Compliance with Applicable Data Protection Laws EPG Global Ltd. (“we”, “our” or “us”), with its registered office at South Quay Building, 77 Marsh Wall, London, England, E14 9SH, England and Wales registered No. 06708660, is responsible for ensuring compliance with relevant data protection laws including, without limitation, the General Data Protection Regulation and the Data Protection Act 2018.
How We Use Your Personal Data and Whom We Disclose it to In administering and marketing warranty products, we may collect and process the following categories of personal data: • Individual details: for example: name, address, telephone number, email address, date of birth, job title, employment history, nationality, place of birth, employer & marital status. • Claims data: information about warranty claims that may enable the claimant to be identified, for example through the registration details of a particular machine. • Financial Information: bank details and payment details. • Identification details: identification numbers issued by government bodies or agencies, passports, driving licences and online identifiers such as IP addresses.
Administering warranty products sold by our partner manufacturers or dealerships Purpose of Processing Personal Data Assisting in the administration of warranty products which have been sold to purchasers of machinery from dealerships or manufacturers with whom we have partnered. For example: assisting in the registrations of warranty details for machinery purchased, issuing warranty contracts, assisting in the administration of warranty claims and the provision of IT services to our partners and their customers.
Categories of Data Processed • Individual details • Claims data • Identification details • Financial information
Lawful Basis for Processing Personal Data • Performance of a contract with our partners and assisting our partners in the performance of their contract with warranty purchasers • Legitimate interest in providing our services • In instances where the above bases do not apply, consent, which may be withdrawn at any time
Disclosures of Your Data • To fellow group companies: Shepherd Global Ltd. and its subsidiaries in order to assist in effectively pricing and modelling the insurance coverage which covers the warranty products sold by our partners • In rare circumstances and where required by law to do so: to courts, law enforcement agencies or other governmental bodies • To expert loss assessors in order to evaluate a claim • To IT service providers whom we utilise in the provision of our services • To lawyers and/or courts in the event of litigation or a dispute
Marketing Purpose of Processing Personal Data To provide updates and information about our products and services.
Categories of Data Processed • Individual details • Identification details
Lawful Basis for Processing Personal Data • Consent, which may be withdrawn at any time • Legitimate interest to market our products and services and to provide relevant information based on marketing preferences
Disclosures of Your Data • Marketing analytics companies • Marketing automation platforms • Customer relationship management (CRM) system providers • Marketing partners and content creators • Group companies: Shepherd Global Ltd. and its subsidiaries in order to assist in targeting their marketing
Consent Where we rely on consent as our lawful basis for processing personal data, this may be withdrawn at any time. Where consent has been given, we may use personal data in any of the ways set out within this Policy. Where you are providing any form of personal data to us on behalf of another, you agree that you will not provide any information to us unless you have the necessary consent of the individual or individuals in question and that you will provide them with a copy of this Policy.
Information Security Safeguards We have in place electronic, physical and procedural safeguards to ensure that personal data is protected. Such safeguards include firewalls, anti-virus software, security protocols on all devices and access controls. Access to personal data will be restricted to relevant personnel and third parties outlined in the section How We Use Your Personal Data and Whom We Disclose it to.
International Transfers of Personal Data As a global service provider, we may transfer Personal Data outside of the United Kingdom. Where this is the case, we will ensure that personal data is transferred in compliance with applicable laws to jurisdictions with robust data protection framework and that such data is appropriately safeguarded.
Retention of Personal Data We will retain personal data for as long as necessary in order for us to provide our services and for as long as the original purpose for which we processed the data exists.
Your Rights Under data protection law, you have certain rights, these include but are not limited to: • The right to be informed: individuals have the right to be informed about the collection and use of their personal data. • The right of access: individuals have the right to obtain a copy of their personal data as well as other supplementary information. • The right to rectification: individuals have the right to have inaccurate personal data corrected and, where it is incomplete, completed. If you think we may hold incorrect personal data, please contact us. • The right to erasure: in some circumstances, individuals have the right to be forgotten or to have their data erased. • The right to restrict processing: individuals have the right to request the restriction or submission of processing activities. This right is not absolute and only applies in certain situations. • The right to data portability: this right allows individuals to obtain and reuse their personal data for their own purpose across different services. Individuals may also request that their information be transferred from one IT environment to another in a safe and secure way. • The right to object: individuals may have the right to object to processing of their personal data in circumstances where the personal data is processed for: a task in the substantial public interest, the exercise of official authority vested in us and where we rely on a legitimate interest as the grounds for processing. Individuals have an absolute right to stop their data being used for direct marketing activities. • Rights related to automated decision making including profiling: solely automated decision-making, without any human involvement, with legal or similarly significant effects may only be carried out where the decision is: necessary for entering into or performance of a contract, authorised by law or based on individual’s explicit consent.
Communications & Marketing We may use your Personal Data to contact you with newsletters, events information or company updates. We do not sell, trade or rent personal data to any other company or organisation. Your details will only be shared with third parties as set out in the section How We Use Your Personal Data and Whom We Disclose it to. We will respond to you in a timely manner to any requests to correct inaccuracies regarding your personal information and marketing preferences. To do so, please return the message containing the inaccuracies to the sender with details of the correction requested. If you do not wish to receive any further information from us either by email, please contact us with your instructions to us. You may find the relevant contact details below.
Complaints If you wish to make a complaint regarding the way in which we are handling personal data, please contact us in the first instance using the details above. You may also contact the Information Commissioner’s Office (ICO). The ICO is the body tasked with regulating the handling of data in the UK. You may contact the ICO in the following ways:
In writing: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow, SK9 5AF
Telephone: 0303 123 1113 (UK only) +44 1625 545 7000 (Outside of the UK) Website: https://ico.org.uk/ EPG Global Ltd. is registered with the ICO with the reference number: ZA762744.