essensys will use personal data legally and securely regardless of the method by which it is collected, recorded, used, and whether we hold it within our products, network or device, in filing systems or on paper. We regard the proper and good management of personal data as crucial to the success of our business. Observing good data protection practice plays a huge role in maintaining customer confidence. We ensure that essensys respects privacy and treats personal data lawfully and correctly.
- We use internationally recognised frameworks to ensure the quality and information security of data is at the forefront of our business.
- We have assigned a Data Protection Officer for any data related concerns.
- Responsibility for each system or product’s data protection compliance is assigned to one or more individuals.
- Our collection and use of personal data complies with the data protection principles, data subject rights, relevant regulations and codes of practice, wherever we are acting as Controller.
- We provide appropriate privacy notices through whatever means we collect personal data, such as on application forms, products, web pages and via telephone wherever we are acting as Controller
- Appropriate technical and organisational measures for all of our products and Group IT systems are implemented to ensure a level of security appropriate to the risks.
- Everyone managing and handling personal data understands that they are contractually responsible for following the good data protection practice set out in this policy and the supporting guidance and standards.
- Everyone managing and handling personal data is appropriately trained, supervised and audited
- Our privacy notices make clear to anyone that wants to make enquiries about our personal data processing, can do so through the Data Protection Officer or the product’s designated data protection representative.
- Our handling and processing of personal information are regularly risk-assessed and evaluated.
- A corporate procedure is in place to report and investigate personal data breaches without undue delay.
- We keep the statutory records required under GDPR as well as any further records required to demonstrate compliance, such as risk assessments, policies, working procedures, records of consent and so on.