When you make use of the EposConnect.co.uk (‘EposConnect) website, EposConnect processes personal data. We will use your personal data legitimately and responsibly in line with applicable privacy laws and regulations.
In this Privacy Statement, we describe who we are, how and for which purposes we process your personal data within EposConnect, how you can exercise your privacy rights, and all other information that may be relevant to you.
We did our best to provide you with all information in a clear and readable format. However, if you have any questions about our use of your personal data after reading this Privacy Statement, you can contact us through the contact details provided below.
Finally, we would like to point out that we are continually developing and improving EposConnect. If this brings about any changes in the way we process personal data, this will be reflected in this Privacy Statement. We therefore recommend that you regularly take notice of the Privacy Statement for any modifications. At the bottom of this Privacy Statement you can read when this Privacy Statement was last modified.
2. Who are we?
Epos Connect Online Solutions Ltd is the data controller for EposConnect activities. Our contact details are: Epos Connect Online Solutions Ltd, Unit B Watkins House, Pegamoid Road, London N18 2NG, UK. If you want to contact EposConnect, please use the contact details provided at the bottom of this Privacy Statement.
The DPO office can be contacted via support@EposConnect.co.uk.
3. For which purposes do we process your personal data?
EposConnect processes your personal data for the following purposes:
Order management and performance of a contract – We process your personal data to prepare, receive and carry out the purchase agreement(s) as agreed upon.
Back office activities – We process your personal data for administrative and financial business activities, such as reporting and the managing and processing of invoices and collections.
Communication, marketing and loyalty program purposes – We process your personal data for the purposes of customer service and support, to manage our relationship with you, to carry out marketing activities, to make (personalised) offers, to include you in our loyalty program, and/or to provide and share information about our services.
Legal purposes – We process your personal data for identification purposes, to counter fraud, to perform audits, to initiate legal action, to secure safety within the company and to comply with legal obligations.
Are you looking for more detailed information on how we process your personal data?
4. What personal data do we collect about you?
We collect several categories of personal data when you make use of EposConnect:
Contact details (name, address, place of residence, e-mail, telephone number, fax number, etc.)
Company details (address, Company number, VAT number, etc.)
Account details (username, password, customer ID, etc.);
Order details (date and item of purchase, order status, order amount, order price, payment details, financial details, etc.)
Marketing & communication details (whether you have opted out for direct marketing, creation of mailing lists, social media details, geographic details, promotional offerings, etc.)
Participation details (whether you participate in promotions or loyalty programs)
Customer service details (contact with our customer service or digital and/or written correspondence)
Web details (cookies, etc.)
EposConnect collects the following personal data directly from you:
5. On which legal grounds do we base the processing of your personal data?
To be lawful, each processing of personal data has to be based on a so called ‘legal ground’ as listed in the EU General Data Protection Regulation (GDPR). We process personal data associated with EposConnect based on four legal grounds;
(1) for the performance of a (service) contract with you; or
(3) for compliance with a legal obligation; or
(4) for legitimate interests pursued by us; or
(4) your consent.
Performance of a contract
We use your personal data for processing necessary for performance of the service contract with you. Without these data, we would not be able to fulfil our side of the contract. The processing of orders and service requests falls under this legal ground.
We are legally obliged to process your personal data in order to comply with fiscal and other legal obligations.
We use your personal data for our legitimate interests.
to be able to maintain a lasting relationship with you as a customer and to offer you products and services (e.g. direct marketing).
to be able to detect fraud and security incidents on our website.
to defend ourselves in legal proceedings.
to improve the effectiveness of our service through statistical analysis
We may use personal data in a personal, pseudonymous form to understand how we can develop and improve the service, as well as for reporting purposes, general statistical and analytical purposes. When circumstances make this necessary we may process personal data for fraud investigation or to fulfil legal obligations. Processing personal data for these purposes serves a legitimate business interest of ours.
In those cases where the previous three legal grounds do not apply, we process data with your unambiguous consent.
Note that you can always withdraw your given consent. Under the headline ‘Can you withdraw you given consent later on?’ you can read how to do so.
6. To whom do we provide your personal data?
We can provide your personal data to third parties in accordance with this Privacy Statement and in so far as permitted by law. Without your consent, we will not provide your personal data to recipients for their own marketing purposes.
Your personal data can be received by the following categories of recipients:
Internal Departments and Group companies
We may share personal data internally with other departments (such as Accounts Receivable) and with other entities of EposConnect for the purpose of providing you with information, products and/or services (such as registration and customer support), the development of new products, websites, applications, services, promotions and communication, and to prevent, trace and examine possible illegal activities, infringements of our policies, fraud and/or breaches of our data security.
We may provide your personal data to supervisory authorities such as Tax and Customs Administration, the police and other statutory bodies. We provide your personal data:
To comply with a statutory obligation or court order; or
If this is necessary to prevent, trace or prosecute criminal acts; or
If this is necessary to enforce our policies, or to protect the rights and freedoms of others.
Business service companies (data processors)
We make use of business service companies to help us execute our business. These organisations act only on our instructions and are contractually bound by us not to use your data for their own purposes.
Payment service providers
When you purchase a service/product, you will also receive a request to provide your payment details. Those personal data may be collected and processed directly by the payment service provider. This provider is responsible for processing your payment details within the limits set by law.
In certain cases, we may provide your personal data to third parties. We refer specifically to third parties which belong to the EposConnect or parties which will be part of the EposConnect and/or its legal successor as a result of a restructuring, merger or acquisition.
7. Is your personal data being transferred outside of the European Union / European Economic Area?
Your personal data may be transferred outside of the European Union / European Economic Area. We have taken adequate measures to ensure that the transfers are safe and take place only within the limits set by law.
Your personal data do not transferred outside the European Union.
8. How do we store your personal data?
Your personal data will be removed or made anonymous when your personal data is no longer necessary for the purposes set out in this privacy statement.
There are instances where certain elements of your personal data are stored for a longer period of time due to certain legal obligations set out by public institutions. We may also store elements of your personal data for our own legitimate interest, such as detecting fraud, handling potential disputes, or facilitating our contractual arrangements with third parties such as vendors.
9. How can you exercise your privacy rights (data subject rights)?
At every desired moment, you can request to access, rectify or erase your personal data or you can object to direct marketing and profiling. In addition to this, you may also have the right of restriction of processing concerning your personal data, the right to object to processing as well as the right to data portability. These rights are known as your ‘data subject rights’.
To invoke your data subject rights, please contact us by using the contact details at the bottom of this Privacy Statement.
Please keep in mind that we may ask for additional information to verify your identity.
If you no longer want to receive direct marketing communication, please contact us by using the contact details at the bottom of this Privacy Statement.
10. Can you withdraw your consent?
Once given, you may always withdraw your consent. Please keep in mind that withdrawal does not have retrospective effect.
You can withdraw your consent for commercial communications using the unsubscribe link in the last communication you received.
If you want to withdraw your consent for other processing activities, please contact us by using the contact details at the bottom of this Privacy Statement.
11. Can you lodge a complaint?
You can lodge a complaint with us via the contact details at the bottom of this Privacy Statement. Furthermore, you can lodge a complaint via the UK Data Protection Authority ‘Information Commissioner’s Office (ICO)’, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK.
12. How can I contact EposConnect?
If you have any questions about the way we process your personal data that are not answered by this privacy statement, please contact:
Epos Connect Online Solutions Ltd, Registered No. 10732197, having its registered office Suite 8, The Monument, 45-47 Monument Hill, Weybridge, Surrey, United Kingdom, KT13 8RN.
The DPO office can be contacted via firstname.lastname@example.orgSta.
13. When was the last modification made to this Privacy Statement?
This Privacy Statement applies since 25th July 2018 The last modifications to this Privacy Statement were made on 24th July 2018.