Privacy Policy

AIM

E2E aims to ensure that all Personal and Special Category Data that is provided to us is stored and processed in accordance with the 2018 UK Data Protection Act with GDPR (DPA).

This applies to all data, regardless of whether it is in paper or electronic format.

LEGISLATION AND GUIDANCE

This Data Privacy Notice meets the requirements of the DPA, and is based on guidance published by the Information Commissioner’s Office.

ROLES AND RESPONSIBILITIES

The Directors have overall responsibility for ensuring that E2E complies with its obligations. Day-to-day responsibilities rest our Data Protection Officer and they ensure that all staff are aware of their data protection obligations, and oversee any queries related to the storing or processing of personal data.

DEFINITIONS

Term	Definition
Personal data	Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified
Special Category Data	Data such as: Racial or ethnic origin Political opinions Religious or philosophical beliefs, or beliefs of a similar nature Where a person is a member of a trade union Sex life Sexual orientation Genetic data Biometric data Whether a person has committed, or is alleged to have committed, an offence Physical and mental health This does not include personal data about criminal allegations, proceedings or convictions, as separate rules apply
Processing	Obtaining, recording or holding data
Data subject	The person whose personal data is held or processed
Data Controller	A person or organisation that determines the purposes for which, and the manner in which, personal data is processed
Data Processor	A person, other than an employee of the Data Controller, who processes the data on behalf of the Data Controller

DATA PROTECTION

Principles

Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes (‘purpose limitation’)
Adequate, relevant and limited to what is necessary
Accurate and, where necessary, kept up to date
Kept in a form which permits identification of data subjects for no longer than is necessary
Processed in a manner that ensures appropriate security of the personal data

Your Rights

Your right of access – you have the right to ask us for copies of your personal information
Your right to rectification – you have the right to ask us to rectify personal information you think is You also have the right to ask us to complete information you think is incomplete
Your right to erasure – you have the right to ask us to erase your personal information in certain circumstances
Your right to restriction of processing – you have the right to ask us to restrict the processing of your personal information in certain circumstances
Your right to object to processing – you have the right to object to the processing of your personal information in certain circumstances
Your right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at dpo@e2e-integration.co.uk if you wish to make a request.

PRIVACY/FAIR PROCESSING

We hold Personal Data about our clients and our third-party strategic partners so that we can deliver our products and services. We may, from time to time, access our clients systems as part of our services. Our access for fixing IT issues does not involve the processing of data. We, and, occasionally, our 3rd party strategic partners, may be able to see the data that our clients hold. Our DPO and Data Redaction service will include the processing of our clients data and may use fully compliant 3rd party software. The Data Controller/Data Processor information and agreement is provided within the contract between ourselves and our clients. From our clients we collect:

Contact details
Address
Billing information

From general enquiries we collect:

Contact information

We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.

We may share contact information with our third-party strategic partners to support the provision of our services.

The lawful basis for the processing is contractual (clients) and legitimate interest (enquiries).

USE OF CONSULTANTS AND THIRD-PARTY PROCESSORS

E2E may engage consultants or third-party service providers (“Processors”) to carry out specific data processing activities on its behalf. Such parties shall:

Process personal data only on documented instructions from E2E;
Be bound by written contractual terms ensuring confidentiality and compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018;
Implement appropriate technical and organisational measures to safeguard the data against unauthorised or unlawful processing and against accidental loss, destruction, or damage;
Permit E2E to conduct or request audits, inspections, or evidence of compliance where appropriate; and
Immediately inform E2E if any instruction appears to infringe applicable data protection legislation.

E2E will ensure that only processors providing sufficient guarantees to meet the requirements of UK data protection law are appointed to process data on its behalf.

DATA STORAGE AND SECURITY

Paper based records, digital records and portable electronic devices, such as laptops and hard drives that contain personal information all comply to the DPA and are regularly assessed by our DPO. Destruction and archiving of Personal Data procedures are also aligned to the DPA.

HOW TO MAKE A COMPLAINT

If you feel that we have mishandled your or your Personal and/or Special Category data at any time you can make a complaint to our DPO by emailing dpo@e2e-integration.co.uk or by or phoning 01244 261379.

Alternatively you can contact the Information Commissioner’s Office by visiting their website (https://ico.org.uk/make-a-complaint/) or by calling their helpline on telephone: 0303 123 1113. Please note that the ICO expects an individual to address any complaints with us before contacting them.

AIM