Our Privacy Notice
Why do we collect your personal information?
We collect information to help manage your interactions with us and to provide a quality service:
- To enable us to learn about each other during pre-contract discussions;
- To manage the services we provide to you;
- To charge you for the products and services you have ordered from us;
- To be able to answer questions you may have now and in the future about the services we have provided to you;
- To fulfil our legal obligations as a business; and
- To help us run and grow our business.
We also collect information, so we can tell you about our products and services. We will not collect any personal information from you we do not need, and we will not resell your personal information.
You can visit our site (http://etchospitality.com) without telling us who you are or providing us with any personal information. However, we may collect the I.P. (Internet protocol) addresses of all our website visitors and other related information to be used to improve our website. We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
You may choose to raise a query with us via the contact form provided on our website. In this case we will collect and store your name and email address. As an alternative method of contact you may click on one of the email addresses on our website. The link will open your own email application and you will not need to save your information on our website.
We may send you emails from time to time to keep you in touch with our services or about industry developments. Legitimate Interest is our lawful basis of processing to send you these emails.
We offer a range of consultancy services such Finance Director, Accountancy and other more general consultancy services. For these types of services, we are the Data Controller. When a client retains us to provide consultancy services will only collect the personal information required to perform the service. This information may include basic personal information such name, postal addresses, email address, phone number, payment method and other information required to perform the service. We may also collect personal information about your staff where this is needed to in connection with the service. Our lawful basis for collecting this information is that we have a Contract to provide services to you.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other personal information processed in the provision of services is 7 years.
We use a number of service providers to assist us deliver products and services to you and share necessary portions of your personal information with them:
- Our website is hosted with Gyron Internet Ltd and is hosted in the UK;
- Contract documents, records and invoices of our customers are held on Microsoft SharePoint;
- We use Microsoft 365 for email in which personal information contained in emails is held
- Our accounting system, Aqilla, holds your personal information related to invoices and payments. If you are a staff member, the same system holds information about your pay, tax and pensions. The provider hosts your information outside of the EU but is an organisation that complies with the EU’s data privacy regulations;
All of our service providers are required to maintain the confidentiality and security of your personal information and to use it only in compliance with applicable privacy laws. These companies are not authorised to use your information in any manner, other than in helping us to provide you with services or as otherwise required by applicable law. We may also disclose specific personal information about you if required by law, governmental request or court order if, based on our good faith belief, it is necessary to conform or comply with such law, request or court order.
When we are retained to provide services such as payroll processing and bookkeeping, we will be acting as a Data Processor in terms of the Data Protection regulations. In these cases our processing of Personal data will be subject to a Data Processor Addendum between ourselves and our client.
We only keep your personal information as long as specified in the Data Processing Addendum, or as otherwise required by law.
All of the information you provide during the recruitment process will only be used for the purpose of progressing your application and we will not share any of the information you provide during the recruitment process with any third parties. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. We will use the contact details you provide to us to contact you to progress your application. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. We will use the information you provide to assess your suitability for the role you have applied for. If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained for up to a period of six months.
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. We need to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. You will therefore be required to provide proof of your identity and proof of your qualifications. We will contact your referees, using the details you provide in your application, directly to obtain references. If we make a final offer, we will also ask you for the following:
- Bank details – to process salary payments;
- National Insurance number and tax codes for use with HMRC; and
- Emergency contact details – so we know who to contact in case you have an emergency at work.
During your employment with us we will collect and store information in your personnel file such as performance reviews and leave records.
If you become a member of staff the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. If you are unsuccessful at any stage of the process, the information you have provided until that point, and our interview notes will be retained for 6 months from your application.
We share our employees’ personal information with our accountant for preparing end of year accounts and VAT returns, with fourth for preparing payroll, with HMRC and with our pensions provider. We may also disclose specific personal information about you if required by law, governmental request or court order if, based on our good faith belief, it is necessary to conform or comply with such law, request or court order.
We maintain reasonable administrative, technical and physical safeguards in an effort to protect against the loss, theft, unauthorised access, use, modification and disclosure of personal information in our custody and control. We only provide access to personal information to employees and authorised service providers who require such information for the purposes described in this Privacy & Security Policy. To provide you with an increased level of security, online access to certain personal information may be protected with a password you select. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password in any unsolicited communication.
In the event of a merger or transfer of our business to a new owner we may transfer or share information we have about you to a third-party acquirer.
You can request a copy of the personal information we hold on you at any time. If you believe the information we process on you is incorrect you can request to see this information, and have it corrected or deleted. If we are providing a service to you under contract, then it may not be possible to delete your information. We may also be required to retain some parts of your personal information for legal reasons – such as invoice and payment records. Please make a request to access your personal data in writing. There will be no charge for reasonable requests for information and we will respond within 30 days. If it will take longer than 30 days to meet your request, we will advise you accordingly. Where we are acting as a Data Processor for another organisation, we may be required to advise them of your request and for them to fulfil your request. If you wish to raise a request regarding your personal information or to register a complaint on how we have handled your personal data, please contact us at firstname.lastname@example.org. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office at https://ico.org.uk/