The EPOS Bureau treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any **Personal data you share with us and that we hold about you, including how we collect, process, protect and share that data.
**Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a physical address and an email address or other contact number information.
You provide us with personal data either via our website forms, as a result of email ‘conversations’, on the telephone and/or in-person. This includes, but is not limited to, name, address, email address and Direct Debit mandate instructions. We use this information in order to manage and administer our business relationship with you and to facilitate the operation of our Care Pack customer support scheme.
We may also keep information contained in any correspondence you may have with us by post or by email. We also record telephone conversations for quality and training purposes.
From time to time The EPOS Bureau may obtain information from you, our customer, to allow us to provide our services to your business. This includes, but is not limited to, temporary backups of your Eureka™ database such that we may troubleshoot an issue you are experiencing. Under those circumstances, we obtain this information electronically by secure file transfer. Our declared lawful basis, in this context, is legitimate interest.
Whilst your data is being processed at our site, it is protected by our network, passwords, firewall security, and anti-virus packages and is subject to our internal 'Data Processing Register' (Hereafter, Data Register).
The EPOS Bureau's 'Data Register' has been set up to control the transfer of sensitive 3rd party information into our network. It requires us to log the source and nature of the sensitive data such that we and you can be assured that the data only remains available to us for as long as necessary to complete the processing operation. During processing, the data is held on secure internal storage and is accessed only by the person or person(s) required at The EPOS Bureau given the nature of the processing request. Once required processing is complete, the data is removed from our system and a log entry made in the 'Data Register' to confirm this. Regular Audits of the 'Data Register' are carried out by an internal quality auditor.
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify a credit rating before entering into a business relationship with you as a responsible business practice.
Generally, we use your personal data to manage and administer your business account with us and to allow us to provide vital on-going support services. We also act as controller and processor in regard to the processing of your Direct Debit instructions and in the assessment of requests for new software features and in the provision of support as part of our Care Pack scheme, if applicable.
We undertake at all times to protect your personal data, including any of your customers’ details contained in data backups we receive, in a manner which is consistent with professional best security practice and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data in storage.
Specifically, we may use your personal data:
Additionally, we may, where we have obtained your permission, also use the personal data to:
You can opt-out of any of these data uses at any time by emailing our GDPR Team.
We will only keep your information for as long as reasonably required.
Links to other websites
We will keep information about you confidential and we will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
Categories of third parties
We keep information as long as is reasonably necessary. This takes into account our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.
The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data subject”) the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly from the point of receiving the request with all necessary information. Our formal response shall include details of the personal data we hold about you, including the following:
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You, the data subject, shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
We do not carry out any automated processing which may lead to an automated decision based on your personal data.
If you would like to invoke any of the above data subject rights with us, please write to us at The EPOS Bureau, Tullynagarn, Lisnarick Road, Irvinestown, Fermanagh, BT94 1EY or email our GDPR Team
In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to us at The EPOS Bureau, Tullynagarn, Lisnarick Road, Irvinestown, Fermanagh, BT94 1EY or email our GDPR Team and we will do our best to help you.
Enter a search term and when you're done typing, hit enter