Privacy policy

We are committed to protecting the privacy and security of your personal information in accordance with the applicable data protection laws, including the General Data Protection Regulation. The nature of the services provided by EBRS means that we may obtain certain information about you and this policy explains how we do this. By using our services and our website (www.ebrs.co.uk) generally, you agree to this use. We may update this policy from time to time, but the latest policy is always available here and we can send it to you on request. 

1. The information we collect

We collect personal information online and offline that you choose to provide us with. 
This includes information provided such as when registering on our website, contacting us, completing a survey or questionnaire. It also includes when you share personal information about your employees with us so that we can undertake reward consultancy services for you.

 It also includes when you post information on EBRS’s branded pages on third-party platforms (e.g. social media). These third-party sites may have their own privacy policies and terms and conditions which EBRS is not responsible for, so you should check these before using them. 

When you submit personal information in connection with making a payment via our website, your personal information is protected with encryption software that lets your browser automatically encrypt data before you send it. 

We use cookies to distinguish you from other users of our website to help improve it and to provide you with a good experience when you use it. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.

2. The lawful bases for processing your personal information

We may hold information such as your name, work contact details (email address, address, telephone number) and any other personal information that you choose to provide (such as services that you are interested in). 

You may have provided these to us or we may hold them due to the legitimate interests of our business (for example, your company is a customer or a participant in one of our surveys). We will always provide you with an option to opt out from future communications of this kind.

It may be necessary for you to share personal information about your employees with us so we can undertake agreed reward consultancy services for you, such as pay benchmarking and survey participation. Examples of the type of data include:

  • identifying information such as employee names and job titles.

  • salary, bonus, other pay and benefits information.

  • biographic information such as gender, ethnicity, age, disability, religion.

Personal information will only be used for the purpose for which it is collected and only stored for as long as required to provide that service. Where collected for the purpose of creating survey reports, we will anonymise and aggregate personal information. Anonymised information may be stored for the purpose of calculating historical trends. 

3. The uses we make of this information

We will use the information we receive from you to:

  • provide you with reward consultancy services.

  • to communicate with you about our services.

  • to notify you about changes to our services.

  • to evaluate the impact of marketing campaigns.

  • to measure the amount of traffic to our website.

  • to respond to your queries and requests and manage transactions.

  • to analyse and aggregate any responses you provide to surveys that we run.

4. Disclosure of your information

We do not sell or share your personal data with third parties for them to use for marketing purposes.

We may allow our employees to access and use your personal data for the activities we have described above. We only permit them to use it to deliver the relevant service, and if they apply an appropriate level of security protection. 

If the law allows or requires us to do so, we may share your personal data with the police and law enforcement agencies; courts and tribunals; and the Information Commissioner’s Office (ICO).

5. Links from our website 

Our website contains links to other websites. Please be aware that we are not responsible or liable for the privacy practices of other websites. We encourage you to be aware when you leave our website and to read the privacy policies of other websites that collect personally identifiable information.

6. Keeping your data secure

We are committed to ensuring that your information is secure. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see our contact details below).
 
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

7. Transfers of information out of the EEA 

We may need to transfer your personal data outside the European Economic Area (EEA), for example, if one of our suppliers is located outside the EEA.

​We will ensure that any transfer of your data will be subject to appropriate safeguards, such as a European Commission approved contract, that will ensure you have appropriate remedies in the unlikely event of a security breach.

8. Retention periods

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 
 
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.  

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

9. Your rights

Under certain circumstances, by law, you have the right to:

  1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it. 

  2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  3. Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

  4. Object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.  

  5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.

  6. Request the transfer of your personal information to another party.

If you would like to exercise any of the above rights, please email or write to us (see our contact details below) with the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.

10. Our Data Controller 

The data controller responsible for our website is Karl Ellis, Director of Essential Benchmarking & Reward Solutions Limited. Our data protection registration number is Z2053249. 

11. Contacting us  

If you have any questions at all about this policy or our website, or about how we use and process your personal information, please write to us by email to admin@ebrs.co.uk or by post to Vauxhall Ridge, Vauxhall Lane, Chepstow NP16 5PZ.

If you have any complaints these can be referred to the same address. If a complaint is not resolved to your satisfaction, then you can escalate this to Information Commissioner’s Office.