As a leading private investment company, ESRG Group is committed to protecting the privacy of individuals and to the responsible use of email marketing.
This policy explains how and why we use personal information.
We are ESRG Group Limited (“ESRG”), a company registered in England and Wales (Company No 08700726) with its registered office at Regus House, Herons Way, Chester Business Park, Chester, CH4 9QR.
What information do we collect?
If you purchase services from us, communicate with us, or do business with us, this will result in us collecting personal data about you (for example, we collect the name, address, email, fax and telephone number of business contacts).
We also collect information if you fill in a form, complete a survey, etc., which may include contact information that we decide to use for marketing purposes (please see ‘Marketing’ below). We do not normally collect sensitive personal data. In the event you provide us with any sensitive personal data, we will take extra care to ensure your rights are protected.
Third party sources. We sometimes collect additional information about actual or prospective customers from third party sources. Most of the time this won’t be personal data (for example, we might obtain information about a company’s business and performance), though on occasion we may receive personal data (such as a person’s work email or telephone number, or details of their role within a business).
How we use your information
We only ever use your personal data with your consent, or to the extent necessary to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or for our own (or a third party’s) lawful interests (such as marketing, internal record keeping, market research or to improve our products) provided your rights don’t override these;
- we will only use your information for the purpose it was collected (or for similar/related purposes). For our clients, this includes using personal data to the extent necessary to perform our contractual obligations (such as administering their accounts and providing them with services);
- we will never sell your personal data or share it with third parties who might use it for their own purposes;
We use personal information (such as email addresses) to market and promote our services.
You can choose to ‘opt out’ of ESRG Group marketing communications by clicking the ‘unsubscribe’ link at the bottom of our emails. If you wish to change your contact details or preferences, please email us at email@example.com
Information for email recipients
This policy primarily covers how we use data relating to our customers, prospects, website visitors and people who interact with or do business with us. In these cases, we will be the “data controller” for the purposes of data protection law.
We are required by law to hold your information for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as data controller.
ESRG Group (or any of its associated companies) will only share data with other entities when legally obligated for example, Medical records/workplace pension schemes, if applicable. In addition to this we also have legal and regulatory obligations to share your data with government bodies (HMRC) or relevant Regulators and we may also disclose your information for fraud prevention purposes.
Please note: We will not under any circumstances share or process your data for any marketing purposes unless you have opted-in for us to do so.
We provide web-based contact form (and application forms) which help us manage and execute permission-based, multi-channel marketing campaigns. Our terms and conditions prevent us from sending unsolicited ‘spam’ emails as it has a negative impact on the Internet and its users. It squanders resources and wastes the time and money of recipients.
If you have a received an email or other communication sent by us that you believe is spam or in violation of our acceptable use policies, please contact our team at firstname.lastname@example.org.
We employ a variety of technical and organizational measures to keep personal data safe and to prevent unauthorized access to or use or disclosure of it. We take our position seriously and believe part of being a leading company involves upholding security practices.
We normally only store data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organization that is certified under the EU-US Privacy Shield Framework).
We archive most information provided to us by clients as soon as services are ceased, and data will cycle out of long-term backups up to 2 years later. We store logs of outbound emails for up to 12 months after the email is sent for the purposes of handling complaints and compliance monitoring.
We will continue to store limited information about the client (including transaction records) for up to 6 years for accounting, record keeping and administrative purposes. If we consider there is a need to store records for longer (for example, the client has been the subject of a dispute or claim) then we will retain the data for as long as is necessary.
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which (for individuals) are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request);
- the right to have inaccurate data rectified; and
- the right to object to your data being used for marketing or profiling.
If you would like further information on your rights or wish to exercise them, please write to: The Data Protection Officer, ESRG Group, Regus House, Herons Way, Chester Business Park, Chester, CH4 9QR or email email@example.com
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Changes to this statement