We are committed to protecting the privacy and security of your personal information in accordance with the applicable data protection laws, including the General Data Protection Regulation. The nature of the services provided by EBRS means that we may obtain certain information about you and this policy explains how we do this. By using our services and our website (www.ebrs.co.uk) generally, you agree to this use. We may update this policy from time to time, but the latest policy is always available here and we can send it to you on request.
1. The information we collect
We collect personal information online and offline that you choose to provide us with.
This includes information provided such as when registering on our website, contacting us, completing a survey or questionnaire. It also includes when you share personal information about your employees with us so that we can undertake reward consultancy services for you.
It also includes when you post information on EBRS’s branded pages on third-party platforms (e.g. social media). These third-party sites may have their own privacy policies and terms and conditions which EBRS is not responsible for, so you should check these before using them.
When you submit personal information in connection with making a payment via our website, your personal information is protected with encryption software that lets your browser automatically encrypt data before you send it.
2. The lawful bases for processing your personal information
We may hold information such as your name, work contact details (email address, address, telephone number) and any other personal information that you choose to provide (such as services that you are interested in).
You may have provided these to us or we may hold them due to the legitimate interests of our business (for example, your company is a customer or a participant in one of our surveys). We will always provide you with an option to opt out from future communications of this kind.
It may be necessary for you to share personal information about your employees with us so we can undertake agreed reward consultancy services for you, such as pay benchmarking and survey participation. Examples of the type of data include:
Personal information will only be used for the purpose for which it is collected and only stored for as long as required to provide that service. Where collected for the purpose of creating survey reports, we will anonymise and aggregate personal information. Anonymised information may be stored for the purpose of calculating historical trends.
3. The uses we make of this information
We will use the information we receive from you to:
4. Disclosure of your information
We do not sell or share your personal data with third parties for them to use for marketing purposes.
We may allow our employees to access and use your personal data for the activities we have described above. We only permit them to use it to deliver the relevant service, and if they apply an appropriate level of security protection.
If the law allows or requires us to do so, we may share your personal data with the police and law enforcement agencies; courts and tribunals; and the Information Commissioner’s Office (ICO).
5. Links from our website
Our website contains links to other websites. Please be aware that we are not responsible or liable for the privacy practices of other websites. We encourage you to be aware when you leave our website and to read the privacy policies of other websites that collect personally identifiable information.
6. Keeping your data secure
We are committed to ensuring that your information is secure. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see our contact details below).
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
7. Transfers of information out of the EEA
We may need to transfer your personal data outside the European Economic Area (EEA), for example, if one of our suppliers is located outside the EEA.
We will ensure that any transfer of your data will be subject to appropriate safeguards, such as a European Commission approved contract, that will ensure you have appropriate remedies in the unlikely event of a security breach.
8. Retention periods
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
9. Your rights
Under certain circumstances, by law, you have the right to:
If you would like to exercise any of the above rights, please email or write to us (see our contact details below) with the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
10. Our Data Controller
The data controller responsible for our website is Karl Ellis, Director of Essential Benchmarking & Reward Solutions Limited. Our data protection registration number is Z2053249.
11. Contacting us
If you have any questions at all about this policy or our website, or about how we use and process your personal information, please write to us by email to firstname.lastname@example.org or by post to Vauxhall Ridge, Vauxhall Lane, Chepstow NP16 5PZ.
If you have any complaints these can be referred to the same address. If a complaint is not resolved to your satisfaction, then you can escalate this to Information Commissioner’s Office.