Revision V2.0.0 : 2024-10-25

The type of personal information we collect

We currently collect and process the following information:

  • Personal identifiers, contacts, and characteristics including:
    • Name
    • Email Address
    • Telephone Number
    • Company Name
    • Job Title
    • Training and coaching records

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • Carrying out services and fulfilling contractual obligations: Personal information is necessary to provide the services agreed upon and fulfil any obligations outlined in the contract.
  • Marketing relevant goods and services: With consent (individuals) or as legitimate interest (businesses), we may use personal information to inform individuals about our offerings, promotions, and other relevant information. 
  • Providing referrals to relevant partners: We may collect personal information to facilitate business to business referrals with our trusted partners, ensuring that individuals receive appropriate services.

We also receive personal information indirectly from the following sources in the following scenarios:

  • Referral partners: With consent (individuals) or as legitimate interest (businesses), we may obtain personal information from referral partners who have indicated that the individuals may be interested in our services.
  • Social media profiles: If individuals have made their personal information publicly available on social media platforms and have provided clear consent for us to access it, we may collect relevant information for marketing and providing tailored information.

We use the information that you have given us in order to enhance our marketing efforts, improve our services, provide relevant information, and deliver personalized services. We may share this information with relevant referral partners who provide complementary services.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You can remove your consent at any time. You can do this by contacting [email protected].
  • We have a contractual obligation.
  • We have a legitimate interest for business-to-business direct marketing and internal administrative purposes in relation to corporate subscribers.

How we store your personal information

Your information is securely stored on cloud-based platforms. Security measures implemented to protect personal information include encryption, access controls, and regular security audits. Eppaoa Limited is Cyber Essentials certified.

Data retention periods

We keep personal information for the following time periods:

  • Contractual obligations: to fulfil the terms of the contract plus six years.
  • Direct marketing: Two years from last outbound communication
  • Internal administrative purposes: Six years from last communication

Data minimization principles

We adhere to the principle of data minimization. We only retain personal data for as long as necessary to fulfil the purpose for which it was collected. We regularly review our marketing databases to ensure that we are not retaining personal data longer than required. We will then dispose of your information by secure deletion from our online cloud server.

No Third Party Data Processing

We maintain strict control over your personal data. We do not use third-party data processors for handling personal information unless absolutely necessary and only under stringent terms.

Commercial Contracts and Privacy Assurance

We ensure that all commercial contracts with external partners include clauses that safeguard privacy and ownership of data. These contracts clearly state that any data transmitted shall be deleted after a maximum of 30-days, will not be used for training of AI or LLM models or other purposes by third parties. We take every measure to ensure that your information remains confidential and secure, adhering to our commitment to privacy.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access: You have the right to ask us for copies of your personal information.
  • Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at [email protected] if you wish to make a request.

Our contact details

Eppaoa Limited at 16 Wapping High Street, London, E1W 1NG; E-mail: [email protected]

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at Eppaoa Limited, [email protected]. You can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113 – ICO website: https://www.ico.org.uk