Privacy Policy

The EPOS Bureau treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any **Personal data you share with us and that we hold about you, including how we collect, process, protect and share that data.

**Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a physical address and an email address or other contact number information.

How we obtain your personal data

Information provided by you

You provide us with personal data either via our website forms, as a result of email ‘conversations’, on the telephone and/or in-person. This includes, but is not limited to, name, address, email address and Direct Debit mandate instructions. We use this information in order to manage and administer our business relationship with you and to facilitate the operation of our Care Pack customer support scheme.

We may also keep information contained in any correspondence you may have with us by post or by email. We also record telephone conversations for quality and training purposes.

Third Party Access to Customer Data

From time to time The EPOS Bureau may obtain information from you, our customer, to allow us to provide our services to your business. This includes, but is not limited to, temporary backups of your Eureka™ database such that we may troubleshoot an issue you are experiencing. Under those circumstances, we obtain this information electronically by secure file transfer. Our declared lawful basis, in this context, is legitimate interest.

Whilst your data is being processed at our site, it is protected by our network, passwords, firewall security, and anti-virus packages and is subject to our internal 'Data Processing Register' (Hereafter, Data Register).

The EPOS Bureau's 'Data Register' has been set up to control the transfer of sensitive 3rd party information into our network. It requires us to log the source and nature of the sensitive data such that we and you can be assured that the data only remains available to us for as long as necessary to complete the processing operation. During processing, the data is held on secure internal storage and is accessed only by the person or person(s) required at The EPOS Bureau given the nature of the processing request. Once required processing is complete, the data is removed from our system and a log entry made in the 'Data Register' to confirm this. Regular Audits of the 'Data Register' are carried out by an internal quality auditor.

Information we get from other sources

We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify a credit rating before entering into a business relationship with you as a responsible business practice.

How we use your personal data

Generally, we use your personal data to manage and administer your business account with us and to allow us to provide vital on-going support services. We also act as controller and processor in regard to the processing of your Direct Debit instructions and in the assessment of requests for new software features and in the provision of support as part of our Care Pack scheme, if applicable.

We undertake at all times to protect your personal data, including any of your customers’ details contained in data backups we receive, in a manner which is consistent with professional best security practice and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data in storage.

Specifically, we may use your personal data:

  • to assess your suitability for a particular service;
  • to process order requests for our services;
  • to give you information that you request from us;
  • to improve our software and services;
  • to notify you about changes to our services;
  • to provide timely and effective support;
  • to keep our systems secure and up-to-date.

Additionally, we may, where we have obtained your permission, also use the personal data to:

  • provide you with information about the products and services we offer via promotional emails;
  • keep you up to date with events that we are holding and/or attending.

You can opt-out of any of these data uses at any time by emailing our GDPR Team.

We will only keep your information for as long as reasonably required.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the content and protection and privacy of any information which you provide whilst visiting such sites. Such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website/company in question.

Sharing information

We will keep information about you confidential and we will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:

Categories of third parties

  • insurance companies, loss assessors, regulatory authorities and other fraud prevention agencies for the purposes of fraud prevention and to comply with any legal and regulatory issues and disclosures;
  • any printing agents, contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential;
  • anyone to whom we may transfer our rights and duties under any agreement we have with you;
  • any legal or crime prevention agencies and/or to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law requires us to do so.

How long do we keep this information about you?

We keep information as long as is reasonably necessary. This takes into account our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.

Data subject rights

Subject access requests

The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data subject”) the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly from the point of receiving the request with all necessary information. Our formal response shall include details of the personal data we hold about you, including the following:

  • details of what personal data we currently hold;
  • the purposes for processing the information; and
  • persons or entities with whom we are sharing the information;

Right to rectification

You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure

You, the data subject, shall have the right to obtain from us the erasure of personal data concerning you without undue delay.

Right to restriction of processing

Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
  • the processing is unlawful and you, the data subject, oppose the erasure of the personal data and instead request the restriction in its use;
  • we no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims;
  • you, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections;

Right to data portability

You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.

Right to object

You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.

Right to not be subject to decisions based solely on automated processing

We do not carry out any automated processing which may lead to an automated decision based on your personal data.

Invoking your rights

If you would like to invoke any of the above data subject rights with us, please write to us at The EPOS Bureau, Tullynagarn, Lisnarick Road, Irvinestown, Fermanagh, BT94 1EY or email our GDPR Team

Accuracy of information

In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.

Important information

Questions and queries

If you have any questions or queries which are not answered by this Privacy Policy, or have any potential concerns about how we may use the personal data we hold, please write to us at The EPOS Bureau, Tullynagarn, Lisnarick Road, Irvinestown, Fermanagh, BT94 1EY or email our GDPR Team

Policy changes

This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update, modify or amend this Policy. We suggest that you review this Privacy Policy from time to time to ensure you are aware of any changes we may have made, however, we will not significantly change how we use the information you have already given to us without your prior agreement.

If you have a complaint

If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to us at The EPOS Bureau, Tullynagarn, Lisnarick Road, Irvinestown, Fermanagh, BT94 1EY or email our GDPR Team and we will do our best to help you.

Please note that if you are not satisfied with the processing of your personal data as set out in this Privacy Policy, you have the right to issue a complaint with the Information Commissioners Office. (

Great minds think alike.

Let’s put our heads together for a win-win partnership that benefits your business and ours.
Request callback
Industry Partners


Enter a search term and when you're done typing, hit enter