eyworks Privacy Policy
INTRODUCTION
EYWORKS LIMITED respects the privacy of its customers, suppliers and partners. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request.
DEFINITIONS
- Party responsible for processing personal data: EYWORKS LIMITED; with registered address at Acorn House, 381 Midsummer Boulevard in United Kingdom and company registration number 07939645 (the “Controller”).
- Data Protection Authority: The Data Protection Authority of United Kingdom.
- Data Protection laws:
- For European citizens or residents, the EU GDPR 2018; the EU e-privacy directive 2002 (soon to be replaced by the EU e-privacy regulation);
- For UK citizens or residents, the UK GDPR 2020 and the UK Data Protection Act 2018 and/or the national laws of United Kingdom.
COLLECTION OF DATA
- Your personal data will be collected by EYWORKS LIMITED and its data processors.
- Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
- An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
HOW IS YOUR PERSONAL DATA COLLECTED?
Business process
|
Type
|
Data subject
|
Legal basis
|
---|---|---|---|
Website
|
Identification, Educational and employment history
|
Customers
|
Consent
|
Email
|
Not applicable
|
Not applicable
|
Legitimate interest
|
Storage and exchange of documents
|
Not applicable
|
Not applicable
|
Legitimate interest
|
Delivery of goods and services
|
Identification, Financial, Date of Birth, Educational and employment history, Copy of ID, Health, Location, Social Security Number, Contracts
|
Customers
|
Performance of a contract
|
Financial and business administration
|
Identification, Financial, Date of Birth, Educational and employment history, Copy of ID, Health, Location, Social Security Number, Contracts
|
Customers, Employees, Suppliers
|
Legitimate interest
|
Marketing
|
Identification, Location
|
Customers
|
Consent
|
PURPOSES
- Customer, employee, contractor, partner or supplier management
- Business and financial administration
- Direct marketing
- Delivery of goods or services
- Work planning
Purposes for which we will use your personal data
- We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
- Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
How we collect, store or otherwise process your data:
The following business processes describe how we may collect, store or otherwise process the types of personal information set out in the table above:
- Collection of cookies, subscription to newsletter or filling out the contact form on the website(s);
- Analyse trends and profiles, for our legitimate interest to aim to enhance, modify, personalise and improve our services and communications for the benefit of our customers;
- Process and respond to support requests, enquiries and complaints received from you through use of business email;
- Provide services and products requested and/or purchased by you and to communicate with you about such services and/or products. We do this as necessary in order to carry out a contract with you and in accordance with our legitimate interest to operate a business;
- Carry out administrative activities such as invoicing and collecting payments either locally on devices or using cloud-services;
- Store and exchange personal information contained in documents through email and cloud-services;
- Marketing and customer acquisition through email or using cloud-service.
SHARING DATA WITH THIRD PARTIES
We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law.
We may transfer your Personal Data outside United Kingdom. If we do, you can expect a similar degree of protection in respect of your Personal Data.
We will only share your Personal Data with third parties in accordance with the GDPR and as outlined in the legal justification table above.
We share your personal data with the following enterprise third parties. We also share your data with SME third parties, details of which are available upon request. You will be notified when we have engaged with a new third party recipient of your personal data.
AWS
Function
|
Website hosting, Email provider, Document storage service, Application hosting
|
---|---|
Business process
|
Website, Email, Digital storage of documents, Administration, Software tools and applications
|
Data categories
|
Identification, Financial, Date of Birth, Educational and employment history, Copy of ID, Health, Location, Social Security Number, Contracts, Software tools and applications, Business data, Technical data
|
Data subjects
|
Customers, Employees, Contractors, Family members
|
Security measures
|
Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.
|
GOOGLE WORKSPACE
Function
|
Email provider, Document storage service, Password manager, Appointment scheduling tool
|
---|---|
Business process
|
Email, Digital storage of documents, Administration
|
Data categories
|
Identification, Financial, Date of Birth, Educational and employment history, Contracts, Business data
|
Data subjects
|
Employees, Contractors, Suppliers, Partners
|
Security measures
|
Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.
|
JIRA (ATLASSIAN)
Function
|
Task management or work planning
|
---|---|
Business process
|
Software tools and applications
|
Data categories
|
Technical data
|
Data subjects
|
Employees
|
Security measures
|
Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods
|
MAILCHIMP
Function
|
Email provider, Marketing tool
|
---|---|
Business process
|
Email, Marketing
|
Data categories
|
Identification, Financial, Date of Birth, Educational and employment history, Location, Contracts, Software tools and applications, Business data, Technical data
|
Data subjects
|
Customers, Employees
|
Security measures
|
Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.
|
NEW RELIC
Function | Other software suite |
---|---|
Business process | Software tools and applications |
Data categories | Technical data |
Data subjects | Customers, Employees, Contractors, Family members |
Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
TRELLO
Function | Task management or work planning |
---|---|
Business process | Administration |
Data categories | Technical data |
Data subjects | Customers, Employees, Contractors, Family members |
Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
XERO
Function | Accountancy software, Bookkeeping software, Payment processing software |
---|---|
Business process | Digital storage of documents, Administration |
Data categories | Identification, Financial, Location, Business data |
Data subjects | Customers, Employees, Suppliers |
Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
ZOHO
Function
|
CRM, Customer service software, Payment processing software, Password manager, Marketing tool, User management/authentication, Task management or work planning, Appointment scheduling tool, Office software
|
---|---|
Business process
|
Administration, Marketing, Software tools and applications
|
Data categories
|
Identification, Location, Contracts, Business data
|
Data subjects
|
Customers, Employees, Suppliers
|
Security measures
|
Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.
|
FACEBOOK ANALYTICS
Function | Marketing tool |
---|---|
Business process | Marketing |
Data categories | Location, Technical data |
Data subjects | Customers, Employees, Suppliers, Partners |
Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
GODADDY
Function | Website hosting |
---|---|
Business process | Software tools and applications |
Data categories | Technical data |
Data subjects | Employees |
Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
GOOGLE ANALYTICS
Function
|
Marketing tool
|
---|---|
Business process
|
Marketing
|
Data categories
|
Location, Technical data
|
Data subjects
|
Customers, Employees, Suppliers, Partners
|
Security measures
|
Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.
|
STRIPE
Function | Payment software, Payment processing software |
---|---|
Business process | Software tools and applications |
Data categories | Identification, Financial, Location |
Data subjects | Customers, Employees |
Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
GOOGLE FIREBASE
Function | Other software suite |
---|---|
Business process | Software tools and applications |
Data categories | Technical data |
Data subjects | Customers, Employees |
Security measures | N/A |
WISE
Function | Payment processing software |
---|---|
Business process | Administration |
Data categories | Financial, Location |
Data subjects | Employees, Suppliers |
Security measures | Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods. |
INTERNATIONAL DATA TRANSFERS
- Encryption;
- Anonymisation;
- Pseudonymisation
STORAGE AND PROTECTION OF DATA
Your data is protected by EYWORKS LIMITED and its processors in pursuance to all legal requirements set by the relevant data processing laws. EYWORKS LIMITED has taken technical and organizational security measures to protect your data and requires its data processors to meet the same requirements. EYWORKS LIMITED has signed processing agreements with its processors to ensure an adequate level of data protection. The following security measures are taken by EYWORKS LIMITED to protect your personal data in the course of the listed business processes:
Organisational security measures
Staff
Access controls
EYWORKS LIMITED maintains your data privacy by allowing only authorized individuals access to information when it is critical to complete tasks for you. EYWORKS LIMITED staff members will not process customer data without authorization.
Data hosting
As a rule, data is hosted within United Kingdom, but it is possible that we might transfer personal data to countries within the EEA, to the UK or in exceptional circumstances outside of those areas. We ensure that we comply with the GDPR and the DPA when sending data overseas by relying on data processing agreements containing standard contractual clauses with our subprocessors or by taking additional measures to secure this data transfer, such as anonymisation.
Physical security
The data centres on which personal data is hosted are secured and monitored 24/7 and physical access to facilities is strictly limited to select staff.
TECHNICAL SECURITY MEASURES
Your rights regarding information
Each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of their personal data, as well as the right to object to the processing and the right to data portability. You can exercise these rights by contacting us at the following email address: hello@eyworks.co.uk. Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you. Ensure that you write “Data Request” in the subject line of your email. Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature. Depending on the complexity and the number of the requests this period may be extended to two months.
Marketing
- You may receive commercial offers from EYWORKS LIMITED. If you do not wish to receive them (anymore), please send us an email to the following address: hello@eyworks.co.uk and ensure that you write “Data Opt-Out” in the subject line of your email.
- Your personal data will not be used by our partners for commercial purposes.
- If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.
Data retention
The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any EYWORKS LIMITED account, system or other data processing medium in accordance with the process described above.
Applicable law
These conditions are governed by United Kingdom legislation. The court in the district where the collector has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.
Contact
For questions about this privacy policy, product information or information about the website itself, please contact: hello@eyworks.co.uk.
INTERNATIONAL DATA TRANSFERS
AWS
Third party headquarter address
|
410 Terry Ave. North, Seattle, WA, 98109-5210, United States
|
---|---|
The primary location of processing is the USA.
|
Personal data collected by AWS may be stored and processed in any country where AWS or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://d1.awsstatic.com/legal/awsgdpr/ AWS_GDPR_DPA.pdf
|
GOOGLE WORKSPACE
Third party headquarter address
|
1602 Amphitheatre Parkway, Mountain View, CA, 94043
|
---|---|
The primary location of processing is the USA.
|
Personal data collected by Google Workspace may be stored and processed in any country where Google Workspace or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://cloud.google.com/privacy
|
JIRA (ATLASSIAN)
Third party headquarter address
|
Level 6, 341 George Street, Sydney, Australia
|
---|---|
The primary location of processing is the USA.
|
Personal data collected by Jira (Atlassian) may be stored and processed in any country where Jira (Atlassian) or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://www.atlassian.com/legal/privacy-policy
|
MAILCHIMP
Third party headquarter address | 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, United States |
---|---|
The primary location of processing is the USA. | Personal data collected by Mailchimp may be stored and processed in any country where Mailchimp or its affiliates, subsidiaries, or service providers operate facilities. |
Safeguards (art. 45 GDPR) | Standard Contractual Clauses |
Additional safeguards (Schrems II) | Encryption Anonymisation where possible Pseudonymisation where possible |
For more information, see AWS’s Privacy Policy | N/A |
NEW RELIC
Third party headquarter address
|
188 Spear Street, Suite 1200, San Francisco, CA 94105
|
---|---|
The primary location of processing is the USA.
|
Personal data collected by New Relic may be stored and processed in any country where New Relic or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://newrelic.com/termsandconditions/privacy
|
TRELLO
Third party headquarter address
|
Singel 236 1016 AB, Amsterdam
|
---|---|
The primary location of processing is the USA.
|
Personal data collected by Trello may be stored and processed in any country where Trello or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Adequacy decision exists between United Kingdom and European Union
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://www.atlassian.com/legal/privacy-policy
|
ZOHO
Third party headquarter address
|
Beneluxlaan 4B, 3527 HT Utrecht, Netherlands
|
---|---|
The primary location of processing is the USA and EEA,EU.
|
Personal data collected by Zoho may be stored and processed in any country where Zoho or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://www.zoho.com/privacy.html
|
FACEBOOK ANALYTICS
Third party headquarter address
|
Meta Platforms Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland
|
---|---|
The primary location of processing is the USA and EEA,EU.
|
Personal data collected by Facebook Analytics may be stored and processed in any country where Facebook Analytics or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Adequacy decision exists between United Kingdom and European Union
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://www.facebook.com/privacy/explanation/
|
GODADDY
Third party headquarter address
|
2155 E. GoDaddy Way, Tempe, AZ 85284 USA
|
---|---|
The primary location of processing is the USA and EEA,EU.
|
Personal data collected by Google Workspace may be stored and processed in any country where GoDaddy or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://uk.godaddy.com/agreements/privacy
|
GOOGLE ANALYTICS
Third party headquarter address
|
1601 Amphitheatre Pkwy, Mountain View, CA 94043, United States
|
---|---|
The primary location of processing is the USA and EEA,EU.
|
Personal data collected by Google Analytics may be stored and processed in any country where Google Analytics or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20130906.html
|
STRIPE
Third party headquarter address
|
2155 E. GoDaddy Way, Tempe, AZ 85284 USA
|
---|---|
The primary location of processing is the USA and EEA,EU.
|
Personal data collected by Stripe may be stored and processed in any country where Stripe or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
https://stripe.com/gb/privacy
|
GOOGLE FIREBASE
Third party headquarter address
|
N/A
|
---|---|
The primary location of processing is the USA and EEA,EU.
|
Personal data collected by Google Firebase may be stored and processed in any country where Google Firebase or its affiliates, subsidiaries, or service providers operate facilities.
|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
For more information, see AWS’s Privacy Policy
|
N/A
|
YVONNE MOUNTAIN
Country where data is processed or sent to
|
United Kingdom
|
---|---|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
TAX-LINK CHARTERED TAX ADVISORS AND ACCOUNTANTS
ountry where data is processed or sent to
|
United Kingdom
|
---|---|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
BOOKMACHINE
Country where data is processed or sent to
|
United Kingdom
|
---|---|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
PRODIGI
Country where data is processed or sent to
|
United Kingdom
|
---|---|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
METADESIGN SOLUTIONS
Country where data is processed or sent to
|
India
|
---|---|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
BUCKWORTHS
Country where data is processed or sent to
|
United Kingdom
|
---|---|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
ORANGE TREE SOFTWARE PVT LTD.
Country where data is processed or sent to
|
India
|
---|---|
Safeguards (art. 45 GDPR)
|
Standard Contractual Clauses
|
Additional safeguards (Schrems II)
|
Encryption
Anonymisation where possible
Pseudonymisation where possible
|
ALMAS INDUSTRIES LIMITED
Country where data is processed or sent to | United Kingdom |
---|---|
Safeguards (art. 45 GDPR) | Standard Contractual Clauses |
Additional safeguards (Schrems II) | Encryption Anonymisation where possible Pseudonymisation where possible |
IHASCO
Country where data is processed or sent to | United Kingdom |
---|---|
Safeguards (art. 45 GDPR) | Standard Contractual Clauses |
Additional safeguards (Schrems II) | Encryption Anonymisation where possible Pseudonymisation where possible |
SAFEGUARDS FOR INTERNATIONAL DATA TRANSFERS
- Encryption;
- Anonymisation;
- Pseudonymisation where possible.
- Where Pseudonymisation is used by this third-party processor, they ensure that the personal data can no longer be attributed to a specific data subject without the use of additional information.
- This additional information is kept separately; and
- Technical and organisational measures are taken to ensure that the personal data cannot be attributed to identifiable persons (encryption; database and data separation; access controls; and logging).