Privacy and Data Protection Policy
Privacy and Data Protection Policy
This Data Protection Policy outlines how Enterprise Systems UK Ltd (hereafter referred to as “ES” or “the Company”) collects, uses, discloses, and manages personal data. This policy is effective as of 25 May 2018 and complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
1. Data Collection and Use
1.1 ES collects and stores personal data solely for the purpose of fulfilling contracts with our clients, who are exclusively companies and not individual consumers.
1.2 ES processes personal data as a data processor, under the control and instruction of our clients, as specified in the relevant Data Processing Agreement (DPA).
1.3 ES acts as a data controller for personal data related to our own employees and contractors, as specified in their respective employment or service contracts.
1.4 When engaging with data subjects, ES provides privacy notices in accordance with the notification requirements outlined in the relevant DPA.
2. Data Security and Staff Responsibilities
2.1 All ES staff are required to process personal data only with the prior consent of the data controller, the data subject, or as required by law.
2.2 ES staff consent to their business contact information, including email addresses and phone numbers, being shared for the sole purpose of conducting business on behalf of ES.
2.3 All ES staff are trained on, familiar with, and have agreed to comply with current data protection legislation.
2.4 ES staff are responsible for implementing appropriate data security measures, which are subject to periodic reviews and a range of controls.
3. Data Subject Rights
3.1 Data subjects have the right to access, rectify, erase, restrict processing, object to processing, and port their personal data, as outlined in the GDPR.
3.2 Data subjects may exercise their rights by contacting ES’s designated Data Protection Officer (DPO) at dpo@entsys.uk.
4. Data Sharing and International Transfers
4.1 ES may share personal data with third-party service providers who assist in fulfilling our contractual obligations. These service providers are bound by strict confidentiality and data processing agreements.
4.2 In the event that ES transfers personal data outside of the European Economic Area (EEA), the Company ensures that appropriate safeguards are in place, such as Standard Contractual Clauses or Privacy Shield certification.
5. Data Retention and Disposal
5.1 ES retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.
5.2 When personal data is no longer needed, ES securely disposes of it in accordance with industry best practices and applicable laws.
6. Policy Review and Updates
6.1 This Data Protection Policy is reviewed annually and updated as necessary to reflect changes in legislation, business practices, or data processing activities.
6.2 ES will inform data subjects, clients, and relevant stakeholders of any material changes to this policy.
7. Contact Information
For any questions, concerns, or requests related to data protection, including Article 15 subject access requests, please contact our Data Protection Officer:
Email: dpo@entsys.uk Postal Address: Data Protection Officer, Enterprise Systems UK Ltd (address as published at https://enterprisesystems.co.uk) Phone: (as published at https://enterprisesystems.co.uk)