EPI’s commitment to data protection
EPI Limited and its related companies (known as EPI Group or “EPI”) is a Data Controller under the Data Protection Act 1998 (‘the Act’). This statement confirms the EPI’s commitment to protect your privacy and to process your personal information in a manner which meets the requirements of the Act and wider General Data Protection Regulations (GDPR).
Types of personal information we may hold:
- Name, address and contact details
- Date of birth, marital status, gender, health, nationality and residence status
- Occupation, CV, work history and company details
- Visa, work permits, criminal record, background checks, references
- Bank details, tax status, payment history
- Next of kin, medical data, training & certification history, passport details
- Other information relevant to our statutory functions.
Reasons for processing this information:
- Seeking contract work positions with EPI’s clients and contacting you regarding work opportunities.
- Ensuring compliance with legal, technical and HSE regulations associated with project work.
- Making travel, logistical and related arrangements for your travel on EPI projects.
- Ensuring we can contact you or your next of kin in case of emergency or under duty of care obligations.
- To pass your details to accountants for the purposes of tax and compliance in connection with your work for EPI.
- To ensure you are adequately covered where applicable under EPI insurance policies.
- To comply with our legal and regulatory obligations.
- We may need to pass parts of your data to third parties such as clients, related parties, visa agents, clients, overseas representatives for the purposes of securing work opportunities for you and EPI, processing visa/work permits, auditing, tax and legal compliance.
We will not sell, disclose, share, publish or distribute your data nor use it for any unrelated or secondary purposes unless required to do so to meet any legal obligations we may have.
Data storage, retention and deletion
We hold your data only for as long as it is necessary and only following your consent to do so. Your data will be stored on secure systems and may be accessibly both inside and outside the UK and EU.
Your data will be retained for a maximum period of seven years and at any time you may request its removal.
EPI has appropriate technical and organisational measures in place to prevent the unauthorised or unlawful processing of your personal information, and accidental loss or destruction of, or damage to, your personal information. These include training for staff who can access personnel information and IT security to prevent unauthorised access to our systems.
Your rights to access your personal information
All individuals who are the subject of personal information held EPI Limited are entitled to:
- Ask what information the company holds about them and why.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
The Data Controller will always verify the identity of anyone making a subject access request before handing over any information. Disclosure requests should be made by email to firstname.lastname@example.org or in writing to:
EPI Group – The Data Protection Officer
25 High Street
KT11 3DH United Kingdom