This policy was last revised on 12th December 2018
Who we are
We are Epimorphics Ltd; we are a company registered in England and Wales (registration number 7016688) and our registered address is Court Lodge, 105 High Street, Portishead, Bristol BS20 6PT.
Data is central to everything that we do: we publish data, we carry out data integration, and we build data-driven applications. We treat data very seriously, carefully and professionally.
We use cloud computing and cloud storage to run our business. This means that our email system, and many of our documents and files are stored on servers belong to a third party cloud computing provider. For any data we hold we are the Data Controller; our cloud computing provider is a Data Processor. We carefully select our cloud computing providers to ensure that acting as our Data Processors they meet all the obligations of the General Data Protection Regulations. Currently we use Google as our data storage provider (for file storage, email and messaging); our contract with them includes the GDPR contract amendments and we actively choose Europe (EU) as the data region policy for Google supplied services.
The lawful basis for almost all the processing of personal data that we do is our legitimate interests. We process a small amount of personal data to support research work we carry out (see below); the lawful basis for this processing is consent. If you withdraw your consent for any of the personal data we hold under this basis we will securely delete this data within two weeks.
What personal data do we hold, and why
Unless you have contacted us, or are a customer, supplier, partner or employee we probably don’t hold any data on you, but if we do we will treat it securely.
As noted above we use a Data Processor to look after our emails and file storage; they are GDPR compliant, keep all our information secure and will not disclose it to any third party. Apart from this use of a Data Processor we will not disclose any personal data to any third party unless we have your explicit permission to do so or we are required to do so by law.
If you contact us we will use the contact information you give us to respond to you. We will keep this information secure and delete it when it is no longer relevant. We will not use your contact information to send you unsolicited marketing information. If you would like to receive unsolicited marketing information please follow @epimorphics on Twitter or read our blog (www.epimorphics.com/blog).
If you send us additional personal information (e.g if you are applying for a job and send us your CV) we will keep this information secure and delete it when it is no longer relevant.
If you are a customer, a supplier or a partner we will keep information about you (including contact information and financial information) to enable us to do business with you.
If you are an employee we keep information about you that is relevant to your employment with us. We know where you live.
We sometimes undertake interview based research to support the services that we develop or to understand associated user requirements in regard to services we are building for clients. In addition to your opinions, we may also collect some personal information about you, such as your name, email address and other details that we highlight specifically with you in advance of the interview. We actively avoid capturing sensitive personal information. We securely store this data to support the write up of the research and for no longer than 12 months or when the research is completed (whichever is sooner).
We respect your trust and protect your privacy. In work we are doing for clients we will only share summaries and non-identifiable information unless you have specifically consented to sharing more. Where it would be helpful to use any direct quotes we only do this with your specific prior consent.
You have the right to find out what information we hold about you and to correct it if it is wrong. If you wish to find out what information we hold on you please contact firstname.lastname@example.org.
If the data we hold on you is with your consent you have the right to withdraw your consent at any time. In such a case we will securely delete all the data we hold on you because of your consent within two weeks.
If you are not happy with the way we treat your personal information, or with the way we respond to any query you have, you have the right to raise your concerns with the Information Commissioner’s Office: see https://ico.org.uk/concerns