At Ellary Limited, we are committed to your data privacy and security.
We do not sell data
We do not share data unless compelled by law
We do not ask for personal information unless it is to provide a service
We do not store personal information, unless required for the ongoing operation of services
What you share with us will remain private.
We do this by meeting the requirements of the Data Protection Act and the General Data Protection Regulation (GDPR). This notice outlines how we do this and what it means for you.
Who we are:
Ellary Limited, you may know us by our trading names, Ellary, Ellary Communications, Ellary Comms, Ellary UK
Our registered address is 3 Harrowden Rd, Northampton, NN4 7EB.
Our Company registration Number is 13064820.
Our Data Privacy point of contact:
Questions about our policy and practices are handled by our Operations Team. You can contact the Operations Team using the enquiries form on our website: ellaryuk.co.uk, by emailing firstname.lastname@example.org or writing to our office address:
Ellary Limited, 3 Harrowden Rd, Northampton, NN4 7EB
Who we collect your information for:
Our clients – if we have been asked to process your information by one of our clients, we will explain to you who the client is and where we have gotten the information from. When we act on behalf of a client, we are a Data Processor; we collect, store and use the information for the purpose and reason our client decides.
Our own use – if you are one of our clients, suppliers or employees, we are the Data Controller; we decide what information is collected about you (or your business) and the purpose.
Our lawful basis for processing your information:
Legitimate Interest – we believe we have a legitimate interest to fulfil the services expected of us by both prospective and existing clients and customers. To provide these services we need to engage staff, suppliers and other third parties. For all this to work, we need relevant information about every person or business involved; customers, clients, suppliers, employees etc.
Sometimes the nature of the information means we will also have another or multiple legal bases that apply. For example, there may also be:
a contract in place or we may have been asked to take specific steps to enter into a contract;
consent may also have been given;
we also have a legal obligation to abide with the law;
there is a vital interest like protecting someone’s life.
Special Category Data:
Where we process sensitive personal data also known as special category data, we will only do so where it is necessary for us to:
carry out our obligations under employment, social security, or social protection law or a collective agreement;
It is necessary to protect the vital interest of you or another individual where you or they are physically incapable of giving consent;
It relates to personal data made public by the individual it relates to;
It is needed to establish, exercise or defend a legal claim or where a court is acting within their judicial capacity;
Why we collect your information:
To process an enquiry you are making;
To process a payment, we would like to make to you or you would like to make to us;
For processing recruitment and employment with Ellary Limited;
To carry out security checks to work with or on our behalf;
To recover money payable to us;
To enable you to work on our behalf as a supplier;
To provide you with a service as our client;
To check you are happy with the service we have provided;
To process any of the above where you are acting on behalf of your client or the business you work for.
We will only use your data for purposes that are compatible with the original reason we collected it. We will obtain your explicit permission before using your data for an unrelated reason. For example, if we had collected your data, we would obtain your permission before using it to market a product to you.
Where we collect your information from:
We use a variety of mediums to collect your data, examples include recorded phone calls, photographs, videos, emails, questionnaires, face-to-face conversations or client instruction forms. We also use publicly accessible databases such as a Land Registry search and other internet searches.
Most of the information we hold is provided by you directly, the client we are working for, or a third party involved in the purpose of our transaction, like a sub-contractor.
The information we may collect:
Personal data that could be used to identify you like your name or address.
Account details, such as bank account information needed to process a payment.
Employment details, like name, company address, email, telephone numbers.
Special category data where it is relevant to our purpose or we are legally required to do so, such as employment law or HSE requirements. This type of data is sensitive information which generally puts the individual at a higher risk of being discriminated against, for example information about an individual’s health or ethnic origin. We will always gain your explicit permission to record and communicate any special category data.
We will never collect more information about you than we need to achieve our purpose.
Who we will share your information with:
Where it is appropriate to our purpose for having your data, we will share your information with:
suppliers that we ask to undertake some or all of our purpose. Such as one of our subcontractors who will conduct the relevant works or our accountants who will process a payment.
consultants and businesses who check and support our business practices like external auditors, our company insurers.
databases and IT platforms which we use to store and process information search engines and databases that we use to search for relevant information that can help us achieve our purpose, such as Land Registry. These companies will be governed by their own Privacy Policies and Statements.
If we are holding your data on behalf of our client, we will always provide all the data we hold to them and they may ask us to pass your data to another supplier they use.
Which country will your store my data in:
Most of the systems we use have UK or EEA based servers and are therefore bound by GDPR. Some of the systems we use have servers based outside the EEA, in these instances we will always check that the provider is compliant with the requirements of GDPR before we use them.
How long we keep your data for:
We will only keep your personal information for as long as is necessary. We decide how long to keep data based on:
legal requirements that apply to the data such as employment law or the requirements of the HMRC;
contractual requirements that apply to the data such as a guarantee or material warrantee period, or the length of time specified by our client.
Every two years we check the timeframes we need to keep different types of data for. This is to ensure we continue to keep the data for only as long as it is necessary.
Your rights for how we use your information:
The right to be informed
We do this using this privacy notice and by doing our best to give you opportunities to access it, such as posting a copy on our website and including an access link at the bottom of our emails.
The right of access
You can request details on how we process your personal data and what type of data we hold about you. You can request this information by writing to our Operations Team using the contact details noted at the start of this statement. We may ask you to provide us with certain information to enable us to fulfil your request and to ensure the request has come from you. We will respond to you within a month of receiving your request unless there are any exceptional circumstances that prevent us from doing so.
The right to rectification
We will always do our best to ensure your data is accurate and up to date. Should you identify that data we hold about you is inaccurate or incomplete, you have the right for this to be corrected. Where we have passed your data to a third party, we will do our best to notify them too.
The right to erasure
You have the right to ask us to stop processing your information and to erase it. We will always fulfil this request unless there are legal or regulatory grounds not to, for example information we need to keep to comply with HMRC. We may ask you to provide us with certain information to enable us to fulfil the request and to ensure the request has come from you.
In the event you request we erase your data, we will be unable to continue the purpose that we held the data for. For example, we would be unable to continue working with you, providing a service for you, or for you to continue working for us. This will also restrict the level of contact we can have with you and recognising who you are should you contact us in the future.
The right to restrict processing
You can ask us to stop processing your data. We will retain enough information to ensure the processing is restricted. Doing this will not stop the processing we have conducted to date, it will stop us from continuing to process the information.
Should you request we stop processing your information it will prevent us from continuing the purpose we held your data for. This would also restrict the level of contact we can have with you, for example, we would not proactively contact you.
The right to data portability
At your request we will make the personal data you have provided to us portable using an electronic format. This is to enable easy transfer between one IT platform and another.
The right to object
Where we are the Data Controller (we are not acting on behalf of someone else such as our clients) and your processing is based on legitimate interest, you can object to us processing it at any time. This includes where we process your data for tasks in the public interest, direct marketing, statistic, or official authority such as a police investigation.
Rights related to automated decision making
We do not use automated decision making, if we did, you could ask for any automated decisions to be reviewed.
The right to complain
You can contact us on email@example.com if you would like to discuss our policy in more details or to make a complaint.
For more information about GDPR and your rights, please see the Information Commissioners Office (ICO) website http://ico.org.uk, they regulate how information is handled in the UK and we are registered with them. They are the escalation point as the Supervisory Authority.
Changes to our privacy Statement:
We regularly review our statement and will place any updates on this webpage. This privacy statement was last updated on 12th March 2021.