General Data Protection Privacy (GDPR) Policy
This policy relates to information stored by ECOUREA gained through our website (www.ecourea.com) and in the normal course of our business (operating from 1 Bridge Street, York, YO1 6DD) where our staff are collecting data and information from customers and potential customers.
It also refers to the umbrella holding company (www.prasinusholdings.com) of which ECOUREA is part.
We are registered with the Information Commissioner’s Office under the Data Protection Register. Details of our registration number and our IP address are available on request.
This policy covers our approach towards the lawfulness, fairness, integrity, and transparency of our data storage.
Under the GDPR we will store and control data and personal information electronically under these bases:
Consent: as customer and potential customer for commercial purposes
Contract: as a contractor, or as a customer having entered into a contract for our services
Legal: as a result of any legal proceedings or where legality is needed for the pursuance of business
Business interests: for the furtherance of legitimate business interests
Other interests: as a third party (such as a charitable or community organisation) that has entered into a relationship or partnership with us
Criminal offence: for any party which has committed a criminal offence against our company
Data processing and bases for holding information
We process information by collecting essential contact details either electronically or physically and then transposing to an electronic basis, storing these electronically, and saving in our Customer Relations Management database.
We will retain, and continue to process information, under these bases until consent is withdrawn or it is determined that consent no longer exists.
We do not share information with any third parties. This is because (1) we will ensure compliance with the GDPR and (2) doing so would be detrimental to our business.
Under the GDPR we will grant: the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object; and the right not to be subject to automated decision-making including profiling. We handle subject access requests in accordance with the GDPR.
Internet and website
Under the GDPR and PECR we use the consent lawful basis for any marketing. We will only collect certain data and record key business elements such as IP addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We always provide an easy method to withdraw consent by unsubscribing.