top of page
Easton Tech Ltd Logo - Black.png

Privacy Policy

Last updated: January 2025

​

At Easton Tech Ltd, we prioritise the protection of your personal data and comply with all applicable privacy regulations, including the General Data Protection Regulation (EU Regulation No. 2016/679) and the UK Data Protection Act 2018 (collectively referred to as the "Applicable Legislation").

​

This Privacy Policy ("Policy") explains how we collect, process, and protect your personal data. It applies to all forms of personal data we process and includes data relating to partners, contractors, customers, users, and other third parties. By using our services, you acknowledge and agree to this Policy.

​

1. Who We Are

​​

Easton Tech Ltd is the data controller responsible for your personal data. We are registered in the United Kingdom under Company Number 14426151, with our registered office at 63-66 Hatton Garden, London, England, EC1N 8LE. For any privacy-related inquiries, you can contact our Data Protection Officer at support@eastontechltd.com (please include FAO DPO in the email subject heading).

​

2. Definitions

​

To help you understand this Policy, here are key definitions:

​

  • Informed Consent: Any freely given, specific, and informed indication of the Data Subject's agreement to the processing of their Personal Data.

  • Personal Data: Any information relating to an identified or identifiable person.

  • Sensitive Data or Special Categories of Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to identify a person, data concerning health, or data concerning a person's sex life or sexual orientation.

  • Purpose of Processing: The main purpose for which we collect and process Personal Data.

  • Data Subject: An identified or identifiable person.

  • Data Controller: The person or entity that determines the Purposes of Processing and the means of processing Personal Data.

  • Processing: Any operation or set of operations performed on Personal Data, whether or not by automated means. This includes, without limitation, collection, recording, organisation, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deletion, erasure, or destruction.

  • Third Party: A third party or business partner who, in connection with your current or potential use of the Solution, provides us with Personal Data on your behalf or receives or accesses Personal Data on our behalf, such as vendors, subcontractors, and other service providers.

  • You, Your, or User: The person whose Personal Data is collected and processed under this Policy, having the status of Data Subject within the meaning of the Applicable Legislation.

​

3. How We Collect Personal Data

​

We collect personal data through the following channels:

  • When you interact with our website or services.

  • When you communicate with us through social media platforms.

  • When you establish a business relationship with us as a partner, supplier, or contractor.

  • When you submit a job application to us.

​

4. Types of Personal Data We Collect

 

The personal data we collect includes the following:

​

  • For Partners and Suppliers:

    • Name, first name, postal address, position, email address, telephone number, banking details (if applicable), and any exchanges or correspondence with us.

  • For Website Users:

    • Email address, subject of emails sent via contact forms, and all messages exchanged through the website.

  • For Social Media Interactions:

    • Name, first name, pseudonym, photograph or avatar, publications, and messages exchanged when you contact us through social media platforms.

  • For Job Applicants:

    • CV, cover letter, notes and discussions during interviews, and other information related to the recruitment process.

  • For Managing Requests to Exercise Rights:

    • Name, first name, email address, subject of the request, details of follow-up actions, and data related to the applicant.

 

Data Minimisation Principles
We adhere to the principles of data minimisation and accuracy. This means that the personal data we collect is relevant, adequate, and not excessive in relation to the purposes for which it is processed. Only information necessary to achieve these purposes is collected and processed.

​

5. Purpose of Data Processing

 

We process personal data for the following purposes:

​

  • Management of Contacts via the Website: To respond to your inquiries and requests submitted through our website or contact forms.

  • Interactions with Social Media Users and Management of Social Media Accounts: To interact with you when you contact us via social media platforms, including LinkedIn, Instagram, TikTok, Twitter, and Facebook, and to manage our presence on these networks.

  • Management of Partnerships and Affiliations: To manage relationships with our partners and affiliates, including signing contractual documents, communicating via email or telephone, making payments, and facilitating collaboration.

  • Recruitment Management: To manage recruitment procedures, evaluate candidates, conduct interviews, and maintain a database of CVs for future opportunities.

  • Supplier Management: To identify and engage suppliers, place orders, process payments, and manage the supplier relationship.

  • Management of Requests to Exercise Rights: To receive, process, and respond to requests related to data protection rights, including access, rectification, and deletion, and to maintain a record of such requests.

  • Compliance with Legal and Regulatory Obligations: To comply with applicable legal and regulatory requirements, including tax and financial reporting obligations.

​

6. Legal Basis for Processing

 

We process personal data solely on clearly defined legal bases, which include:

​

  • Informed Consent: Where you have provided explicit and informed consent for the collection and processing of your personal data for specific purposes as outlined in this Policy.

  • Legitimate Interests: To pursue our legitimate interests, such as improving our services, ensuring the security of our systems, managing our relationships with partners and suppliers, and maintaining the functionality of our platform, provided these interests do not override your fundamental rights and freedoms.

  • Contractual Necessity: To execute pre-contractual measures or to fulfil contractual obligations, such as managing partnerships, processing payments, and providing services to our users and partners.

  • Compliance with Legal Obligations: To meet our legal and regulatory obligations, such as managing invoicing, tax compliance, and responding to data subject rights requests.

​

7. Data Security and Confidentiality

 

We implement rigorous technical and organisational measures to ensure the confidentiality, security, and integrity of your personal data. These measures include, but are not limited to, the following:

​

Technical Measures and Organisational Safeguards

​

  • Compliance with Standards: We adhere to technical and organisational measures in accordance with applicable standards to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access to your personal data.

  • Privacy by Design and Default: From the earliest stages of designing our systems and processes, we embed privacy protection principles to ensure that data is protected from the outset. By default, we limit access to personal data to those who strictly require it for legitimate purposes.

  • Access Control: Access to personal data is restricted to authorised personnel only, ensuring it is not accessible to an indefinite or excessive number of individuals.

  • Encryption and Secure Storage: Data is encrypted during transmission and at rest, stored on secure servers, and backed by cybersecurity measures.

 

Selection of Service Providers and Partners

​

  • Due Diligence: We collaborate with service providers and partners that offer robust guarantees to implement technical and organisational measures at least as stringent as our own.

  • Trusted Hosting Services: Our tools and databases are hosted with leading service providers offering scalability, availability, security, and performance, with business continuity plans in place.

 

Documentation

​

  • Compliance Records: We maintain comprehensive documentation to demonstrate compliance with all relevant data protection regulations, ensuring transparency and accountability.

​

Breach Notification

​

  • Prompt Reporting: In the unlikely event of a data breach, we will notify affected individuals and relevant supervisory authorities as required by applicable law, within legally mandated timeframes.

  • Mitigation Measures: Immediate technical and organisational measures will be taken to limit the impact of any breach and prevent recurrence.

​

Privacy Impact Assessments

​

  • High-Risk Processing: Before implementing any new system or process involving high-risk data processing, we conduct a privacy impact assessment to evaluate potential risks to data subjects' rights and freedoms.

  • Remedial Action: If a privacy impact assessment identifies risks incompatible with legal principles, we adjust our processes to mitigate or eliminate these risks.

​

8. Data Sharing

 

We share personal data only when necessary and under strict conditions to ensure the privacy and security of the data. The following outlines the parties with whom data may be shared and the circumstances under which sharing occurs:

​

Internal Use: Authorised Personnel

​

  • Your personal data may be accessed and processed by our employees solely for the purposes outlined in this policy.

  • Access is granted only to personnel whose roles require it, and all employees are bound by confidentiality obligations to protect your personal data.

​

Disclosure to Third Parties

​

  • Legal Basis for Sharing: Personal data is shared with third parties only when there is a legal justification for such sharing. This may include instances where:

    • You have provided explicit consent.

    • The disclosure is necessary to perform a contract or fulfill a service request.

    • There is a legitimate purpose that does not infringe on the fundamental rights of the data subject, including the right to privacy.

  • Scope of Sharing: Data is shared on a strictly limited “need to know” basis, ensuring only the required information is disclosed.

  • Compliance with Legal Obligations: If required by law, we may disclose personal data to government agencies, law enforcement, or judicial authorities. Any disclosure will be limited to what is legally mandated, and data subjects will be informed of such situations where permitted by law.

 

Service Providers and Subcontractors

​

  • Trusted Partners: We collaborate with trusted service providers and subcontractors, including hosting providers and software platforms, to deliver our services. Examples include:

    • Hosting services that ensure scalability, data availability, security, and performance.

    • Tools and platforms such as Slack and Google, which assist in operational efficiency and communication.

  • Data Protection Standards: All third-party service providers are carefully vetted to ensure they adhere to strict technical and organisational security measures. Agreements with these providers include data protection clauses to safeguard your personal data.

 

Administrative and Judicial Authorities

​

  • In the event of legal requisitions, we may be required to share personal data with administrative or judicial authorities.

  • Such sharing will be limited to the extent required by law, and appropriate measures will be taken to ensure data security and compliance.

​

9. International Data Transfers

 

To fulfil the processing purposes described in this policy, we may collaborate with service providers or partners located outside the United Kingdom (UK) or European Union (EU).

​

Transfers to Third Countries

​

  • When personal data is transferred to a country that has not been recognised by the UK or EU as providing an adequate level of data protection, we implement appropriate safeguards to ensure compliance with applicable laws and regulations.

​

Safeguards for International Transfers

​

  • Standard Contractual Clauses (SCCs): For transfers to third countries, we include standard contractual clauses or equivalent ad hoc clauses in contracts with the receiving parties. These clauses are approved by relevant regulatory authorities and provide a framework to protect personal data.

  • Equivalent Mechanisms: In some cases, we may rely on binding corporate rules or other recognised mechanisms that ensure compliance with applicable legislation.

​

We remain committed to ensuring that all international data transfers are conducted in a manner that upholds the privacy and security of your personal data.

​

10. Retention Periods

​

We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy or as required by law:

  • Business Relationships: Retained for the duration of the relationship, plus five years for record-keeping.

  • Recruitment: Applicant data is retained for two years unless requested otherwise.

  • Legal Obligations: Data required for regulatory compliance is retained for ten years.

​​

11. Your Rights as a Data Subject

​

You have the following rights under the Applicable Legislation:

​

  • Right of Access: You can request access to your personal data, including details about how and why it is processed.

  • Right to Portability: We can provide a copy of your personal data in a structured, commonly used format to facilitate data portability.

  • Right of Rectification: You can request corrections or updates to inaccurate or incomplete personal data.

  • Right to Erasure: You can request the deletion of your personal data under specific conditions, including:

    • If the data is no longer necessary for the purposes of processing.

    • If you withdraw consent for processing based solely on your consent.

    • If you object to the processing and there are no overriding legitimate grounds.

    • If the processing is unlawful.

    • If the data must be erased to comply with legal obligations.

  • Right to Restriction: You can request that processing be restricted in certain circumstances, such as:

    • When the accuracy of the data is contested.

    • When processing is unlawful, but you prefer restriction over deletion.

    • When you need the data for legal claims.

  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent: You can withdraw consent for processing at any time without affecting the lawfulness of processing based on consent before its withdrawal.

  • Right to Define Post-Mortem Guidelines: You can define instructions regarding the handling of your personal data after your death.

​

To exercise your rights, please contact us at support@eastontechltd.com.

​

12. Complaint Handling

 

We are committed to addressing and resolving any legitimate privacy concerns raised by Data Subjects. If you believe there has been a violation of this Policy or applicable data protection legislation, we will thoroughly investigate the matter and take all reasonable measures to mitigate any impact.

​

Our Approach to Handling Complaints

​

  • Thorough Investigation: We will promptly investigate any complaint related to a potential or actual violation of this Policy or applicable laws.

  • Resolution Measures: If a violation is identified, we will take appropriate actions to remedy the situation and ensure future compliance. This may include additional staff training, updated processes, or system changes.

  • Collaboration with Authorities: If a complaint cannot be resolved satisfactorily, we will cooperate fully with the relevant supervisory authorities and comply with their recommendations to resolve any outstanding issues.

​

Filing a Complaint

​

  • Contact Us Directly: If you have any concerns or wish to file a complaint, please contact our Data Protection Officer (DPO) at: support@eastontechltd.com

  • Contact a Supervisory Authority: If you are not satisfied with our resolution, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or another relevant data protection authority: https://ico.org.uk/

 

13. Policy Updates

​

We may update this Policy to reflect changes in legal, regulatory, or operational requirements. Updates will be posted on our website, and significant changes will be communicated directly to affected individuals.

​

By using our services or interacting with us, you acknowledge that you have read and understood this Policy.

​

bottom of page