This Privacy Notice has been written to inform participants including customers, partners and other stakeholders of EPIC 4LIFE Ltd. about what we do with their personal information.
Changes to this Privacy Notice
EPIC 4LIFE Ltd. may amend this Privacy Notice from time to time. If we make any substantial changes in the way we use your personal information we will make that information available by amending this notice.
Who are we?
EPIC 4LIFE Ltd. for the purposes of the Data Protection Act 1998 and as defined by Article 4 (7) of GDPR, are registered with ICO as a ‘data controller’ for personal data processed by EPIC 4LIFE and other third parties contracted to process data for EPIC 4LIFE. This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation and in line with the ICO guidance.
EPIC 4LIFE Ltd. Data Protection registration can be viewed by clicking on this link:
EPIC 4LIFE Ltd. registration no. is ZA558404.
EPIC 4LIFE Ltd. has appointed a Data Protection Officer (DPO). The role of the DPO is to ensure that the organisation is compliant with GDPR and to oversee data protection procedures. The DPOs contact details are:
Data Protection Officer,
EPIC 4LIFE Ltd,
20-22 Wenlock Road,
Why do we process information?
EPIC 4LIFE Ltd. processes personal information to enable us to provide services to our customers and clients, to promote our services, to maintain our own accounts and records and to support and manage our employees.
What information do we collect?
EPIC 4LIFE Ltd. generally collects data in order to meet our contractual obligations and/or to ensure our services are delivered effectively and to the highest quality.
The categories of information that we collect, hold and share include the following:
· personal information e.g. name, DOB, address, contact information and any safeguarding information
· protected characteristics
· family members
· business activities of the person whose personal information we are processing
· lifestyle and social circumstances
· financial details
· physical or mental health details and information deemed as related to physical and mental health and wellbeing
· education and employment details
· goods and services
We may also process sensitive classes of information including:
· racial or ethnic origin
· religious or other beliefs
· physical and mental health & wellbeing
We process personal information about:
· professional advisers and consultants
· complainants, enquirers
EPIC 4LIFE Ltd. does not knowingly solicit personal information from children under the age of 13 or send them requests for personal information.
Much of the information we process will be obtained directly from you. We will also process information received from:
· Funding Bodies
· Prime Contractors and/or data controllers who have purchased our services via spot-purchasing, service level agreements or contracted provisions/programmes.
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. When we do process this additional information, we will ensure that we ask for your consent to process this.
The information is collected and processed in accordance with Article 6(e) and Article 9(2) (g) of GDPR as part of the official authority vested in us as Data Controller and for reasons of substantial public interest.
Where EPIC 4LIFE Ltd. shares data with a third party (who undertakes work for EPIC 4LIFE Ltd) EPIC 4LIFE Ltd. requires that the sharing is undertaken under service agreement or contract and is subject to a data sharing agreement, specifying the secure management of the data.
Data might also be shared with other bodies, for the purposes of those organisations fulfilling their own statutory purposes. Such sharing is undertaken using a standard data sharing agreement for specified legitimate and restricted purposes.
Where necessary or required we may also share information with:
· commissioners and/or regulatory bodies
· business associates and other professional advisers
· current, past or prospective employers
· family, associates and representatives of the person whose personal data we are processing
· employment and recruitment agencies
· financial organisations
· credit reference agencies
· debt collection and tracing agencies
· suppliers and service providers
· persons making an enquiry or complaint
· other companies in the same group
· central government
We will not share any information about you outside the organisation without your consent unless we have a lawful basis for doing so.
The security of the EPIC 4LIFE Ltd. systems which process and store data are regularly reviewed in accordance with legislative and funding requirements, and assessments and checks promoted by the Information Commissioner's Office. Data is securely deleted when it is no longer required for the purposes collected.
How long do we keep your personal data for?
EPIC 4LIFE Ltd. will keep your data in line with our Document Retention Policy. Most of the information we process about you will be retained as determined by statutory obligations. Any personal information which we are not required by law to retain will only be kept for as long as is necessary to fulfil our organisational needs and contractual requirements/expectations.
What rights do you have over your data?
Under GDPR you have the following rights in relation to the processing of your personal data:
· to be informed about how we process your personal data. This notice fulfils this obligation
· to request access to your personal data that we hold, and be provided with a copy of it
· to request that your personal data is amended if inaccurate or incomplete
· to request that your personal data is erased where there is no compelling reason for its continued processing
· to request that the processing of your personal data is restricted
· to object to your personal data being processed
If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.
If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the organisation has handled your personal data. You can do so by going to the ICOs website: https://ico.org.uk/for-the-public/raising-concerns/