<img src="https://secure.coat0tire.com/221997.png" style="display:none;">
Skip to main content

GDPR Privacy Policy

Introduction

Open ECX is strongly committed to protecting your privacy and complying with your choices. Both personal and non-personal information collected is safeguarded according to the highest privacy and data protection standards adopted worldwide. We have a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.  This policy applies where we are acting as a data controller with respect to the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal data.

Policy statement

Your information will not be shared, rented or sold to any third party. We implement security measures to protect your information from unauthorised users. Open ECX is committed to processing data in accordance with its responsibilities under the GDPR.

Policy override

In certain circumstances, it is appropriate to amend or alter a policy to meet specific requirements of Open ECX. Any additional or amended elements to a specific policy will be noted in the final paragraph ‘Policy Override’. If no section exists it can be accepted there are no overrides.

Notice

We will clearly inform you when information that personally identifies you (“personal information”) is asked for and you will have the choice to provide it or not.  Usage We use personal information for the following purposes:

  • To provide you information that will allow you to use our services;
  • To automatically customise your documents with your information;
  • To alert you of software upgrades, updates or other services from Open ECX;

We may also collect your name, language, currency, operating system, document searched and country information for a better experience with an Open ECX product or service.

We may transfer your personal data from the European Economic Area (EEA) to the UK and process that personal data in the UK for the purposes set out in this policy, and may permit our suppliers and subcontractors to do so, during any period with respect to which the UK is not treated as a third country under EU data protection law or benefits from an adequacy decision under EU data protection law; and we may transfer your personal data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this policy, and may permit our suppliers and subcontractors to do so, during any period with respect to which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.

You acknowledge that personal data that you submit for publication through our website may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

Consent

When you provide your personal information, you consent that it can be used for the above purposes and that Open ECX is an authorised holder of such information.

Access to your information

You are entitled to review the personal information you have provided us and ensure that it is accurate and current at all times. 

You have the following rights in relation to your personal information:

  • The right to access - you can ask for copies of your personal data
  • The right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data
  • The right to erasure - you can ask us to erase your personal data
  • The right to restrict processing - you can ask us to restrict the processing of your personal data
  • The right to object to processing - you can object to the processing of your personal data
  • The right to data portability - you can ask that we transfer your personal data to another organisation or to you
  • The right to complain to a supervisory authority - you can complain about our processing of your personal data
  • The right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent

These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting: https://www.edpb.europa.eu/guidelines-your-rights-0_en and https://ico.org.uk/for-the-public/.

You may exercise any of your rights in relation to your personal data by written notice to us.

Security of information

Open ECX is strongly committed to protecting third party information. We have taken robust security measures to protect data from loss, misuse, unauthorised access, disclosure, alteration, or destruction.

Our data retention policies and procedures are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 

We will keep your personal information for as long as you wish to receive communications from us. After you opt out of receiving our communications, we will keep your personal information for a reasonable period to maintain our records and satisfy our legal 
obligations.

Business contact data will be retained for a minimum period of 3 years following the date of the most recent contact between you and us, and for a maximum period of 10 years following that date.

Communication data will be retained for a minimum period of 6 months following the date of the communication in question, and for a maximum period of 5 years following that date.

In some cases, it is not possible to specify in advance the periods for which your personal data will be retained. We will keep your personal information for a reasonable period to maintain our records and satisfy our legal obligations.

If you grant us a licence to publish any of your personal data, we may continue to retain and publish that personal data after the end of the relevant retention period specified in this section in accordance with the applicable licence terms, subject to your data subject rights.

If we cease to publish such personal data after the end of the relevant retention period specified in this section, that personal data will be retained for a minimum period of 3 years and a maximum period of 5 years following the date that publication ceases.

Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.

Monitoring and review

The Finance Director will monitor the effectiveness and review the implementation of this policy, regularly considering its suitability, adequacy, and effectiveness.

Any improvements identified will be made as soon as possible. 

All Employees are responsible for the success of this policy and should ensure they use it to disclose any suspected danger or wrongdoing.