Privacy Policy

1. About this Privacy Policy

This website is operated by ERC Equipoise Limited. In this Privacy Policy we refer to ourselves as “ERCE”, “we” and “us”.

We are an independent energy consulting group that offers a broad range of consultancy services to organisations in the oil and gas industry (“Services”).

This Privacy Policy is aimed at:

• all individual users of our website (“Website Users”);
• all directors, officers, personnel, agents, contractors and other representatives of organisations that have enquired about our Services, or requested or engaged us to provide Services to them (“Customer Representatives”); and
• all directors, officers, personnel, agents, contractors and other representatives of organisations that supply goods and/or services to us (“Supplier Representatives”).

Our website and Services are not intended for use by children, nor do we knowingly collect data relating to children.

This Privacy Policy describes how we obtain, collect, use and protect personal data belonging to our Website Users, Customer Representatives and Supplier Representatives through their use of our website and during the course of our marketing communications and provision of the Services.

We are a “controller” for the purposes of applicable data protection legislation. This means that we are responsible for deciding how we hold and use personal information about you.

Please read this Privacy Policy carefully. From time to time we may also issue other privacy or fair processing notices to you in relation to the way in which we collect personal data about you, which we will bring to your attention.

2. Who we are and how to contact us

ERC Equipoise Limited is a limited company registered in England and Wales under company number 03587074. Our registered address is Eastbourne House, 2 Saxbys Lane, Lingfield, Surrey, RH7 6DN.

We have appointed a data privacy manager to oversee compliance with this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our data privacy manager in writing, either:

• by post to Data Privacy Manager, 6th Floor Stephenson House, 2 Cherry Orchard Road, Croydon, CR0 6BA; or
• by email to gdpr@erce.energy

3. Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data during your relationship with us.

4. Third party links

Our website may include links to third party websites, plug-ins and applications not controlled by us.

We recommend that you exercise caution before clicking any such external links. By clicking on these links or enabling connections, you may be allowing third parties to collect or share your personal data.

We have no control over these third party websites, plug-ins or applications and we cannot guarantee their suitability, nor do we verify the safety or security of the contents which may be subsequently provided to you.

If you choose to click on such third party links, we recommend that you review their privacy notices to understand what personal data they collect about you and how they use it.

Your use of external links is at your own risk and we are not responsible for any damages or consequences resulting from your use of them.

5. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together below:

• Identity data including your name and job title.
• Contact data including your email address and telephone numbers.
• Technical data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
• Usage data including information about how you use and navigate our website and if you encounter any problems.
• Marketing and communications data including your preferences in receiving marketing and communications from us.
• Social media data when you connect with us via social media such as LinkedIn, or like or follow our social media accounts, which may include your social media handle, photograph, date of birth, location, occupation, interests and other information and content you make available via your social media accounts.

We do not collect any special categories of personal data.

6. How we collect personal data

• Direct interactions

You may provide your personal data to us directly when you correspond or interact with us (in person or via our website or social media, or by post, telephone or email).

This includes personal data you provide when you:

• Make an enquiry;
• Subscribe to receiving marketing communications;
• Connect with us, follow us or “like” us on social media;
• Procure our Services;
• Supply services to us.
• Automated technologies or interactions

When you interact with our website, our systems will automatically collect technical data and usage data (described above) about your equipment, which may include browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies Policy [https://www.erce.energy/cookies-policy/] and section 11 below for further details.

7. How and why we use personal data

We will only collect and process your personal data where we have a legal basis to do so. The legal basis will vary depending on the manner and purpose for which we have collected your personal data. Most commonly, we will use your personal data in the following circumstances:

• Where we have your consent to do so;
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
• Where it is necessary to comply with a legal or regulatory obligation that we are subject to;
• Where it is necessary as part of investigations by regulatory bodies, or in connection with legal claims or proceedings.

We may have a legitimate interest in processing your personal data for our own business purposes, including (without limitation):

• To process and manage any request for Services (made by us or you);
• To respond to an enquiry submitted to us (including via our website, social media accounts, post, email, telephone or in-person);
• To manage our relationships with Website Users, our customers and suppliers, fulfil our obligations under a contract we have with a customer or supplier (where you are a Customer Representative or Supplier Representative) and to notify you of changes to our terms and conditions or other policies;
• To administer and protect our business and website;
• To undertake money laundering checks, credit risk reduction or for other fraud and crime prevention purposes;
• To promote our Services;
• For the purposes of recruitment.

We may also process personal data to fulfil our legal, regulatory and risk management obligations, including for the purpose of establishing, exercising or defending legal claims.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further detail about the specific legal ground we are relying on to process your personal data.

8. Marketing

From time to time, we may send marketing communications to you if:

• you are a Customer Representative, you have engaged with us and you have not opted out of receiving marketing communications from us; or
• we consider we have a legitimate interest in contacting you about our Services; or
• you have otherwise consented to receiving marketing communications from us.

Such marketing communications may include:

• from time to time, if you are a Customer Representative, a communication to determine if the customer may require our Services in the near future;
• invitations to corporate events;
• cards for special day celebrations; and
• ERCE Newsletters/Reviews or Technical Review document delivery.

You can ask us to stop sending you marketing communications at any time, by clicking on the unsubscribe button in the footer of any marketing email from us or by contacting us at gdpr@erce.energy.

9. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

10. If you fail to provide personal data

Where we need to collect personal data from you in order to comply with our legal obligations or to fulfil our obligations under a contract we have with a customer or supplier (where you are a Customer Representative or Supplier Representative) or to take steps before entering into such a contract, we may not be able to perform the relevant contract (for example, to provide the Services) if you fail to provide such personal data.

11. Cookies

Our website uses cookies. A cookie is a small data file which is stored on your browser or the hard drive of your computer (or other electronic device) when you access our website. Cookies help us to distinguish you from other users of our website and keep track of your visits.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our site may become inaccessible or not function properly.

For more information about the cookies we use and the reasons why we use them, please see our Cookies Policy [https://www.erce.energy/cookies-policy/].

12. To whom we disclose personal data

We do not and will not sell your personal data to third parties. We may share your personal information with third parties where required by law, where it is necessary to fulfil our obligations under a contract we have with a customer or supplier (where you are a Customer Representative or Supplier Representative) or where we have another legitimate interest in doing so.

We may share your personal data with:

• other members of our group of companies; and
• third party suppliers and service providers that we use in connection with and for the purposes of providing the Services, including, for example, providers of cloud storage, data centres and telecommunications providers, or other third party providers that may provide an element of the Services to you (or a customer or supplier where you are a Customer Representative or Supplier Representative) or on our behalf.

We may also disclose personal data to:

• financial institutions or regulators, or HMRC, or to otherwise comply with the law; and
• our lawyers, and other professional advisors, insurance broker and insurers.

We may also share your personal data with third parties in the context of a possible sale of some or all of, or restructuring of, our business.

13. Transfers of data outside the EEA

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”).

Whenever we transfer your personal data out of the EEA, we shall ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:

• where we share your personal data within the ERCE group of companies, all group companies are required to comply with this Privacy Policy;
• we may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
• in some instances, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries;
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EEA and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you would like further information regarding the specific mechanism used by us when transferring your personal data outside of the EEA.

14. Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those directors, employees, agents, contractors and other third parties who have a business need-to-know. They are only permitted to process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

15. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

We may also retain certain information in order to conduct audits, to comply with our legal and contractual obligations and to resolve disputes. However, we will not retain your personal data for longer than reasonably necessary.

16. Your rights in respect of your personal data

You have the following rights in respect of the personal data that we process about you (where we determine the purpose and means for which that personal data shall be processed):

• the right to request access to your personal data that we hold and to receive certain information relating to that data (commonly known as a “data subject access request”);
• you may have the right in accordance with applicable data protection law to have personal data we hold about you rectified or restricted;
• you may, in some circumstances, have the right to have personal data we hold about you deleted (although note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request);
• in some circumstances, you may have the right to receive or ask for your personal data to be transferred to a third party;
• you have the right to object to how we process your personal data in certain circumstances, including the right to ask us not to process your personal data for marketing purposes;
• where we are processing personal data relating to you on the basis that we have your consent to do so, you may withdraw your consent at any time (this will not affect the lawfulness of any processing carried out before you withdraw your consent). If you withdraw your consent, please note that we may be unable to provide the Services.

If you wish to exercise any of the rights set out above in respect of your personal data, please contact our data privacy manager using the contact details set out in section 2 above.

We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (ico.org.uk). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we will endeavour to resolve your complaint.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, and if we do we will post any changes on this page. If you continue to access this website or engage with us in relation to the provision of the Services after those changes have come into effect, you will be deemed to have agreed to the revised policy.

This Privacy Policy is version 1, and was last updated on 18.10.2018. You are advised to download or print a copy and retain it for your records.