All data subjects whose personal data is collected, in line with the requirements of the GDPR.
2.1 The [Data Protection Officer (DPO) Benjamin Dooley] and [Premier EPOS Managing Director Kris Bark] are responsible for ensuring that this notice is made available to data subjects prior to UK Mapping & EPOS Solutions Ltd. (Trading as and henceforth referred to as Premier EPOS) collecting/processing their personal data.
2.2 All Employees/Staff of Premier EPOS who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and that either their consent to the processing of their data is secured or they are made aware that their data is being processed under legitimate interest or another lawful basis in any cases where this applies.
3. Privacy notice
3.1 Who are we?
Premier EPOS are a limited software as a service organisation. Premier EPOS provides EPOS Software, Computers, Terminals, Point of Sale Peripherals and other such Hardware to businesses of every retail sector, and offers a support service to go alongside the use of their hardware/software. Premier EPOS also provide both website design and ecommerce website integration services and periodically hold events and training sessions at their premises.
Our [Data Protection Officer (DPO) Benjamin Dooley], [Managing Director Kris Bark] and data protection representatives can be contacted directly here:
• Unit A, 24 Kelvin Road, Wallasey, Merseyside, England, CH44 7JW, 0330 380 0142
The personal data we would like to collect from/process on you is as follows:
Personal data type: Company Name
Source:Landing Pages, Tradeshows, Sales/Demo Calls, Walk-In’s, Business Cards, Product/Service Purchases, Social Media, Companies House (Public Domain), Online Search Engine (Public Domain), Premier EPOS Blog
Personal data type: Full Name
Source:Landing Pages, Tradeshows, Sales/Demo Calls, Walk-In’s, Business Cards, Product/Service Purchases, Product Downloads, Social Media, Premier EPOS Blog
Personal data type: Email Address
Source:Landing Pages, Tradeshows, Sales/Demo Calls, Walk-In’s, Business Cards, Product/Service Purchases, Product Downloads, Social
Media, Premier EPOS Blog
Personal data type: Phone Number
Source:Landing Pages, Tradeshows, Sales/Demo Calls, Walk-In’s, Business Cards, Product/Service Purchases, Social Media, Premier EPOS Blog
Personal data type: Business Address/Postal Address
Source:Landing Pages, Tradeshows, Sales/Demo Calls, Walk-In’s, Business Cards, Product/Service Purchases, Social Media, Companies House (Public Domain), Online Search Engine (Public Domain) , Premier EPOS Blog
Personal data type: Company Details (Number of sites, Number of EPOS terminals)
Source:Sales/Demo Calls, Product/Service Purchases
Personal data type: Computer Name, IP and MAC Addresses
Source:Product/Service Purchases, Product Usage
Personal data type: Your Customers and Staff Personal Data as covered in article 3.8
Source:Product Usage. See Article 3.8 for more information.
Personal data type: Encrypted Binary Fingerprint Data as covered in article 3.8
Source:Product Usage. See Article 3.8 for more information.
Personal data type: Social Media Account
Source:Social Media, Sales/Support/Demo Call, Product Usage, Tradeshows, Business Cards, Premier EPOS Blog
Personal data type: Teamviewer ID and Password for Terminals and Computers
Source:Sales/Support/Demo Call, Product Usage
Personal data type: Invoices and Payment Details
Personal data type: Web Browser Cookies
Source:Landing Pages, Social Media, Website Usage
The personal data we collect will be used for the following purposes:
• Support related processes for our customers – Remote access to terminals in order to resolve customers’ issues. Contacting customers to deliver updates on any outstanding issues/problems. Liaising with other 3rd party contacts for a customer in order to resolve inter-system connection issues.
• Sending software updates and/or business specific information to our customers.
• Direct Marketing to our customers and all individuals who have submitted data and have shown interest in our products/systems. Emails, SMS and Direct Mail.
• Contact through Social Media.
• Invites to any events that Premier EPOS are holding.
• Uploading to Facebook in order to create lookalike audiences in order to help drive future sales.
• Displaying targeted online display adverts regarding our products/services.
Our legal basis for processing for the personal data:
• Legitimate Interest on behalf of the business towards individuals who have shown interest in our products and/or services.
• Contractual processing for all customers currently under warranty or paying using finance and/or the Premier EPOS weekly payment plan.
• Consent in the case of any specific Special Category Data.
Any legitimate interests pursued by us, or third parties we use, are as follows:
• Targeting of ideal customers/target market of business owners who have/might show interest in the Premier EPOS System or accompanying hardware.
• The need to contact all current customers with news on product updates, specific news/information, offers or sales relating to Premier EPOS software/hardware.
• Sharing of information/courses intended to help business owners develop their own businesses further.
• Continuing to sell the Premier EPOS software/hardware in order for Premier EPOS as a business to continue to develop/grow.
The special categories of personal data concerned are:
• Encrypted Binary Fingerprint Data from Premier EPOS Users
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
Where consent is required for Premier EPOS to process both types of personal data, but it must be explicitly given, however, where any other legal basis for processing the data is used, the specific basis will be outlined within this document. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.
If your data is being processed under the lawful basis of consent, then you may withdraw consent at any time by contacting Premier EPOS at firstname.lastname@example.org or calling 0330 380 0142 and informing Premier EPOS that you have withdrawn consent for specific forms of processing.
If your data is being processed under any other lawful basis, then you may get in contact with Premier EPOS using the same channels and request that the processing of your data comes to an end. Premier EPOS will evaluate your request and reply within 1 calendar month to let you know the outcome.
Premier EPOS will pass on your personal data to third parties under varying lawful bases depending on which applies to your personal data. If your data is being processed under the lawful basis of consent, then the third parties below will be fully outlined in the terms of the consent agreement. The following third parties will receive your personal data for the following purposes as part of the processing activities:
Third country (non-EU)/international organisation - Safeguards in place to protect your personal data - Retrieve a copy of the safeguards in place here:
MailChimp – Atlanta USA Fully compliant with EU/Swiss Privacy Shield. Secure Account and Password Used. bit.ly/2xkV6Ye
Facebook – Dublin Ireland EU Data Processing Centre, Head Office – California USA Secure Account and Password Used. Facebook is working towards becoming fully GDPR compliant. www.facebook.com/business/gdpr
Google – EU (Ireland, Netherlands, Finland, Belgium) Head Office – California USA Secure Account and Password that only Management Level staff have access to. bit.ly/2xkuCGu
3.4 Retention period
Premier EPOS will process and store personal data for 6-18 months if collected on the Google/Facebook advertising platforms as defined within their terms and conditions. Premier EPOS will process and store personal data for 7 years minimum if required to be kept for HMRC purposes. Premier EPOS will process personal data for 2 years and store it for 10 years for legitimate interest data as Premier EPOS has had multiple customers purchase products/services after this length of time from initial contact, justifying the stated period. Contractual data will be processed and stored on a per-contract basis, for as long as the term of the contract lasts for and all financial processing and warranty terms have been completed. Any data given with consent for processing will be processed and stored until consent is withdrawn.
3.5 Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that Premier EPOS refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.
All of the above requests will be forwarded on should there be a third party involved (as stated in 3.4 above) in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being processed by Premier EPOS (or third parties as described in 3.4 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Premier EPOS’s data protection representatives [Data Protection Officer (DPO) Benjamin Dooley] / [Managing Director – Kris Bark].
The details for each of these contacts are:
Supervisory authority contact details
Contact Name: ICO (Information Commissioner’s Office)
Address line 1: The Information Commissioner’s Office, Wycliffe House
Address line 2: Water Lane
Address line 3: Wilmslow
Address line 4: Cheshire
Address line 5: SK9 5AF
Telephone: 0303 123 1113
[Data Protection Officer (DPO)] contact details
Contact Name: Benjamin Dooley
Address line 1: Premier EPOS
Address line 2: Unit A, 24 Kelvin Road
Address line 3: Wallasey
Address line 4: Merseyside
Address line 5: CH44 7JW
Telephone: 0330 380 0142
3.7 Privacy statement
Read more about how and why we use your data here bit.ly/2GWKRJt
Interaction with 3rd party provider UK Mapping & EPOS Solutions Ltd. (Trading as and henceforth referred to as Premier EPOS) Unit A, 24 Kelvin Road, Wallasey, Merseyside, England, CH44 7JW, +44(0)151 638 0404 with regards to EPOS terminals, and computer-based system that runs any form of the Premier EPOS software and personal data handling.
Last Updated May 24 2018.
Premier EPOS interacts with multiple pieces of personal data on a per business basis from the point of entry into our customer database through the Premier EPOS software. Including but not limited to:
• Company Name
• Full Name
• Phone Numbers
• Postal Addresses
• Email Addresses
• Date of Birth
• Customer Grouping
• General Customer Statistics
• Customer Transaction History
Premier EPOS’ interaction with the personal data is purely for support purposes, they do not process it for any other purpose and will not contact you using this data, or submit the data to any 3rd party. All data transfers take place through secure channels, and all data is stored safely and securely on hardware within the EU. All necessary precautions have been taken with the software, transfer procedures, and staff training to make sure that all personal data is treated properly with minimal chance of a data breach. In the event of a data breach by Premier EPOS, the ICO and the business that hold the data will be notified within 72 hours so that the affected customers can be informed, and that all necessary procedures can be followed to rectify the situation. By submitting a Subject Access Request you will also receive all data that Premier EPOS has stored about you through the Premier EPOS system within the allotted 1 month time period. In the event of a request for data removal, it falls to the business that holds the data to check whether or not the data is legally required to be kept, and in the event that it is not required the business that holds the data will initiate the data removal process from the Premier EPOS system.
In the case of special category data such as Child data, it is required that the business that holds the data follows the full lawful process of gaining explicit consent from the individual for that data to be processed, transferred and securely stored using the Premier EPOS system. Non-Compliance to gain consent for the processing of Personal Data is a direct breach of the GDPR and is likely to incur a warning and/or fine. In the case of any special category data, Premier EPOS will take all the necessary requirement to have as little interaction as possible whilst still functioning as a support platform. If Premier EPOS requires to directly process/use any special category data then the business that holds the data is required to act as an intermediary in the process of contacting and gaining consent from the affected individuals, and new consent must be given for Premier EPOS to directly process/use the data before it will do so.
Premier EPOS interacts with some personal data on a purely support related basis through the Premier EPOS software (Including but not limited to):
• Company Name
• Full Name
• Phone Numbers
• Postal Addresses
• Email Address
• Date of Birth
• Staff Rank/Position within business
• Staff Member Photograph
• Management Notes on Staff Member
Premier EPOS will take measures to have as little interaction as possible with the following data, however in the case of secure data backups, this data will also be transmitted to the Premier EPOS server for use in the eventuality of software/hardware failure or a data breach.
• Contract Hours
• Staff Qualifications
• SQP Training Status
Special Category Data will not be processed by Premier EPOS and will only be stored as secure encrypted files for the purpose of software backups in the case of hardware/software failure or a data breach. The business that processes the data is required to gain explicit consent from all staff members that submit special category data for processing through the Premier EPOS system in order to legally comply with the GDPR. All fingerprint data is stored as encrypted binary data and cannot be used to replicate an image of the fingerprint in any form, it is solely accessible by the integrated fingerprint readers on the EPOS terminals. Once this data is removed from the database of the business that processes the data, the process will begin to remove the records from the Premier EPOS secure server so long as the data is not required to be kept for any legally binding reasons.
• Biometric Fingerprint Data
• Registered Disabilities
• N.I. Number
Premier EPOS will keep a secure database backup for up to 6 months from point of creation or until enough subsequent backups have been transferred to render the original obsolete. When the 6 month period is reached or the data becomes obsolete, Premier EPOS will follow a predetermined process to remove the data from their systems and servers.
If you wish to request any more information regarding Premier EPOS involvement with your personal data, then please contact email@example.com with a subject line of ‘DPO: , with your query and make sure to reference the business that processes the data as your primary data holder for the process of inquiry.
4. Online privacy statement
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
How we use your information
The Information We Collect and Use:
By information we mean information about you collected through our Service website(s), including your email address and other information you provide to us by registering for or purchasing our products/services or making requests for information about our products/services. Any information provided to us will be retained and used solely for the purposes of fulfilling your request for information, fulfilling a request through a Site feature, performing and carrying out the terms of the Service, communicating with you as a member of the Service, or for one or more of the methods stated within the Premier EPOS Privacy Notice.
Registration for/Purchasing of the Services/Products is not required to simply view the Site. If you elect to register/purchase a Service/Product, UK Mapping and EPOS Solution ltd (trading as Premier EPOS) asks you for information that enables us to provide the Service or deliver a product. You will be registering with UK Mapping and EPOS Solution ltd (trading as Premier EPOS) on the form provided and such registration may require you to provide contact information (Personal Data) such as your name and email address and in some cases consent will be required with the submission of data.
From time to time, we may collect general, statistical information about the use of the Site and the Service, such as how many visitors visit a specific page on the Site, how long they stay on that page, and which hyperlinks, if any, they "click" on. We collect this information through the use of technologies such as "cookies", "IP addresses" and third-party website monitoring programs, which are discussed in greater detail below. We may also group this information into aggregate visitor data in order to describe the use of the Site and Service to our existing or potential business partners or other third parties, or in response to a government request. However, please be assured that this aggregate data will in no way be used to personally identify you, other list members or any other visitors to the Site.
An IP address is a number that's automatically assigned to your computer whenever you're surfing the web. Web servers, the computers that "serve" web pages, automatically identify your computer by its IP address. Premier EPOS collects IP addresses for purposes of system administration, to report aggregate information to third parties and to track the use of the Site. When visitors request pages from the Site or click on a link in a mailing sent through the Service our servers log the visitors' IP addresses. We reserve the right to process IP addresses under the lawful basis of legitimate interest to identify a visitor or list member when it will enhance the users experience, or if we feel it is necessary to enforce compliance with the Site's policies or to protect Company, the Site, its visitors, the Service, our Internet Service Provider partners, the list members or others.
Clear Gifs (Web Beacons / Web Bugs)
Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly in HTML files and are about the size of the period at the end of this sentence.
We may use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you no longer wish to receive our newsletter or other promotional communications by email, you may opt-out of receiving them by following the instructions included in each communication.
We may store information that we collect through cookies and clear gifs to create a "profile" of your preferences. We may tie your personal information to information in the profile to provide tailored promotions and marketing offers or to improve the content of the Site for you. We do not share your profile with third parties.
Information Sharing and Disclosure:
Agents and Third Party Service Providers
To provide the Service to you, we may sometimes use other businesses to perform certain specialized services such as data processing or other technology services. In such instances, we may provide your personal information to those businesses but they are not permitted to retain or use your information for any other purpose.
Change of Control / Asset Transfer
As the Company develops, we may buy other businesses or their assets or sell all or parts of our business assets. Customer information is generally one of the business assets involved in such transactions. Thus, in the event that the assets of the Company in whole or in parts are acquired by a third-party, customer information, including any visitor information collected through the Site or the Service, would be one of the transferred assets. In the event of a corporate change in control or sale of all or parts of our business assets our users will be notified in accordance with the "Changes to this Policy" section of the policy if their personal information is provided to the new corporate entity or asset purchaser.
Company reserves the right to disclose member information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) Premier EPOS’s rights or property, other visitors, list members, or anyone else that could be harmed by such activities. Premier EPOS also reserves the right to disclose visitor or list member information when we believe in good faith that the law requires it.
Communications From Premier EPOS:
Based upon the information you provide us, we will communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We may communicate with you by email, telephone, SMS or social media message.
Newsletters and Promotions
We may provide you the opportunity to opt-in to additional newsletters or promotional communications sent by email. If you have opted in or otherwise qualify to receive these forms of communication, we will use your name and email address to communicate with you. Out of respect for your privacy, we provide you a way to unsubscribe. Please see the "Choice and Opt-out" section.
Service Email messages are required to fulfil the Service to you. You may opt out of these communications, which are not promotional in nature. If you do not wish to receive them you may opt-out and/or deactivate your account by following the instructions included in each communication (every email that we send you for non-response means will include an unsubscribe link at the bottom) or by contacting UK Mapping and EPOS Solution ltd (trading as Premier EPOS) Support at firstname.lastname@example.org
We may provide you the opportunity to opt-in to additional newsletters or promotional communications sent by email. If you have opted in or otherwise qualify to receive these forms of communication, and no longer wish to receive our newsletter or other promotional communications by email, you may opt-out of receiving them by following the instructions included in each communication.
Security and Information Protection:
The security of your information is important to us. When you enter sensitive information (such as a credit card number) on our payment forms, we encrypt that information using Secure Socket Layer (SSL) technology.
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach Premier EPOS will follow their data breach procedure, they will notify the relevant authorities within 72 hours, and will attempt to notify any affected parties as soon as possible.
Protecting the security of your personal information is very important to us. When we store information that you have provided to us when registering/purchasing our services/products, that information is protected by security measures that include "firewalls" (a combination of computer hardware and software that helps keep unauthorized visitors from accessing information within our computer network), "intrusion detection systems" (a combination of computer hardware and software that helps detect any unauthorized visitors) and other tools such as data encryption and physical security, where appropriate. Unfortunately, no data transmission over the Internet or data repository can be guaranteed to be 100% secure. Again Premier EPOS will follow its data breach procedure in the case of a data breach and will notify the relevant authorities within 72 hours and all affected individuals as soon as possible.
Links to Other Sites
We do not knowingly collect information from children under the age of 16 on the Site or through the Service as it is classified as special category data and as such requires a specific form of collecting consent for processing said data which is not included on any of our information/signup forms. If you are under the age of 16, please do not provide any information to us. If we become aware that we have collected information from a child under the age of 16, we will make commercially reasonable efforts to delete such information from our database.
Changes to this Policy:
Premier EPOS aims to ship all products within 7 working days through either Royal Mail, DPD or TNT, if the shipping date is to be delayed beyond this point for any reason, Premier EPOS aims to inform any affected customers as quickly as possible to notify them of the change.
How will Premier EPOS use the personal data it collects about me?
Premier EPOS will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Premier EPOS is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will Premier EPOS contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure. Premier EPOS might contact you under one of the following pretenses:
• Replying to/Following up about/Inquiring about a sales query.
• Responding to/Providing information relating to a support query.
• Direct marketing pieces relating to Premier EPOS hardware/software.
• Relevant information that Premier EPOS wishes to share with its customers and leads.
Can I find out the personal data that the organisation holds about me?
Premier EPOS at your request, can confirm what information we hold about you and how it is processed. If Premier EPOS does hold personal data about you, you can request the following information:
• Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
• Contact details of the data protection officer, where applicable.
• The purpose of the processing as well as the legal basis for processing.
• If the processing is based on the legitimate interests of Premier EPOS or a third party, information about those interests.
• The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
• How long the data will be stored.
• Details of your rights to correct, erase, restrict or object to such processing.
• Information about your right to withdraw consent at any time.
• How to lodge a complaint with the supervisory authority.
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
• The source of personal data if it wasn’t collected directly from you.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
Premier EPOS accepts the following forms of ID when information on your personal data is requested:
• Full or provisional driving licence
• Birth certificate
• Utility bill (from last 3 months)
Contact details of the [Data Protection Officer (DPO)] / [Managing Directors]:
Contact Names: (DPO)Benjamin Dooley, (MD) Kris Bark
Address line 1: Premier EPOS, Unit A, 24 Kelvin Road
Postcode: CH44 7JW
Telephone: 0330 380 0142
Document Owner and Approval
The [Data Protection Officer (DPO) Benjamin Dooley] / [Managing Director – Kris Bark] are the owners of this document and are responsible for ensuring that this record is reviewed in line with the review requirements of the GDPR.
A current version of this document is available to all members of staff on the ‘Premier EPOS Staff Documents Server’ and is published online at http://www.premierepos.co.uk/privacy-policy
Signature: Benjamin Dooley– Data Protection Officer
Date: 25 May 2018
Change History Record:
Issue - Description of Change - Approval - Date of Issue
1 - Initial issue - Managing Directors - 25/May/2018