you are a customer of EPI and unless otherwise instructed by you, on the 1st day of the month after we have completed your instruction we will erase any reports we have provided or any information we have upon you or the subject(s) we are instructed to investigate. We will retain however your name and the subject’s name or company on our daybook spreadsheet for our accounting records.
If you are no longer a client of EPI, we will keep your data for the minimum length of time required to comply with the purposes set out in this policy and relevant legal or regulatory obligations. Your Personal Data may be kept longer if we cannot delete it for technical reasons.
The information and data about you which we may collect, use and process includes the following:
Telephone conversations completed webforms, emails letters, other digital communications such as SMS and WhatsApp, verbally face to face and any other communication method of your choosing.
Where it is reasonable for us to do so and not detrimental to your rights and freedoms, we also collect Personal Data from publicly available sources such as internet searches, Companies House, and broadcast media.
Information we have may have been obtained from information you have chosen to share publicly on social media or otherwise on the internet etc. We have no control over this.
Personal Data we share with others
We will only share data as per the explicit instructions of clients or as required to do so by a requirement of law.
Data Transfer Outside the EEA
We will only transfer your Personal Data outside of the EEA where:
If we do transfer your Personal Data outside of the EEA, within EPI, we will take measures to ensure it is protected to the same standards as it would be within the EEA by relying on one of the following:
In some instances, we may be compelled by law to disclose your Personal Data to a third party and may have limited control over how it is protected by that party.
Your rights over your Personal Data
We will assist you if you choose to exercise any of your rights over your Personal Data, including:
For more information on these rights you can contact email@example.com
Third party websites
Cookies that we use
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
14.2 Blocking all cookies will have a negative impact upon the usability of many websites.
14.3 If you block cookies, you will not be able to use all the features on our website.
Please note that if you block cookies, you may not be able to use all of the features on our website. This may also “break” certain elements of our website and prevent them from functioning correctly for you only.