Essex Equip Limited — Privacy Policy

  1. Introduction
    We are committed to protecting and respecting your privacy. This Privacy Policy explains how Essex Equip Limited (company number 10620832) (“Essex Equip”, “we”, “us” or “our”) collects, uses, shares and safeguards personal data when you visit our website, use our services, or otherwise interact with us.This policy is intended to meet our obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
  2. Who we are and how to contact us
    Data Controller: Essex Equip Limited
    Registered office: Whitelands Business Centre Terling Road, Hatfield Peverel, Chelmsford, United Kingdom, CM3 2AG
    Website: www.essexequip.co.uk
    General enquiries: [email protected]If you have questions about this policy or our data practices, or if you wish to exercise your data protection rights, please contact us at [email protected]. A Privacy Lead (not a formal DPO) oversees our compliance — see section 16.
  3. Scope: our services and portal
    Essex Equip operates www.essexequip.co.uk, including a training and job portal focused on the care sector in Essex. Users can register, book and pay for training courses, and post job adverts. Fees for training and job postings are collected by Essex Equip. We interact with individuals via website forms, email, and the portal; we may also interact occasionally offline (e.g., events).
  4. Personal data we collect
    We do not intentionally collect special category data. Please do not provide such data unless we specifically request it.• Identity and contact data (e.g., name, role/title, organisation, postal address, email address, telephone number).
    • Account and portal data (e.g., login credentials, user ID, preferences, communications, activity logs).
    • Training and bookings data (e.g., course selections, attendance, booking history, payments status).
    • Job advert data (e.g., organisation details, job titles/descriptions, location, contact details for applicants).
    • Transaction and payment data (e.g., billing address, order details; card details are processed by our payment provider — we do not store full card numbers).
    • Technical and usage data (e.g., IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, links clicked, session duration).
    • Marketing and communications data (e.g., your preferences in receiving marketing from us).
    • CCTV images and recordings captured at our premises during stated operating hours (see section 13).
  5. How we collect personal data
    Personal data is collected in the following circumstances:• Direct interactions: when you create an account, sign up to our mailing list, book training, post a job, complete a form, email us, or contact us at events.
    • Automated technologies: via cookies and similar technologies when you use our website and portal (see Cookies).
    • Third parties: payment providers, analytics providers, hosting/CMS providers, IT support, and publicly available sources.
  6. Purposes and lawful bases for processing
    We only use personal data where permitted by law. Our purposes and principal lawful bases include:• Operating the Essex Equip website and portal; creating and administering user accounts — performance of a contract; legitimate interests.
    • Providing training services (including booking management, attendance and support) — performance of a contract; legitimate interests; legal obligation.
    • Enabling job adverts on the portal and facilitating related enquiries — performance of a contract; legitimate interests.
    • Processing and collecting payments — performance of a contract; legitimate interests; legal obligation.
    • Website/portal security, support, troubleshooting and analytics — legitimate interests; legal obligation.
    • Communications about service updates and policy changes — performance of a contract; legal obligation; legitimate interests.
    • Direct marketing by email — consent where required under PECR, or legitimate interests/‘soft opt-in’ for existing customers about similar products/services, with the ability to opt out at any time. We do not use SMS marketing.
    • Recruitment (if applicable) — taking steps prior to entering a contract; legal obligation; legitimate interests.Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, we balance our interests against your rights and expectations.
  7. Cookies and similar technologies
    We use Google Analytics 4 (GA4) with IP masking for usage analytics. We do not use advertising or retargeting cookies. We display a cookie consent banner so you can manage non-essential cookies. For more information, see our Cookies Notice.
  8. Sharing your personal data
    We share personal data with service providers who process data on our behalf, including: hosting and website platform/CMS, payment provider, analytics, and IT support. We do not use live chat tools at present. We do not have group companies that receive your data.We may also share data with event sponsors, professional advisers (e.g., solicitors, accountants, insurers), authorities and regulators where required by law, and third parties in connection with a business transaction (e.g., merger or asset sale).If you post job adverts, information in those adverts will be visible to site users as part of the service.
  9. International data transfers
    We do not generally store personal data outside the UK ourselves. However, some of our service providers (for example, hosting or payment providers) may process data outside the UK. Our providers may change from time to time. Where data is transferred outside the UK, we take appropriate steps to ensure that your data remains protected, including the use of the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or reliance on UK adequacy regulations. Details are available on request.
  10. Data security
    We implement technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. These include access controls, encryption in transit, and secure development and monitoring practices appropriate to our services.
  11. Data retention
    To facilitate clients being able to access information as and when required and to support the reasonable operation of our business, we retain personal data for as long as reasonably necessary for those purposes. In practice, this often means we keep certain records indefinitely unless a shorter period applies in law or we no longer need the data for the purposes set out in this policy.• Accounts will be closed following notification of a user’s death.
    • You may request deletion of your personal data at any time by contacting us in writing. Subject to any legal or regulatory requirements that oblige us to retain data (for example, tax/audit obligations and limitation periods), we will delete it.
    • We review retention on a periodic basis to ensure ongoing necessity and proportionality.Note: CCTV recordings are generally retained for a short period (for example, up to 30 days) unless an incident requires us to retain relevant footage for longer (see section 13).
  12. Your rights
    Under UK data protection law, you have rights over your personal data; the summary below explains each one and how to use it — just contact us (see Section 16) to make a request.• Access — obtain a copy of your personal data and information about how we process it.
    • Rectification — have inaccurate or incomplete data corrected.
    • Erasure — request deletion of your data in certain circumstances.
    • Restriction — ask us to suspend processing in certain circumstances.
    • Objection — object to processing based on legitimate interests and to direct marketing.
    • Data portability — receive your data in a structured, commonly used format and transmit it to another controller where applicable.
    • Withdraw consent — where we rely on consent, you can withdraw it at any time.
    • Complain — you can complain to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.To exercise your rights, please contact us at [email protected]. We may request information to verify your identity and will respond within statutory time limits.
  13. CCTV
    We operate CCTV both inside and outside our premises between 17:00 and 09:00 for security and crime‑prevention purposes. Signage is displayed in monitored areas. Recordings are stored securely with access restricted to authorised personnel and are generally retained for a short period (for example, up to 30 days) unless an incident requires us to retain relevant footage for longer. We may disclose footage to law enforcement or other authorities where lawful to do so. Our lawful basis is our legitimate interests in protecting our premises, staff, users and visitors.
  14. Children
    Our services and portal are intended for professionals working in or with the primary care sector. We do not knowingly collect personal data from children.
  15. Third-party links
    Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
  16. Contact and governance
    Privacy Lead: Sarah Bell. We have not appointed a statutory Data Protection Officer (DPO). For all privacy matters, contact [email protected].
  17. Changes to this policy
    We may update this policy from time to time to reflect changes in law or our practices. We will post the updated version on this page and indicate the date of the latest revision.

Last updated: 20 September 2025