Compliance with Applicable Data Protection Laws
EPG Global Ltd. (“we”, “our” or “us”), with its registered office at Sierra Quebec Bravo, 77 Marsh Wall, London, England, E14 9SH, England and Wales registered No. 06708660, is responsible for ensuring compliance with relevant data protection laws including, without limitation, the General Data Protection Regulation and the Data Protection Act 2018.

How We Use Your Personal Data and Whom We Disclose it to
In administering and marketing warranty products, we may collect and process the following categories of personal data:
• Individual details: for example: name, address, telephone number, email address, date of birth, job title, employment history, nationality, place of birth, employer & marital status.
• Claims data: information about warranty claims that may enable the claimant to be identified, for example through the registration details of a particular machine.
• Financial Information: bank details and payment details.
• Identification details: identification numbers issued by government bodies or agencies, passports, driving licences and online identifiers such as IP addresses.

Administering warranty products sold by our partner manufacturers or dealerships
Purpose of Processing Personal Data
Assisting in the administration of warranty products which have been sold to purchasers of machinery from dealerships or manufacturers with whom we have partnered.
For example: assisting in the registrations of warranty details for machinery purchased, issuing warranty contracts, assisting in the administration of warranty claims and the provision of IT services to our partners and their customers.

Categories of Data Processed
• Individual details
• Claims data
• Identification details
• Financial information

Lawful Basis for Processing Personal Data
• Performance of a contract with our partners and assisting our partners in the performance of their contract with warranty purchasers
• Legitimate interest in providing our services
• In instances where the above bases do not apply, consent, which may be withdrawn at any time

Disclosures of Your Data
• To fellow group companies: Shepherd Global Ltd. and its subsidiaries in order to assist in effectively pricing and modelling the insurance coverage which covers the warranty products sold by our partners
• In rare circumstances and where required by law to do so: to courts, law enforcement agencies or other governmental bodies
• To expert loss assessors in order to evaluate a claim
• To IT service providers whom we utilise in the provision of our services
• To lawyers and/or courts in the event of litigation or a dispute

Marketing
Purpose of Processing Personal Data
To provide updates and information about our products and services.

Categories of Data Processed
• Individual details
• Identification details

Lawful Basis for Processing Personal Data
• Consent, which may be withdrawn at any time
• Legitimate interest to market our products and services and to provide relevant information based on marketing preferences

Disclosures of Your Data
• Marketing analytics companies
• Marketing automation platforms
• Customer relationship management (CRM) system providers
• Marketing partners and content creators
• Group companies: Shepherd Global Ltd. and its subsidiaries in order to assist in targeting their marketing

Consent
Where we rely on consent as our lawful basis for processing personal data, this may be withdrawn at any time. Where consent has been given, we may use personal data in any of the ways set out within this Policy. Where you are providing any form of personal data to us on behalf of another, you agree that you will not provide any information to us unless you have the necessary consent of the individual or individuals in question and that you will provide them with a copy of this Policy.

Information Security Safeguards
We have in place electronic, physical and procedural safeguards to ensure that personal data is protected. Such safeguards include firewalls, anti-virus software, security protocols on all devices and access controls. Access to personal data will be restricted to relevant personnel and third parties outlined in the section How We Use Your Personal Data and Whom We Disclose it to.

International Transfers of Personal Data
As a global service provider, we may transfer Personal Data outside of the United Kingdom. Where this is the case, we will ensure that personal data is transferred in compliance with applicable laws to jurisdictions with robust data protection framework and that such data is appropriately safeguarded.

Retention of Personal Data
We will retain personal data for as long as necessary in order for us to provide our services and for as long as the original purpose for which we processed the data exists.

Your Rights
Under data protection law, you have certain rights, these include but are not limited to:
• The right to be informed: individuals have the right to be informed about the collection and use of their personal data.
The right of access: individuals have the right to obtain a copy of their personal data as well as other supplementary information.
The right to rectification: individuals have the right to have inaccurate personal data corrected and, where it is incomplete, completed. If you think we may hold incorrect personal data, please contact us.
The right to erasure: in some circumstances, individuals have the right to be forgotten or to have their data erased.
The right to restrict processing: individuals have the right to request the restriction or submission of processing activities. This right is not absolute and only applies in certain situations.
The right to data portability: this right allows individuals to obtain and reuse their personal data for their own purpose across different services. Individuals may also request that their information be transferred from one IT environment to another in a safe and secure way.
The right to object: individuals may have the right to object to processing of their personal data in circumstances where the personal data is processed for: a task in the substantial public interest, the exercise of official authority vested in us and where we rely on a legitimate interest as the grounds for processing. Individuals have an absolute right to stop their data being used for direct marketing activities.
Rights related to automated decision making including profiling: solely automated decision-making, without any human involvement, with legal or similarly significant effects may only be carried out where the decision is: necessary for entering into or performance of a contract, authorised by law or based on individual’s explicit consent.

Communications & Marketing
We may use your Personal Data to contact you with newsletters, events information or company updates. We do not sell, trade or rent personal data to any other company or organisation. Your details will only be shared with third parties as set out in the section How We Use Your Personal Data and Whom We Disclose it to.
We will respond to you in a timely manner to any requests to correct inaccuracies regarding your personal information and marketing preferences. To do so, please return the message containing the inaccuracies to the sender with details of the correction requested.
If you do not wish to receive any further information from us either by email, please contact us with your instructions to us. You may find the relevant contact details below.

Cookies and Use of Our Website
We operate www.epgglobal.com (the Site) and, like many companies, utilise cookies to enhance your browsing experience. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser and are stored on the hard drive of the device you are using to access the Site.
The Site also utilises Google Analytics provided by Google, Inc. Google Analytics also uses cookies to analyse and track how users use the Site. The information will be used by us to understand how we may improve our Site and the user experience and to track where people are viewing the Site from, what pages they are viewing and what times they are visiting the Site. The information tracked by Google Analytics will include your IP address and will be transmitted and stored in Google’s servers in the United States of America. Google may pass this information to third parties if it is required to do so by law or where Google may use third parties to help process the data. By using the Site, you consent to the processing of this data about you by Google for the purposes set out hitherto.
Depending on your browser, you may refuse the use of cookies. However this may affect the functionality of the Site.

Updates to this Privacy and Cookie Policy
This Privacy and Cookie Policy is effective as of 9th June 2020. We reserve the right to update or change our Privacy and Cookie Policy at any time and you should check this Policy periodically. Your continued use of our services and this Site after we publish any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy and Cookie Policy.

Contact Us
If you have any questions regarding this Privacy and Cookie Policy or our practices, please contact us in one of the following ways:
In writing: The Data Protection Officer
EPG Global Ltd.
South Quay Building,
77 Marsh Wall,
London, E14 9SH

Phone: +44 (0)207 719 8550
Email: lewis.sage@shepherdglobal.com

Complaints
If you wish to make a complaint regarding the way in which we are handling personal data, please contact us in the first instance using the details above.
You may also contact the Information Commissioner’s Office (ICO). The ICO is the body tasked with regulating the handling of data in the UK. You may contact the ICO in the following ways:

In writing: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow, SK9 5AF

Telephone: 0303 123 1113 (UK only)
+44 1625 545 7000 (Outside of the UK)
Website: https://ico.org.uk/
EPG Global Ltd. is registered with the ICO with the reference number: ZA762744.