1 Keeping your data safe
2 Who's in control of my personal data?
3 What data do you collect and where from?
3.1 The personal data that we collect about you depends on our relationship with you.
3.2.1 We collect personal data about our clients (including prospective clients) in order to provide and promote our services. This includes if you are an individual client, sole trader or unincorporated partnership, or if you are an employee, shareholder or director of a company or limited partnership.
3.2.2 The information we collect about our clients (Client Information) includes the following:
(a) first name and surname;
(b) telephone numbers;
(c) email address;
(e) job title;
(f) financial details; and
(g) information provided to us by you whenever you engage or communicate with us for any reason.
3.2.3 Most of the time, we collect Client Information directly from you. However, sometimes we obtain Client Information from a third party (for example if someone refers business to us) or from a publicly available source (for example LinkedIn, business websites or search engine results).
3.3.1 If you are an individual, sole trader or an unincorporated partnership providing services to Ecosulis (Subcontractor), or a director, employee or shareholder of a Subcontractor, in addition to the information listed above, we sometimes need to ask you to provide us with further information. This is so that we can verify your identity and professional standing to our own clients. The information we will request includes the following information (Subcontractor Information):
(a) registration numbers;
(b) passport details;
(c) health & safety registration information;
(d) trade membership and qualification information;
(e) photographic identification and proof of address documents;
(f) National Insurance number; and
(g) next of kin.
4 What do you use my personal data for?
4.1 Carrying out our services
4.1.1 We use Client Information to register you as a new customer, to contact you and to provide our services.
4.1.2 We also use Client Information to:
(a) verify our clients' identity and comply with anti-money laundering legislation;
(b) carry out credit checks;
(c) carry out anti-fraud checks by conducting online searches using a third party identity provider; and
(d) conduct analysis to enable us to improve our business and our services.
4.2 Communicating with you
4.2.1 We use information that you voluntarily provide to us when contacting us with queries, comments or complaints to enable us to respond to those queries, complaints or comments and to make sure that these are appropriately dealt with.
4.3.1 We will use your email address, telephone number and/or postal address to send you direct marketing communications. We do this at all times in accordance with our obligations under direct marketing laws. You can choose not to receive these communications by following the instructions in each communication to unsubscribe.
4.4 Subcontractor Information
5 What is your legal basis for using my personal data?
5.1 Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. The table below tells you what that legal basis is in relation to each of the purposes set out above.
Personal data used
To register you as a new customer and to provide our services to you and manage our relationship with you
If you are an individual, sole trader or unincorporated partnership, we process this personal data for these purposes on the basis that this information is necessary in order to perform our contract with you to provide our services.
Responding to your queries, comments and complaints
We process this personal data for this purpose on the basis that this information is necessary for our legitimate interests. We have an interest in making sure that comments and queries are handled appropriately.
We process this personal data for this purpose on the basis that it is in our legitimate interests to do so, in order to promote and market our business. You can opt out of receiving marketing communications at any time by following the "unsubscribe" instructions in marketing communications.
Fulfilling our obligations to certain clients to provide them with information
Subcontractor Information relating to any Subcontractor involved in the supply of services by Ecosulis
We process this personal data for this purpose on the basis that this information is necessary for our legitimate interests and/or the legitimate interests of our clients. We are required to provide an enhanced amount of information on all Subcontractors connected with the provision of Ecosulis services to certain clients due to their nature, size and significance of their projects.
6 Who do you share my personal data with?
6.1 If you are a Subcontractor, we will share the Subcontractor Information with the relevant client for whom the work is being carried out. This is to comply with our contractual obligations to that client.
6.2 We may share your information with another individual, consultant or organisation that provides similar services to our services, if we are unable to assist you by providing our own services or answering any queries.
6.3 We will also share your information with third party service providers, such as cloud storage providers, marketing agencies and software providers that we use for internal software such as project management software and accounting. We require all third parties to respect the security of your personal data and treat it lawfully.
7 Whereabouts is my personal data kept?
7.1 We use Box for cloud storage. Box is based in the USA and is certified with the EU-US Privacy Shield framework. This means that Box protects your personal data in the USA in a way that has been approved by the European Commission. You can find out more about Privacy Shield, and Box's certification, here.
7.2 Some of our other third party suppliers will also use other cloud storage providers who store personal data outside of the UK and the European Economic Area (EEA) and/or transfer personal data to affiliates worldwide to ensure that they can continue to provide their services to us. Where this happens, any transfers of personal data outside the UK EEA will be covered by one or more of the following measures:
7.2.1 EU-US Privacy Shield framework, as described above;
7.2.2 Model contract clauses, which are standard sets of contractual clauses approved by the European Commission as ensuring an adequate level of protection of personal data outside the UK and the EEA; or
7.2.3 Binding corporate rules, which are sets of rules entered into between group companies that require affiliates outside the UK and the EEA to protect personal data in the same way as it is protected within the UK and the EEA.
8 How long do you keep my personal data for?
8.1 We keep Subcontractor Information for 6 months before disposing of it securely.
8.2 If you have purchased services from us we will store your transactional and invoicing records for 7 years as HMRC and other government bodies require us to keep transactional and invoicing records for this length of time.
8.3 We will retain Client Information for the period of your relationship with us and for a reasonable period thereafter to allow us to deal with any claims, complaints and queries
that you have. If you are on our marketing list and you have not unsubscribed, we will keep your details on our marketing list until you unsubscribe or, if earlier, until we reasonably decide we no longer need to keep your information for marketing purposes.
9 What rights do I have?
9.1 You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
9.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
If you want to exercise any of these rights, please write to us at Vicky Sheppard, Office Manager OR Alex Crosta, Office Administrator, Ecosulis Ltd, The Rickyard, Newton St
Loe, Bath, BA2 9BT. You can also contact us by email using email@example.com or firstname.lastname@example.org.
9.3 A right to access your information
9.3.1 You have a right to ask us to send you a copy of all the personal data that we hold about you (subject to some exceptions).
9.4 A right to an electronic copy of your information
9.4.1 If you are an individual, sole trader or unincorporated partnership client, you can also ask us to send you the Client Information that we hold about you in a common electronic format, or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.
9.5 A right to object to us processing your information
9.5.1 You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing (as set out in section 5 above).
9.5.2 If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
9.6 A right to ask us not to market to you
9.6.1 You can ask us not to send you direct marketing. You can do this by following the "unsubscribe" instructions in any marketing emails, or by contacting us using the details above.
9.7 A right to have inaccurate data corrected
9.7.1 You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
9.8 A right to have your data erased
9.9 A right to have processing of your data restricted
9.9.1 You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.
9.9.2 Restricting your personal data means that we only store your personal data and don't carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.
10 How can I contact you?
Vicky Sheppard, Office Manager OR Alex Crosta, Office Administrator
Ecosulis Ltd, The Rickyard, Newton St Loe, Bath, BA2 9BT
01225 874 041
11 What if I have a complaint?
11.1 You have a right to complain to the Information Commissioner's Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
11.2 You can find out how to do this by visiting www.ico.org.uk.
12 What if this policy changes?
Last updated January 2019