Privacy Policy

EPPARG Limited PRIVACY POLICY (principles of processing of personal data)

The security and confidentiality of your data is a priority for us. We assure you that we have always made and will make every effort to ensure the protection of your data by applying appropriate technical and organizational safeguards, including the application of appropriate protection when designing new services and solutions.

These terms and conditions serve to inform clients and interested parties about the purpose, scope and categories of processing of their personal data, the duration of data processing and about their rights, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), effective since 25 May 2018.


The Controller of your Data is EPPARG Limited, which has its registered office at Acre House 11-15 William Road, London, NW1 3ER United Kingdom, and the Management Board is composed of Company Directors. As Data Controller, we are responsible for ensuring the security of your personal data and its use in accordance with applicable laws. Any additional information can be obtained at or by post to the address given as the address of the company’s registered office. The Controller of your Data is EPPARG Limited, which has its registered office in London.


In order to guarantee the security of your data, we have carried out an Impact Assessment of the processing of personal data, taking into account the risks associated with the processing of personal data and the risk analysis of the security measures we apply. At present, we apply high-class, proven preventive measures and mechanisms to monitor the processing methods, flows and access to information in our possession in order to ensure that data processing is carried out not only in accordance with the law but also in accordance with the best practices in the field of data security and IT systems. Your data stored in our database will not be transferred outside the European Economic Area (EEA).


The categories of personal data processed by us are personal data that come directly from the persons concerned (or are provided to us on their behalf) or personal data that are collected from publicly available sources, in particular: name, surname, e-mail address, telephone number, correspondence address. Currently, in connection with our business activities we inform you that we process (or may process) your personal data in the following processes:

  • Personal data of our clients and contact persons

Data processing is required in order to provide all our services at the highest possible level, based on and within the scope of contracts or orders concluded with our clients. The refusal to provide such data makes it impossible to conclude agreements or accept orders. We will process all information relating to specific individuals or clients for the duration of the contract and five years after its termination (Article 6(1)(b) GDPR).

  • Data of persons interested in cooperation with us

Data processing is voluntary, but necessary to establish cooperation with new clients, at the request of persons interested in our offer, only for the duration of negotiations and business talks. All data in this respect are available only with your consent and in the scope specified by you (Article 6(1)(a) GDPR).

  • Personal data of our subcontractors and persons indicated for cooperation.

Data processing is necessary for the provision of services in accordance with applicable laws and regulations and for the proper cooperation with subcontractors. The refusal to provide data makes it impossible to achieve these purposes. We will process all information relating to specific individuals or clients for the duration of the contract and ten years after its termination, but not less than what is required by law (where applicable), (Article 6(1)(b) GDPR).

  • Data used for newsletters and marketing

Data processing is voluntary. You will only receive newsletter information from us if you have consented to receive it by subscribing to the newsletter. We will process your personal data for marketing and information purposes until you withdraw your consent, (Article 6(1)(a) GDPR).

  • Information on counterparties

Data processing is necessary for the fulfilment of legal obligations such as the Accounting Act and it is these regulations that form the basis for our data processing for a period of six years (five full years, according to the current legal situation). Refusal to provide data makes it impossible to conclude a contract, (Article 6(1)(c) GDPR).

  • Information about our employees and job applicants.

The processing of data is necessary for the fulfilment of legal obligations, e.g. imposed by Labour Law, and it is these regulations that form the basis for the processing of data by us for the period of time required by law. Refusal to provide data makes it impossible to conclude a contract, (Article 6(1)(c) GDPR). The data concerning job applicants is available to us thanks to the consent given to us and we process it throughout the recruitment process. However, subject to your consent, we may retain them for a period of one year for the purpose of future recruitment (Article 6(1)(a) GDPR).

  • Monitoring

We process video surveillance data to protect individuals and property and consider it a legitimate purpose. All data collected in this way shall be kept for one month (Article 6(1)(f) GDPR).

  • Contact via e-mail or form

Data processing is required to enable the provision of services in the event of answering questions to our clients and contractors via e-mail, text messages and telephone. Providing personal data is voluntary. (Article 6(1)(a) GDPR).


The Controller’s website uses the so-called cookies (special files coming from a given website, recorded and stored by a given web browser), which are then saved e.g. on the user’s hard drive or in the memory of the device. This type of files is used, among other things, to facilitate moving around the site managed by the Controller, and may also serve to better record specific user preferences on our site. Please be advised that it is possible to delete these files from your hard drive or block their storage. The way in which such changes are made depends on the web browser you are using; you can make the changes by properly configuring the browser settings or the device you are using. Not changing the above settings is interpreted as the user’s consent to accept cookies. Please note, however, that blocking the storage of cookies may hinder or completely prevent the use of selected features of the site. The Controller uses cookies technology to record information about the user’s behaviour on its website. The data collected is profiled and used for purposes such as creating personalised advertisements or demographic reports by the Controller. The Controller uses for this purpose, among others, Google Analytics tool tracking the traffic on the EPPARG website.


  • the Controller informs that he may use profiling for marketing purposes, but the decisions made on its basis by the Controller do not concern the conclusion or refusal to conclude an agreement or the execution of an order.
  • The effect of using profiling on the Website can be e.g. granting a discount or sending a purchase proposal, which may correspond to the preferences of a given person. In each case, it is up to the person concerned to decide whether he or she wishes to take advantage of the proposals received.


Personal data may be transferred to the following categories of recipients:

authorized employees and associates of the Controller and entities processing personal data on behalf of the Controller, including IT service providers, accounting, legal and consulting companies – solely on the basis of a relevant agreement;

  • couriers, carriers, shipping companies and participants in the shipping process – to the extent necessary to carry out the order for the Client;

entities providing technical or organisational support as well as entities authorised on the basis of legal regulations.

In each of these cases, we endeavour to keep our data up to date and accurate; with your privacy in mind, all information constituting personal data is minimized to a degree that allows us to process it properly.


At any stage of the processing of data by us, you have the right to:

  • access to your data, including obtaining information about the scope of data processed by us and obtaining a copy of your data;
  • modify and correct your data, including if there are no other legal contraindications to limit the scope of their processing;
  • completely delete your data (“the right to be forgotten”), if there are no other legal contraindications;
  • opt out from automated decisions based on profiling;
  • object to unlawful processing of personal data (including the withdrawal of consent at any time without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal);
  • transfer of data to another Data Controller, if the data are processed in connection with the consent granted or the agreement concluded;
  • file a complaint.

A complaint concerning the processing of personal data may be lodged with the supervisory authority dealing with the protection of personal data. I

In order to ensure proper service of your enquiries and to maintain due diligence during their service, you may apply for the exercise of your rights by sending correspondence on this matter to Each application submitted by you is considered individually and in accordance with the applicable law. We remind you that the possibility of using a specific right may depend on the legal basis assumed for the specific processing of your data and, for example, whether the processing of your data is dependent on the performance of a contract or a service. Your requests will be processed without undue delay, within a maximum of one month of receipt, however, it is possible that due to the nature of the request we will not be able to meet this deadline, in which case you will be notified of the delay and its causes. Similarly, if such circumstances should occur, we will inform you of the reasons for refusal to accept and process the request. Please be advised that the first request is processed free of charge, however, if your request is unreasonable or excessive, we reserve the right to charge a fee for the retransmission of information. You will be informed immediately of the amount of the fee or any other reason for which we are unable to process your request. In addition, in order to guarantee the security of the information provided, if we are unable to identify you correctly as a person authorized to receive data, we reserve the right to change the way in which we provide information, of which you will be informed. In the event of exercising the right to transfer data, the Data Controller shall directly transfer such data to another Data Controller, provided that it is technically feasible. The person applying for the exercise of this right will be informed of the decision on the possibility of transfer.


This Policy shall be effective as of 25 May 2018 until further notice and fulfils the legal obligation under Articles 13 to 14 GDPR. We reserve the right to change the current rules, always in order to improve the quality of our services and respecting your rights and privacy.

Thank you very much for reading our privacy policy.

EPPARG Limited