GDPR Privacy Policy

For the purposes of the General Data Protection Regulation ("GDPR") and UK data protection laws, the controller is Ellacott Morris Ltd, Waterloo House, 2 Colchester Road, St Osyth, Essex CO16 8HA.

About this Document
This privacy policy sets out the way we process your personal data and we’ve created this privacy policy to make sure you are aware of how we use your data.

How we Collect your Information
We may collect your personal data by means of a form on our website or by telephone, email, fax, or post. We may collect this data in the following ways:

1. Directly from you, when you enter into a contract for services with us, make a request for financial, administrative or technical support, or contact us for other reasons
2. When we, from time to time, contact you regarding administrative or technical matters
3. From someone else who is authorised by you, and requests the same information noted in points 1 and 2

The Types of Information we Collect
We may collect the following types of personal information about you:

1. Contact information, including email addresses, telephone numbers and postal addresses
2. Records of communications and interactions we have had with you
3. Financial information, including bank account details, debit card details, and credit card details
4. Information relevant to our provision of services to you, including details regarding your computer hardware and software

Why we use Personal Data
We use your personal data to enable us to deliver and charge for the services that we provide in accordance with our contractual obligations, as detailed in your Letter of Engagement, including the provision of financial, administrative and technical support. For the purposes of the General Data Protection Regulation ("GDPR") and UK data protection laws, when processing your personal data, we are relying on the legal basis of:

1. Our contract with you
2. Our legitimate interest in being able to take payment from you by debit or credit card. We rely on this legitimate interest when we take your debit or credit card details and pass them to our card payment services provider for processing

The information we collect and process is required for us to be able to perform our contractual obligations and receive payment from you for the software and services we provide. Should you fail to provide this information, we would not be able to deliver under the terms of our contract with you.

Sharing your Information with Others
We do not sell your personal data. We may share your personal data with another party, including a software vendor (who is providing you with software or technical support), an IT support business (who is providing you with IT support), and with HMRC, so long as we are able to determine that the other party is acting on your behalf. We may also share your personal data with our card payment services provider to enable us to take payment from you by debit or credit card.

How long your Information is Kept
We keep your personal data only for as long as necessary. We keep your contact information until we consider there is no need to provide financial, administrative or technical support or until you request it to be erased. We keep your payment information for no longer than 18 months. We keep your financial information for 7 years, as determined by HMRC policy.

Your Rights
Under certain circumstances, by law you have the right to:

1. Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have
the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below)
4. Object to processing of your personal data in particular ways, including processing based on the lawful basis of legitimate interests and direct marketing. Ellacott Morris Ltd does not use your data for direct marketing
5. Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it
6. Request the transfer of your personal data to yourself or another party in a safe and secure way, without affecting its usability, for example in a format that is structured, commonly used, and machine-readable

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. Further details regarding these rights can be found on the Information
Commissioner’s Office website:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulationgdpr/individual-rights/

Contact and Complaints
If you have any queries about this privacy policy or how we process your personal data, or if you wish to exercise any of your legal rights, you may contact Ellacott Morris Limited:

1. by email: info@ellacottmorris.co.uk
2. by telephone: 01255 425059
3. or by post: Ellacott Morris Ltd, Waterloo House, 2 Colchester Road, St Osyth, Essex CO16 8HA

If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner. You can find out more about your rights under applicable data protection laws from the Information Commissioner’s Office website:
https://ico.org.uk/