You are Here:

  1. Home
  2. >
  3. Our GDPR Policy

Our GDPR Policy

Last modified: 4th April 2018

Eddowes Perry and Osbourne is registered with the information Commissioner’s office 4th April
2008.

Our procedures covering the storage and disclosure of your information are designed to comply
with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR).

 

Our Privacy Principles

Eddowes Perry and Osbourne is committed to safeguarding the privacy of your information. By
‘your information’ we mean any information about you that you or third parties provide to us.

• We will only collect and use your information where we have lawful grounds and legitimate
business reasons to do so.

• We will be transparent in our dealings with you and will tell you about how we will collect
and use your information.

• If we have collected your information for a particular purpose, we will not use it for
anything else unless you have been informed and, where relevant, your permission
obtained.

• We will not ask for more information than we need for the purposes for which we are
collecting it.

• We will continue to review and assess the quality of our information.

• We will implement and adhere to information retention policies relating to your
information, and will ensure that your information is securely disposed of at the end of the
appropriate retention period.

• We will observe the rights granted to you under applicable privacy and data protection
laws, and will ensure that queries relating to privacy issues are promptly and transparently
dealt with.

• We will train our staff on their privacy obligations.

• We will ensure we have appropriate physical and technological security measures to
protect your information regardless of where it’s held.

• Our IT is secured by using Eset Endpoint Encrytion Professional

• Simple and powerful encryption for organizations of all sizes

• Safely encrypt hard drives, removable media, files and email

• FIPS 140-2 Validation 256 bit AES encrypton for assured security

• Hybrid-cloud based management server for full remote control of endpoint encryption keys
and security policy

• Also supports Microsoft Windows 10 including UEFI and GPT

• Covers a large proportion of GDPR regulation.

• The GDPR: ESET Endpoint Encryption makes encryption of data on hard drives, portable
devices and sent via email easy, helping Eddowes Perry and Osbourne to comply with the
GDPR.

 

The categories of data we process

• Personal details.

• Family details if needed in certain cases.

• Employment in certain cases.

• We also process sensitive classes of information that may include physical or mental health
details; racial or ethnic origin; religious or other beliefs.

 

Data we collect

In order to provide our full range of services, we may collect the following types of information:

• Your communication preferences, to help us provide tailored and relevant communications.

 

How we process data

• Make data about a client regarding I.D checks to comply with anti-money laundering
regulations.

• We may need to process data to disclose to banks or building society’s.

• We will not inform to any third party that a client is on holiday we will refer to this by
informing third parties that they will be unavailable until. However we will not be
responsible for any third parties revealing that a client is on holiday.

 

The basis on which data is processed

Our customers are responsible for ensuring they have the necessary measures in place before they
transfer data to us. If at any time they feel a breach of data from another other party they must
inform us as soon as possible if this is not reported to us we can take no responsibility whatsoever.

 

Disclosure of your information

We will not share, sell or distribute any of the information you provide to us without your consent,
except where disclosure is:

• Necessary to enforce our rights, under our Terms and Conditions.

• Necessary to enforce our rights under any other Terms and Conditions.

• Required or permitted by law.

Specifically:

Sub-processors – Eddowes Perry and Osbourne will not sub-contract any processing to
third parties without the clients written consent.

Cross-border transfers – Eddowes Perry and Osbourne does not transfer data outside
the European Economic Area (EEA).

If Eddowes Perry and Osbourne becomes involved in a merger, acquisition, or any form of sale of
some or all of its assets, we will ensure the confidentiality of any personal information involved in
such transactions and provide notice before personal information is transferred and becomes
subject to a different privacy policy.

 

Information security

We take appropriate security measures to protect against unauthorised access to or unauthorised
alteration, disclosure or destruction of data. These include internal reviews of our data collection,
storage and processing practices and security measures, as well as physical security measures to
guard against unauthorised access to systems where we store personal data.

We restrict access to personal information to Eddowes Perry and Osbourne employees, contractors
and agents who need to know that information in order to operate, develop or improve our
services. These individuals are bound by confidentiality obligations and may be subject to
discipline, including termination and criminal prosecution, if they fail to meet these obligations.

 

Data retention

• Once a file is closed we will hold the information for 6 years and will then be destroyed by
a compliant shredding company.

Backups of data containing user-identifiable information will be deleted within 6 years from when
the last letter is dated.

 

Your rights

The General Data Protection Regulation (GDPR) outlines several rights. More information about
these rights, including the conditions under which they apply, can be found here.

You have the right to:

• Ask for access to, or rectification or erasure of your data.

• Restrict processing (pending correction or deletion).

• Object to communications or direct marketing.

• Lodge a complaint with the Information Commissioner’s Office
at https://ico.org.uk/concerns/

You should address such requests to the firms Data Controller.

None of the data within the firm’s system is subject to the right for data portability.

The firm does not carry out any profiling or automated decision making with a “legal or similarly
significant effect”.

 

Questions and complaints

Eddowes Perry and Osbourne regularly reviews its compliance with this Privacy Policy. Please feel
free to direct any questions or concerns regarding this Privacy Policy or Eddowes Perry and
Osbourne treatment of personal information by contacting us through this web site or by writing to
us at:

Eddowes Perry and Osbourne
46 High Street,
Sutton Coldfield,
West Midlands,
B72 1UL

www.e-p-o.co.uk

0121 686 9444

When we receive formal written complaints at this address, it is Eddowes Perry and Osbourne
policy to contact the complainant regarding his or her concerns. We will cooperate with the
appropriate regulatory authorities, including local data protection authorities, to resolve any
complaints regarding the transfer of personal data that cannot be resolved between Eddowes Perry
and Osbourne and an individual.

 

Changes to this Privacy Policy

Please note that this Privacy Policy may change from time to time. We will not reduce your rights
under this Privacy Policy without your explicit consent, and we expect most such changes will be
minor. Regardless, we will post any Privacy Policy changes on this page and, if the changes are
significant, we will provide a more prominent notice (including, for certain services, email
notification of Privacy Policy changes). Each version of this Privacy Policy will be identified at the
top of the page by its effective date, and we will also keep prior versions of this Privacy Policy in
an archive for your review.

 

If you would like to withdraw your consent to process your personal data, please click on the link below to download the form:

Data subject consent withdrawal form