Privacy notice

Privacy Notice

This document demonstrates our commitment to protecting the privacy and security of personal information we collect and keep. The statement contains information regarding how we collect and use personal data or personal information about you in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force. 


In accordance with that legislation, when are committed to;


  • processing information fairly, lawfully and in a clear, transparent way
  • collecting data that we have a genuine reason for collecting, and only in ways that have been explained before data is collected
  • only using information in the way that we have explained
  • ensuring our data is correct and up to date
  • keeping data for only as long as we need it
  • processing data in a way that ensures it will not be lost or destroyed or used for anything that has not been consented to.


EP:IC Consultants Ltd is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to our employees, contactors and research / involvement participants.


“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.


This privacy notice (also called a data protection compliance statement) applies to current and former employees, workers and contractors, as well as those who have provided their views for research or engagement purposes.


Details of the information we hold.


The list below identifies the kind of data that we will hold about employees and / or contractors:


  • personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • date of birth
  • your photograph
  • gender
  • marital status
  • dependants, next of kin and their details
  • National Insurance number
  • bank account details, payroll records and tax codes
  • salary, pension and benefits information
  • leave records including annual leave, family leave, sickness absence etc
  • start date
  • location of employment or workplace
  • copy of photographic ID
  • information included on your CV including references, education history and employment history
  • documentation relating to your right to work in the UK
  • information used for equal opportunities monitoring about your sexual orientation, religion or belief and ethnic origin
  • medical or health information including whether or not you have a disability
  • current and previous job titles, job descriptions, pay grades, training records, hours of work, professional membership and other terms and conditions relating to your employment with us
  • compensation history
  • internal performance information
  • information and relevant communications regarding disciplinary and grievance issues


The following list identifies the kind of data that that we will process and which falls within the scope of “special categories” of more sensitive personal information:


  • information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions
  • trade union membership
  • information about your health, including any medical conditions and disabilities
  • information about criminal convictions and offences


The list below identifies the kind of data that we will hold following participation in research / engagement activities. Since all engagement activities are different, this list will not be true for everyone:


  • personal contact details such as name and title, prison numbers (where applicable) and the names of service/s being used.
  • date of birth or age categories
  • gender
  • information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions
  • signed consent forms
  • information told to us by the participant about their health, including any medical conditions and disabilities
  • information told to us by the participant about their criminal convictions and offences
  • Participants’ opinions and attitudes towards certain topics, which have been spoken about in interview / engagement.


How we collect personal data


Employee and contractors’ personal information is obtained through the application and recruitment process, this may be directly from candidates, via an employment agency or a third party who undertakes background checks (such as the Disclosure and Barring service, with your consent). Further information will be collected directly from the employee through self-completion forms at the start of the employment period. Other details may be collected directly from you in the form of official documentation such as your driving licence, passport or other right to work evidence. Personal data is kept in personnel files or within our HR and IT systems.


Engagement participants’ personal information is obtained through electronic, written or verbal correspondence, or through meetings in person.


Processing infromation


We will only use personal information in accordance with the law. At least one of the following will apply when we process personal data:


  • consent: You have given clear consent for us to process your personal data for a specific purpose.
  • contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
  • legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).



Sharing data


Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties. This includes, for example, those involved in analysis of engagement data will need to see this data, and the HR team will need to see employee data.


The list below identifies which activities are carried out by third parties on our behalf:

  • payroll
  • pension providers/administrators
  • legal advisors


If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data we share. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.


Data security 



We will keep your data only for as long as it is required to meet our evaluation / involvement purposes and our legal obligations, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to keep or use your personal information, we will either delete or anonymise it.



As part of our commitment to protecting the security of any data we process, we have the appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process.


However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with our legal obligations.


Your rights 


We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.


Everyone who provides us with data has the following rights, where applicable.


  • Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
  • Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
  • Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
  • Right to request erasure (or be forgotten). If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
  • Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
  • Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
  • Right to portability. You may transfer the data that we hold on you for your own purposes.
  • Right to request the transfer. You have the right to request the transfer of your personal information to another party.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.


If you wish to exercise any of the rights explained above, please contact Donna at


Questions or complaints


Should you have any questions regarding this statement, please contact Donna at


If you have any concerns about our use of your personal information, you can make

a complaint to us using the details given at the top of this Notice.


You can also complain to the Information Commissioner’s Office if you are unhappy

with how we have used your data;


Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113

ICO website: