Echo-U are an established contact centre. In the course of our business, we handle the personal data of:
partners – the individuals who work for our clients, suppliers, contractors and other business contacts;
customers – meaning the customers of our clients;
prospective candidates – individuals who may submit speculatively or in response to advertisements their personal data in application of a job or vacancy; and, other individuals who visit the Echo-U website or otherwise engage with us.
This notice sets out how we handle and look after any data that identifies you (personal data) when we are communicating with you for our own purposes or on our partners’ behalf.
Echo-U and our employees are committed to the privacy and security of your personal data, and any personal data that we collect, use, store, or otherwise process will only be processed in line with the requirements of the General Data Protection Regulation (GDPR).
The Echo-U Information Security Manager is responsible for ensuring that this notice is made available to data subjects.
Echo-U are an established contact centre creating growth for many of the UK’s biggest brands by managing their customer relationships – combining quality conversations with the best customer experience. We provide customer communication services to our valued clients, which means we can provide dedicated customer care to their customers.
Echo-U is a data processor of your personal data when we communicate with you in this way. The client with whom we are working when we engage with customers is the data controller of your personal data, and they are responsible for determining how your personal data is used, including sharing it with Echo-U. Our clients should provide their own privacy notice to inform you of this when you first provide your personal data to them or engage their services. Whenever we contact you, we will inform you of the client on whose behalf we are acting.
Whenever we are processing partner, prospective candidate or any other data subjects’ personal data, then we are the data controller of that data.
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data
subject’); an identifiable natural person is one who can be identified, directly
or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person”.
The personal data we process about customers is likely to be your name, address, contact telephone or email details, bank and transaction details, or on occasion your gender, date of birth, website usage and IP address.
Where we are processing your personal data for recruitment purposes, we may need to collect additional identification or work permit information to check your eligibility to work in the UK for compliance with our legal obligations.
For our partners we will in most cases only be processing your name and contact details, and for prospective candidates, this will be any information you provide to us. We may process some usage data of visitors to our website, which will usually be anonymized.
In order for us to provide you with a service or make a decision on employment, we need to collect personal data for correspondence in relation to the employment, service provisions and marketing. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
This privacy notice tells you how we, Echo-U Limited, will collect and use your personal data for the purposes of potential employment, handling complaints, reviewing your needs for our services and providing these services to you.
We are instructed to process customer data to contact customers on behalf of our clients. Our aim is not to be intrusive, and we will not ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
The purposes for which we may be processing your personal data are, for example:
• to answer any inbound customer services queries, whether by phone, text or email;
• to handle and progress any inbound queries, which may involve sharing your data with a third party such as a payments service provider or a delivery company;
• to answer technical support queries;
• to manage and progress queries on sales order lines;
• to process advert responses;
• to handle inbound help desk and support queries;
• to provide outbound expertise such as customer acquisition, destination tracking, sales, retention, satisfaction, insight; on behalf of our partners, whether by phone, text or email;
• to provide social media contact such as social media chat, web chat, in-App support and email; and
• to provide added value services such as flexible overflow, disaster recovery, strategic consulting, in-sourcing and out-sourcing;
• to contact on business purposes or otherwise maintain relationships with our partners; or
• to process job applications.
When we are processing data from prospective candidates, our lawful basis is our legitimate interest of staff recruitment. When we are processing the personal data of our partners, our lawful basis will be for the performance of a contract we have with those partners, or our legitimate interest of developing our business relationships.
We may pass your personal data on to third-party service providers contracted to Echo- U, for example whilst handling your query or acting on behalf of our partners to provide the customer contact services, such as hosted telephony and email system providers.
Any third parties that we may share your data with are obliged to keep your details
securely, and to use them only as instructed by Echo-U. When they no longer need your data to fulfil this service, they will dispose of the details in line with Echo-U’s procedures.
Echo-U’s data processing may require your personal data to be transferred outside of the European Economic Area (EEA). Where we do transfer your personal data overseas it is with the sufficient appropriate safeguards in place to ensure the security of that personal data.
Echo-U will take every reasonable step to keep your information accurate and up to date, and will destroy it once the purpose for processing is complete, either as instructed by the partner for whom we are processing it if it is customer data; within 6 months after the a recruitment process, unless prospective candidate requests otherwise; or for as long as we do business with our partners.
Echo-U is required to retain some personal data in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements.
You have several rights under the GDPR as a data subject. You can:
• request access to your personal data, and ask us to confirm what information we hold about you and how it is processed;
• request correction of the personal data that we hold about you;
• request erasure of your personal data where there is no good reason for us continuing to process it;
• object to processing of your personal data for direct marketing, or where we are processing on the grounds of a legitimate interest if that interest is overridden by your rights and freedoms;
• request restriction of processing of your personal data while we establish the data’s accuracy, or verify an overriding interest to object to processing; where our use of the data has been unlawful but you do not want us to erase it; where you need us to hold the data to establish, exercise or defend legal claims;
• request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format;
• withdraw consent at any time where we are relying on consent to process your personal data;
• complain at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk);