This privacy notice is to let you know how companies within the Group promise to look after your personal information. This includes what you tell us about yourself, what we learn by having you as a customer, and how we will communicate with you about our products and services. This notice explains how we do this and tells you about your privacy rights and how the law protects you.

We may use your personal data to create profiles and segment our audience, in order to tailor our products, services, and marketing communications to be more relevant to you. Profiling and segmentation are conducted on the basis of legitimate interest as defined under UK GDPR or, where required by law, with your consent. These activities do not produce legal or similarly significant effects for you, and your rights under data protection law are fully respected. You have the right to object to profiling or segmentation at any time.

Eleco plc and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (“we”) are committed to protecting and respecting your privacy.

We have appointed a Data Protection Lead who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please email data.protection@elecosoft.com, call us on +44 (0) 1844 261 700 or write to us: Data Protection Lead, Eleco plc, Dawson House, 5 Jewry Street, London, United Kingdom, EC3N 2EX. By visiting www.elecosoft.com and/or using our software you are accepting and consenting to the practices described in this policy.

If you are not satisfied with how we handle your data, you may contact our Data Protection Lead (contact details above). If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) using the contact details below:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

For the purpose of the applicable data protection regulations (which means the Data Protection Act 2018, the General Data Protection Regulation ((EU) 2016/679) and such other equivalent legislation as enacted or amended from time to time), the organisation in control of your personal data will depend on the country that you are in and/or the product that you have purchased or enquired about, which is determined as follows:

Through your use of this website, your information (purely anonymous data for analytics purposes) will also be collected by Eleco plc’s website partners, Plug and Play, Working From Southwark, 32 Blackfriars Rd, South Bank, London SE1 8PB, +44 20 3011 1641.

We keep our privacy policy under regular review. Historic versions can be obtained by contacting us.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

As well as our Privacy Promise, your privacy is protected by law. This section explains how that works. Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside Eleco plc. The law says we must have one or more of these reasons:

• To fulfil a contract we have with you, or
• When it is our legal duty, or
• When it is in our legitimate interest, or
• When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Where we rely on our legitimate interest, we will tell you what that is as outlined in ‘How we use your personal information’.

Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

We may collect personal information about you (or your business) from these sources:

Data you give to us:

• When you apply for our products and services
• When you talk to us on the phone or in person
• When you use our website
• In emails and letters
• In customer surveys
• If you take part in our competitions or promotions.

Data from third parties we work with:

• Public information sources such as Companies House
• Agents working on our behalf as product resellers
• List providers and market researchers

We may share your personal information with companies within Eleco plc and these organisations:

• Service providers who we use to help run our services
• Reseller partners who we use to deliver products and services
• Market researchers

We may also share your personal information if the make-up of Eleco plc changes in the future:

• We may choose to sell, transfer, or merge parts of our business, or our assets. Or we may seek to acquire other businesses or merge with them.
• During any such process, we may share your data with other parties. We’ll only do this if they agree to keep your data safe and private.
• If the change to our Group happens, then other parties may use your data in the same way as set out in this notice.

We will only send your data outside of the European Economic Area (‘EEA’) to:

• Comply with a legal duty.
• Work with our partners who we use to help provide products and services.

If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:

• Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
• Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website,
• Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about ‘marketing’.

The personal information we have for you is made up of what you tell us, the data we collect when you use our services, or from third parties we work with.

We will only use your personal information to send you marketing messages where we have a ‘legitimate interest’ to do so. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time or choosing the ‘unsubscribe’ option on communication you receive.

We may use automated processes and artificial intelligence (AI) systems to analyse personal data for audience segmentation, product recommendations, and marketing activities. Where automated decision-making or profiling is deployed, safeguards are in place to protect your rights, including the right to object, request human intervention, and obtain an explanation about the logic involved. Automated processing will not produce legal effects or similarly significant impacts for you without explicit consent or a clear lawful basis. A Data Protection Impact Assessment is undertaken for high-risk AI activities in line with ICO guidance.

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

In addition to the third-party processors named above, we may share your personal data with external platforms and providers including Dynamics, ClickDimensions, LinkedIn, Meta (Facebook), and ZoomInfo. These third parties process data according to their own privacy policies and may operate outside the UK/EU. Where personal data is transferred outside the EEA, appropriate protection measures are implemented such as Standard Contractual Clauses or other recognised safeguards. We regularly review these processors for compliance and you may consult their privacy policies for further detail on how they use your data.

• Microsoft Ltd (Microsoft Dynamics), Reg, UK Co, 02366997. Personal data stored and processed to facilitate CRM activities and customer engagement. You can contact Microsoft and view their privacy policy here: https://dynamics.microsoft.com. Microsoft are registered with the ICO Reg: Z6296785 their Data Protection Officer can be contacted at https://aka.ms/privacyresponse.
• ClickDimensions Ireland Ltd, Reg. in Ireland company number 645043. Used for marketing automation and analytics; personal data retained according to their policy, typically not exceeding 12 months unless re-engaged. You can contact ClickDimensions and view their privacy policy here: https://clickdimensions.com/solutions-security-and-privacy/. Their Data Protection Officer can be contacted at security@clickdimensions.com.
• LinkedIn Technology UK Limited. Reg. UK Co. 06441873. Marketing, retargeting, and advertising purposes; personal data processed in line with their respective global privacy frameworks. You can contact LinkedIn and view their privacy policy here: https://www.linkedin.com/legal/privacy-policy. Their Data Protection team can be contacted here: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
• Meta Platforms Technologies UK Ltd. Reg. UK Co. 13792358. Marketing, retargeting, and advertising purposes; personal data processed in line with their respective global privacy frameworks. You can contact Meta and view their privacy policy here: https://www.facebook.com/privacy/policy/?locale=en_GB. Their Data Protection Officer can be contacted here: https://www.facebook.com/help/contact/540977946302970
• ZoomInfo UK Ltd. Reg. Co. 13610618. Data analytics and B2B content curation; compliance with relevant data protection regimes is monitored. You can contact Zoominfo and view their privacy policy here  https://www.zoominfo.com/legal/privacy-policy . Their Data Protection Officer can be contacted here privacy@zoominfo.com.

• Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.

For up-to-date details and privacy policies of these third parties, please visit their respective websites.

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. The specific retention period is determined by:

• Contractual necessities (e.g., customer records are retained for six years to comply with financial and tax obligations);
• Statutory obligations (e.g., employment records);
• Business needs (e.g., marketing records are reviewed annually and erased if no longer relevant);
• Technical limitations and backup requirements.

Where possible, personal data will be securely deleted or anonymised once it is no longer needed. If deletion is not possible due to technical or legal restrictions, your data will be ‘put beyond use’ and not actively processed. You have the right to request further information about our data retention policies or to request erasure, subject to any overriding legal obligations.

You can access your personal information by writing to us at this address: Data Protection Lead, Dawson House, 5 Jewry Street, London, United Kingdom, EC3N 2EX

You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’.

There may be technical, contractual, or other official reasons why we need to keep or use your data but please tell us if you think that we should not be using it.

We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

If you want to object to how we use your data or ask us to delete it or restrict how we use it or, please contact us.