Find out how we protect your data

Privacy Policy

Who we are

Our website address is: https://ecus.fablr.uk.

Data Controller

Ecus Ltd is a Data Controller of personal data associated with the provision of environmental and ecology consultancy services to private and public clients. We deliver our services from multiple office sites around the UK. We work within supply chains as partners, lead contractors, and subcontractors to deliver our services.

We have taken steps to ensure that we adopt best practice under General Data Protection Regulation (GDPR) to protect the privacy of individuals. We aim to maintain and whenever possible improve on the minimum standards for the assurance of individuals’ rights to data privacy and protection.

Ecus is registered with the Information Commissioner’s Office (ICO) as a Data Controller for the processing of Personal Data (A8197922).

Data Protection Office

As a Data Controller we recognise our responsibility in responding to individuals’ Rights. We manage this process by executing procedures in line with GDPR requirements.

We coordinate Data Subject Access Requests through our Data Protection Officer, who is contacted by:

Post: Data Protection Officer, Ecus Ltd, Brook Holt, 3 Blackburn Road, Sheffield, S61 2DW
Email: data@ecusltd.co.uk
Phone: 0114 266 9292

How We Protect Your Personal Data

In order to protect your privacy, we train our staff to understand their responsibilities in helping Ecus Ltd maintain GDPR compliance. We specifically focus on the following areas:

Notifying end users of their Rights through Privacy Statements
Handling end users’ Data Subject Access Requests
Gaining agreements with third parties whether we are a Controller or Processor
And, what to do in the event of a personal data breach.
We review annually our staff awareness of data privacy and protection.

We also apply appropriate technical measures in order to protect personal data. We comply with the highest levels of information security, where our systems comply with ISO27001.

If you would like to know more about our approaches to GDPR, please contact our Data Protection Officer.

Your Rights

As a Data Controller and a Data Processor we recognise our responsibility in responding to individuals’ Rights. We manage this process by executing procedures in line with GDPR requirements for Data Subject Access Requests and prevention of data breaches in discharging our obligations during this process.

The right to be informed

We will inform individuals of their right to object “at the point of first communication” and clearly lay this out in our privacy notices (see links below.)

The right to access

Should you wish to receive a record of the personal data that we hold about you, then we require you to contact us at the above Data Protection Office.

The right to rectification

We have implemented processes that ensure your personal data remains accurate and up to date. In the event data is deemed not accurate and you wish this data to be amended, you must contact us. You must specify which records you wish to be updated.

The right to erasure

At any time you may request that your personal data is erased from our records. We will erase all records in accordance with our storage and retention policy. You must provide details of the record you wish to be erased.

The right to restrict processing

You have the right to block or restrict the processing of your personal data. This means that we will store your personal data, but will not process it for further use in our marketing services. We will restrict processing under the following circumstances:

Where you contest the accuracy of the personal data, we will restrict processing until we have verified the accuracy of the personal data with you.

Where you object to the processing we will consider whether our businesses lawful basis override those of you as the individual. We will store the data, but will not undertake any further processing until both parties have agreed that our business use is within our lawful basis.

When processing is unlawful and the individual opposes erasure and requests restriction instead. We will store the data and will not undertake further processing. We refer you to the right to erasure policy, and will implement our erasure policy upon receiving your request.

Where we no longer need the personal data but you require the data to be retained to establish, exercise or defend a legal claim. You must state details of the record you wish to be retained. We will automatically delete personal data records in accordance with the consent policy. However, should you wish this data to be retained in order to establish, exercise or defend a legal claim, then we will store and retain this data until the legal claim has been resolved. We will inform you when we decide to lift a restriction on processing.

The right to data portability

You have the right to obtain and reuse your personal data for your own purpose. We will provide you with your personal data or move, copy or transfer that data to another business in a safe and secure way.

The right to data portability only applies:

* to personal data you have provided us;

* where the processing is based on your consent or for the performance of a contract.

We will provide this data to you or the business to which you require your personal data to be transferred, within one month of receiving instruction from you. However, if we decide that the data request is complex, then we will extend this time period for a further two months. Where this is the case, we will provide an explanation.

We will provide the personal data in a structured, commonly used and machine readable format. Examples of appropriate formats include CSV and XML files.

Where we are unable to transfer the data to another business due to technicalities or restrictions, then we will send the personal data to you for you to complete the transfer. This service will be provided free of charge.

The right to object

You have the right to object to any processing undertaken for the purposes of direct marketing (including profiling). We will stop processing for direct marketing as soon as we receive your objection. We will stop processing from the date of receipt of your objection.

The right not to be subject to automated decision-making including profiling.

We do not perform automated decision-making using your personal data to profile, nor do we supply the information we hold to third parties for use in analysis or prediction.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Complaints

The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow Cheshire, SK9 5AF. You can also contact them by telephone on 01625 545 745 or via their website at www.ico.org.uk.