New legislation introduced namely the General Data Protection Regulations (GDPR) came into force on 25 May 2018. The regulations are intended to ensure that data is controlled, and the sharing of data is regulated. The nature of our business is that ALL the information we hold is and has always been treated as highly confidential consequently we do not share data with other parties accept as specifically instructed by clients. This will not change. GDPR does afford rights to individuals whose data we might hold placing an obligation under the legislation for us to provide information to those applying for data to provide it to them. To protect client confidentiality, we have adopted a policy not to keep investigation data beyond the conclusion of investigations. In this policy we will state how we will erase all but current ongoing investigation data except that required for accounting purposes which we have constructed to keep to the absolute minimum required information. The principal is simple if we do not store the data we cannot share it, or have it breached in anyway. This change of policy fulfils the requirement of law and ensures that increased rights of individuals to data held do not breach client confidentiality.
Who we are
Protecting Your Personal Data
Your Personal Data isn’t just protected by the quality, commitment and high standards of EPI, it’s also protected by law. The law states that we can only process your Personal Data when there is a genuine reason to do so.
When we have a business or commercial reason to process your Personal Data this is referred to as a legitimate interest. Your Personal Data is still protected, and we must not process it in a way that would be unfair to you or your interests.
If we do use legitimate interests as a reason to process your Personal Data, you have the right to object. However, compelling grounds for processing such information may over-ride your right to object.
How long we keep your Personal Data/Periodic Erasing of Data
Whenever your data is kept by EPI we will ensure that it is appropriately protected and only used for acceptable purposes.
We will keep your data for the period that you are a customer of EPI and unless otherwise instructed by you, on the 1st day of the month after we have completed your instruction we will erase any reports we have provided or any information we have upon you or the subject(s) we are instructed to investigate. We will retain however your name and the subject’s name or company on our daybook spreadsheet for our accounting records.
If you are no longer a client of EPI, we will keep your data for the minimum length of time required to comply with the purposes set out in this policy and relevant legal or regulatory obligations. Your Personal Data may be kept longer if we cannot delete it for technical reasons.
The information and data about you which we may collect, use and process includes the following:
Telephone conversations completed webforms, emails letters, other digital communications such as SMS and WhatsApp, verbally face to face and any other communication method of your choosing.
Where it is reasonable for us to do so and not detrimental to your rights and freedoms, we also collect Personal Data from publicly available sources such as internet searches, Companies House, and broadcast media.
Information we have may have been obtained from information you have chosen to share publicly on social media or otherwise on the internet etc. We have no control over this.
Personal Data we share with others
We will only share data as per the explicit instructions of clients or as required to do so by a requirement of law.
Data Transfer Outside the EEA
We will only transfer your Personal Data outside of the EEA where:
• We have the explicit instruction to do so from clients
• To comply with a legal duty or obligation
If we do transfer your Personal Data outside of the EEA, within EPI, we will take measures to ensure it is protected to the same standards as it would be within the EEA by relying on one of the following:
• The country that is receiving your Personal Data has been found by the European Commission to offer the same level of protection as the EEA. More information can be found on the European Commission Justice website.
• We will use contracts that require the recipient to protect your Personal Data to the same standards as it would be within the EEA
• Where the transfer is to the USA and the recipient is registered with Privacy Shield. Privacy Shield is a framework that ensures Personal Data is protected to a level approved by the EU. Read more about Privacy Shield on the European Commission Justice website.
In some instances, we may be compelled by law to disclose your Personal Data to a third party and may have limited control over how it is protected by that party.
Your rights over your Personal Data
We will assist you if you choose to exercise any of your rights over your Personal Data, including:
• Withdrawing your previously granted consent; however, this will not invalidate any previously consented processing
• Lodging a complaint with any relevant Data Protection Authority
• Access to your Personal Data that we hold or process
• Correction of any Personal Data that is incorrect or out of date
• Erasure of any Personal Data that we process
• Restrict processing of your Personal Data in certain circumstances
• Asking us to provide you or another company you nominate with certain aspects of your Personal Data, often referred to as ‘the right to portability’
• The ability to object to any processing data where we are doing it for our legitimate interests
• The ability to contest a decision made entirely by automated processing, to express your point of view and to request that a human review the decision
- We may update this policy from time to time by publishing a new version on our website.
- You should check this page occasionally to ensure you are happy with any changes to this policy.
Third party websites
- Our website may include hyperlinks to, and details of, third party websites.
- We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Cookies that we use
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
14.2 Blocking all cookies will have a negative impact upon the usability of many websites.
14.3 If you block cookies, you will not be able to use all the features on our website.
Please note that if you block cookies, you may not be able to use all of the features on our website. This may also “break” certain elements of our website and prevent them from functioning correctly for you only.
This policy was last updated on 25 May 2018.