This policy explains how we handle your personal data and what you can do if you have any concerns.
At Exp2 Limited we are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, that you provide to us or that we may receive from others about you will be processed by us. It includes data that we hold electronically and in paper files.
We are required to provide you with this information under the General Data Protection Regulation (GDPR). UK Data Protection Acts of 1984, 1998 and 2018.
HOW AND WHY WE PROCESS PERSONAL DATA
We will process data to deliver the services that Exp2 Limited has been asked or contracted to provide you with through your enquiry or contact. These include administration of your client account, provision of advice, promotion and administration of events, and the promotion and administration of Exp2 Limited
LEGAL BASIS FOR PROCESSING DATA
The GDPR came into force in UK law on 25 May 2018.
The legal bases for the processing of your data will be under the following paragraphs of the GDPR:
- Where you have given consent to the processing of your personal data for one or more specific purposes
- Where the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract
- Because it is in the legitimate interests of the data controller, Exp2 Limited.
Our legitimate interests are the need to properly process your enquiry, administer your transaction, and administer your client account with Exp2 Limited and to provide you with all the services and information necessary. Safeguards have been put in place to ensure we achieve the correct balance between our interests and yours.
WHO HAS ACCESS AND WHY
Data will be held and processed for the purposes of administrating your client account.
Only those staff that have a legitimate need to access data will be authorised to do so.
RETENTION OF DATA
The data will be held for the duration of your client account, trade account membership or longer where we have a legal obligation or other legitimate reason for doing so. This may include the need to retain data in relation to tax affairs, for which the relevant authorities may require Exp2 Limited to maintain records for seven or more years.
The following are not Strictly Necessary but are required to provide you with the best user experience and also to tell us which pages you find most interesting (anonymously).
We use Functional Cookies
This website will: Track the pages you visit via Google Analytics
This website will not: Share any personal information with third parties.
These cookies are used to collect information about how visitors use our website and WordPress blog. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
You may correct or update the data we hold on you at any time by emailing us at firstname.lastname@example.org
YOU HAVE A NUMBER OF RIGHTS UNDER THE GDPR
Right of Access: You have the right, subject to a number of exceptions, to know what information we hold about you. Unless the issue is complex, we will respond within one month.
Right to Rectification: You have the right to have any information we hold about you corrected if it is inaccurate or incomplete. Unless the issue is complex, we will respond within one month.
Right to Erasure: You have the right to request the deletion or removal of personal data where there is no compelling reason for us to continue to hold it.
Right to Restrict Processing: You have the right to restrict our processing of your data in certain circumstances, such as when there is a question over the way in which we are using it.
Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes.
Right to Object: You have the right to object to our processing of your personal data on the basis of legitimate interest, for direct marketing and for the purposes of research. We will stop processing your data on the basis of legitimate interest unless there are compelling legitimate grounds for us to continue. We will stop any processing of your data for direct marketing as soon as we receive an objection. We will stop processing your personal data for research purposes if there are grounds that relate to your particular situation.
Automated Processing: You have the right, subject to a number of exceptions, to know what information we hold about you. Unless the issue is complex, we will respond within one month.
If you are not satisfied with the way in which we manage your personal data, you can seek recourse through the Exp2 Limited complaints procedure.
If you remain dissatisfied, you have the right to refer the matter to the Information Commissioner. The Information Commissioner can be contacted at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- TEL 01625 545 745
- FAX 01625 524 510