Everest recognises the importance of protecting the personal information and the privacy of data provided by you (and that which may personally identify you).
Email address: firstname.lastname@example.org
Postal address: The Data Protection Officer, Everest 2020 Ltd, Everest House, Head Office, Sopers Road, Cuffley, Hertfordshire, EN6 4SG
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information we may collect from you, the legal basis we rely on and how we use this information
|Source of data||Categories of personal data||Legal basis|
|Customer||Website enquiry||Name, address, telephone number(s), email address, enquiry details||Legitimate interest: to respond to your enquiry, e.g. for a quote|
|Customer||Call centre call||Name, other information needed to identify you as a customer, recording of phone conversation||Legitimate interest: to assist you on the phone, quality assurance, legal and compliance, and for training and monitoring|
|Customer||Webchat enquiry||Name, other information needed to identify you as a customer if required, record of webchat conversation||Legitimate interest: to assist you on the chat, quality assurance, legal and compliance, and for training and monitoring|
|Customer||Website visit||Technical information such as IP address, location data, web browser (see Cookies Policy)||Consent or legitimate interest (see Cookies Policy)|
|Customer||Social media enquiry||Profile information, preferences, interactions via social media (e.g. Facebook. Instagram, Twitter etc)||Legitimate interest: to respond to your enquiry|
|Customer||Feedback form on website||Name, address, telephone number(s), email address, feedback form content||Legitimate interest: to help us improve our products and services|
|Customer||Purchase our products/services via our sales consultants||Name, purchase information, address, phone number(s), email||Necessary for performance of a contract, legitimate interest: to send you information about new products, special offers or other information that we think you may find interesting (unless you opt out)|
|Business||Business-related email communication||Name, company, work email, email contents||Legitimate interest: to respond to your business enquiry|
|Employee||Working for Everest 2020 as employee||Name, personal address, DOB, proof of ID, contract, health information, HR information, payment information||Necessary for performance of a contract, necessary for protecting your vital interests, legitimate interest: to administrate your employment with Everest 2020|
|Supplier||Working with Everest 2020 as supplier||Name, company information, work email, work phone number||Necessary for performance of a contract|
Who we may share your information with
We may share your personal information with external organisations to carry out services on our behalf. We and they are legally obliged to process your information in accordance with data protection law, and to put in place contractual measures that protect your information.
We will never sell your data to any third parties.
The main functions that are or may be carried out by external organisations are as follows:
- Sales and installation of our products
- Payment processing
- IT and database management
- Web hosting, online content services and data storage
- Data analytics and data cleansing
- Legal and compliance-related services
Your information may leave the UK and European Economic Area to facilitate the above functions. Where this happens, we ensure that your information is protected using standard contractual clauses, which are standardised contracts that guarantee that your information is protected to the same standard that it is in the UK.
If you wish to see a copy of these contracts, please contact us using the contact information contained within this policy.
How long we keep your information
Whenever we collect or process your personal data, we'll only keep it for as long as is necessary for the purpose for which it was collected. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
How we protect your information
We always hold your information securely and to prevent unauthorised disclosure or access to your information, we have implemented strong security safeguards including operating our website over the https protocol. We also follow stringent procedures to ensure we work with all personal data in line with current data protection legislation.
Controlling information about you
If you wish to unsubscribe from our marketing emails, you can easily unsubscribe using the unsubscribe link or code contained in each message.
Your rights over your information
You have the right to request:
- Access to the personal data we hold about you
- The correction of your personal data when incorrect, out of date or incomplete
- The erasure of your personal data in certain situations
- That we stop using your personal data for direct marketing (either through specific channels, or all channels)
- That we stop any consent-based processing of your personal data after you withdraw that consent
- That we stop in certain other situations to our continued processing of your personal data
- That we provide to you the personal data that we hold about you in a structured, commonly used and machine-readable format (and that we transmit such data to a third party in certain situations)
- A review of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision), which produce legal effects concerning you or significantly affecting you
If you wish to exercise any of the rights set out above, please contact us using the contact details above.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.