Your privacy is important to us, and at EndoArt we are committed to protecting and safeguarding your data privacy rights. This policy explains what personal data (personal information) we hold about you, how we collect it, and how we use it. Please ensure that you read this policy and any other similar notice we may provide to you from time to time.
EndoArt is a trading name of EndoMishra Ltd
WHO COLLECTS THE PERSONAL INFORMATION
The Company is a ‘data controller’ and gathers and uses certain personal information about you.
DATA PROTECTION PRINCIPLES
The data protection principles which we will apply when gathering and using personal information are that:
- we will process personal information lawfully, fairly and in a transparent manner;
- we will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;
- we will only process the personal information that is adequate, relevant and necessary for the relevant purposes;
- we will keep accurate and up to date personal information, and take reasonable steps to ensure that inaccurate personal information is deleted or corrected without delay;
- we will keep personal information for no longer than is necessary for the purposes for which the information is processed; and
- we will take appropriate technical and organisational measures to ensure that personal information is kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
ABOUT THE PERSONAL INFORMATION WE COLLECT
A table summarising the personal information we collect and hold, how and why we do so, how we use it and with whom it may be shared is below.
Personal information may be shared with other parties, such as group companies and/or affiliated companies, external contractors and our professional advisers (e.g. legal and financial advisors), HR advisors and payroll providers, and potential purchasers of some or all of our business or on a re-structuring. The recipient of the personal information will be bound by confidentiality obligations. We may also be required to share some personal information to comply with the law. We seek to ensure that our personal information collection and processing is always proportionate. We will notify you of any material changes to personal information we collect or to the purposes for which we collect and process it.
WHERE PERSONAL INFORMATION MAY BE HELD
Personal information may be held at our offices and third-party agencies, service providers, representatives and agents as described above and in cloud based IT services. In the event that we use cloud based IT services, personal information may be transferred internationally to other countries around the world, including countries that do not have data protection laws equivalent to those in the UK. We have security measures in place to seek to ensure that there is appropriate security for personal information we hold.
YOUR RIGHTS TO CORRECT AND ACCESS YOUR PERSONAL INFORMATION AND TO ASK FOR IT TO BE ERASED
Please contact our Data Protection Contact if (in accordance with applicable law) you would like to correct or request access to personal information that we hold or if you have any questions about this notice. You also have the right to ask our Data Protection Contact for some, but not all, of the personal information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing personal information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you raise about our use of your personal information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
SENSITIVE PERSONAL INFORMATION
Before processing any sensitive personal information, staff must notify the Data Protection Contact of the proposed processing, in order that the Data Protection Contact may assess whether the processing complies with the special conditions for processing sensitive personal information.