Environmental Essentials (UK) Ltd is also referred to as EEUK Ltd in this policy.
Reg. no. 05980634 | VAT no GB 896870452
Reg. Address: Ebenezer House, Ryecroft, Newcastle under Lyme, Staffordshire, ST5 2BE
EEUK Ltd provides workplace safety and hygiene services.
The words ‘we’, ‘us’ and ‘our’ all refer to EEUK Ltd in this policy.
What is Personal Information?
Personal information (or data) is any information that identifies you, for example, name, address, email address, phone number.
What Personal Information Do We Collect?
We collect only that personal data from you that we need to help us to help you with your enquiry or service. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
Personal Data Provided by You
The personal data you give us may include name, company name, business address, job title, email address, telephone numbers.
You may give us your personal data, for example, by filling in our contact form, Resource Area form or Client Portal login fields on our website, by completing a survey, by communicating them on social media, by corresponding with us by phone or email or by communicating them to us in person.
Personal Data that is Collected Automatically
We may automatically collect the following information:
Technical information, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier.
Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to,scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
Information from Third Parties
We never buy lists (for direct marketing or any other purposes) of personal data from third parties where the contacts on the list have not consented to receiving marketing about the type of service we offer.
Information We Generate
We occasionally generate surveys for marketing purposes. The surveys are anonymous, but we may give you the opportunity to give your name and any other personal identifiers you deem as appropriate. The results of our surveys are only ever published at an aggregate level and no personal information is ever published against individual responses.
We may publish testimonials given to us by members on our website, on social media, in presentations, case studies and in other formats, which are available publicly. We will always seek your permission before we publish a testimonial you have given about our service.
How Do We Use Your Personal Data?
We will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation. Below are the main uses of your data.
Your personal data may be collected and used to help us deliver our service to you or answer any queries you may have about our services.
We would like to use your details to communicate information to you that you may find relevant and useful.
We occasionally send you information about or related to our products and services by email that have been identified as being beneficial to our clients and in our interests. We process your personal information under the ‘legitimate interest’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.
We use the legitimate interests’ legal basis for processing clients’ data for marketing purposes, in accordance with the ‘soft-opt-in’ – Regulation 22 of PECR (Privacy and Electronic Communication Regulation).
The marketing communications we send to clients will be relevant and non-intrusive and the type of information you would reasonably expect to receive from us. You will always have the option to opt-out/unsubscribe at any time.
If you would prefer not to receive above-mentioned marketing and offers, please email Help@eeukltd.com or click the unsubscribe button in the footer of the last email we sent you.
N.B. Your privacy is important to us, so we’ll always keep your details secure.
We would like to send our other contacts information about or related to our products and services by email, which may be of interest to you. We would only do this with your express consent. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting EEUK Ltd directly.
If you are receiving marketing communications from above, but no longer consent to receiving them, please email Help@eeukltd.com or click ‘unsubscribe’ in the footer of the last email we sent you.
N.B. Your privacy is important to us, so we’ll always keep your details secure.
Recruitment and Employment
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees.
Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.
Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, email address and telephone number.
Sensitive Personal Data
The GDPR defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
The service we offer does not usually require that we collect, store or handle any sensitive personal data. The only sensitive data we may hold refers to employees of EEUK Ltd with regard to HR issues (e.g. health issues, ethnicity) to take care of staff welfare and monitor Equal Opportunities, for example. This information is only ever analysed at an aggregate level.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
(c) Data about an employee’s criminal convictions will be held as necessary.
Do We Share or Disclose Your Personal Information?
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.
Statutory & Contractual Disclosure
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.
To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Third Party Services
EEUK Ltd uses third parties to provide services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
Third Party Software Systems
N.B. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
What Safeguarding Measures Do We Have In Place?
EEUK Ltd takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of organisational and technical security measures in place, including encryption, firewalls, 2-factor authentication, anti-virus/malware, SSL, restricted access etc.
Do We Transfer Your Data Outside The EU?
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. EEUK Ltd does transfer and store personal data outside the EU.
Therefore, when you use our website/send us an email/sign up to receive email updates from us etc., the personal information you submit may be stored on servers which are hosted in non-EU countries. Where this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by strict agreements and measures set out by EEUK Ltd to protect your data and comply with the relevant data protection laws.
Where we transfer personal information for the above reasons, we utilise the below safeguarding measures and mechanisms to ensure that your personal data is always safe and secure. We check that software providers are:
- GDPR compliant
- EU/US Privacy Shield certified
- Compliant with EU standard contractual clauses
Nearly all our communication with clients located outside the EU is done by secure cloud technologies, which are protected by Privacy Shield certification, EU standard contractual clauses and GDPR compliance (as above).
Right to be Informed
You have the right to be informed of the data we hold about you and how we process that data. The security of your data is of paramount importance to us.
Right to Access
You have the right to access any personal information that EEUK Ltd processes about you and to request information about: –
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
- We will respond to your request within one month of receipt of the request.
Right to Rectification
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
Right to Object
It is your right to lodge an objection to the processing of your personal data if you feel the “grounds relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.
Right to Data Portability
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
Right to Erasure & Right to Restrict
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information.
Rights in Relation to Automated Decision-Making & Profiling
We currently use automated decision-making and profiling. You have a right to be informed and to request to have a human reconsider automated decisions and profiling.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
For all requests as outlined above, please contact us as follows:
By email: amy[at]eeukltd[dot]com
Or write to us at: Amy Harrison, Environmental Essentials (UK) Ltd, Ebenezer House, Ryecroft, Newcastle under Lyme, Staffordshire, ST5 2BE
How Long Do We Keep Your Data?
EEUK Ltd only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Types of Cookies
The length of time a cookie stays on your device depends on its type. We use two types of cookie on our website:
A session cookie is stored in temporary memory and only exists during the time you use the website. This means that it is not retained after the browser is closed. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don’t get asked for the same information you’ve already given to the site.
Infusionsoft - Infusionsoft is an e-marketing and sales platform. It uses session cookies on our website.
Persistent (or permanent) cookies stay on your device after you have visited our website. These cookies help us to identify you as a unique visitor but do not contain information that could be used to identify you to another person. Persistent cookies also help our website to remember your information, preferences and settings when you visit them in the future.
We use 5 types of persistent cookie on the EEUK Ltd website. These are generated by:
Vimeo – Vimeo videos are embedded on our website. The Vimeo cookie is added to your device when you click to play the video
Infusionsoft - Infusionsoft is an e-marketing and sales platform. It uses tracking cookies to capture website visitor activity
LinkedIn - LinkedIn can place cookies via its share button
This type of cookie is generated when you click on images and links. They help to track what you viewed on the website, giving you faster and more convenient access to the information you need when you revisit the website.
Clear Gifs (Web Beacons / Web Bugs)
Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly in HTML files and are about the size of the period at the end of this sentence.
We may use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you no longer wish to receive our newsletter or other promotional communications by email, you may opt-out of receiving them by following the instructions included in each communication.
We may store information that we collect through cookies and clear gifs to create a “profile” of your preferences. We may tie your personal information to information in the profile to provide tailored promotions and marketing offers or to improve the content of the Site for you. We do not share your profile with third parties.
If you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.
How to Contact Us
By email: help[at]eeukltd[dot]com
Or write to us at: Compliance Officer, Environmental Essentials (UK) Ltd, Ebenezer House, Ryecroft, Newcastle under Lyme, Staffordshire, ST5 2BE