Who we are
Endatio International Limited. We are a company registered in Republic of Cyprus under registration number HE256252.
Our registered office is at 49 Elia Papakryikou Street, Engomi 2406 Nicosia, Cyprus.
Our Data Protection Officer is Peter Silver. Please contact us if you have any questions about how we use personal data on 0800 999 7858 or dpo@endatio.com.
We review our policy every year or sooner if regulations change or if we change our date handling processes.
We are committed to ensuring that your privacy is protected and to developing suitable technology to provide you with a safe online experience. This privacy policy sets out our responsibilities under The Data Protection Act 2018 and The General Data Protection Regulation 2016 (GDPR) and other applicable laws in European Union relating to the processing and security of personal information.
This policy also explains how we use and secure your personal information when using this website or when we are processing screening checks for you.
Why do we collect Personal Information?
We collect personal data for the purpose of carrying out background screening services on behalf of our clients. Processing of data from our clients will be to fulfil our contractual obligations and processing of data received from applicants will be as a result of the consent we have obtained from them.
What Personal Information do we collect?
User information – Contact name, job title, business phone number/mobile number/email address.
From Visitors to our website:
When someone visits endatio.com we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
If you use our contact form, we will collect your name, telephone number and email address so we can respond to your request for information.
From callers:
If you ring us we will collect your name and contact number so we can respond to your enquiry.
Who will we share your Personal Information with and why?
We will only share your personal data with a third party if we have your consent to do so, if it is necessary to fulfil contractual obligations to you, or if we are obliged to do so by law (e.g. Police investigation).
Marketing and the use of your Personal Information
We will only market services and products to you if we have your consent and at any time you can contact us and withdraw that consent and we will update our records accordingly.
Accuracy of your Personal Information
We work hard to make sure the data we hold is accurate, if you believe that the data we hold may be inaccurate then please contact us and we will correct any inaccuracies.
Your rights
Under The Data Protection Act 2018 and The General Data Protection Regulations 2016, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact the ICO, the statutory body which oversees data protection law – www.ico.org.uk/concerns.
Access to Personal Information
We try to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under The Data Protection Act 2018 and The General Data Protection Regulations 2016. If we do hold information about you we will:
give you a description of it;
tell you why we are holding it;
tell you who it could be disclosed to; and
let you have a copy of the information in an intelligible form.
To make a request for any personal information call us on 0800 999 7858, email slr@endatio.com or write to us: Endatio International , 49 Elia Papakryikou Street, Engomi, 2406, Nicosia, Cyprus.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
Cookies
You can read more about how we use cookies on our Cookies page.
Security of your Personal Information
Security of the information we hold is paramount. All databases are hosted on Microsoft Azure within the UK which are ISO27001, ISO 9001 and ISO 20000-1 certified and also has CSA STAR Certification. Information on these certifications can be found at https://www.microsoft.com/en-us/trustcenter. Access to the database is restricted by IP address and requires unique username and strong passwords. All databases employ Microsoft’s encryption of data at rest and on critical data such as Personal Data we have deployed further encryption measures to protect the Confidentiality.
Enterprise level Unified Threat Management systems are deployed to control access to all applications and locations. Access to all data is limited based on a strict access control policy. Access and operational logs are retained and audited on a regular basis. Any systems that process credit card data are PCI-DSS Certified and subject to strict auditing procedures.
In addition to the above we have services that are Cyber Essentials accredited. This means our systems have been independently assessed and approved with regard to their ability to protect against common cyber-attacks.
