Privacy Policy

We take your data protection very seriously and we ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you would like to make a complaint.

PhoreMost Limited takes the privacy of your information very seriously. We are a registered data controller at the Information Commissioner's Office with registration number ZA399167.

Who we are

PhoreMost Limited collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the UK General Data Protection Regulation and Data Protection Act 2018, as well as GDPR which applies across the European Union, and we are responsible as 'controller' of that personal information for the purposes of those laws.

Your rights

Under the UK General Data Protection Regulation, you have several important rights free of charge. In summary, those include rights to:

  • Fair processing of information and transparency over how we use your use personal information.
  • Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address.
  • Require us to correct any mistakes in your information which we hold.
  • Require the erasure of personal information concerning you in certain situations. In this event PhoreMost will take all reasonable steps to erase your data and to inform controllers who are processing your personal data to erase any links to or copies or replications of your personal data.
  • Receive the personal information concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations.
  • Object at any time to processing of personal information concerning you for direct marketing.
  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
  • Object in certain other situations to our continued processing of your personal information.
  • Otherwise restrict our processing of your personal information in certain circumstances.
  • Withdraw consent you have previously supplied to us.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under the General Data Protection Regulation available here: Individual rights | ICO

If you would like to exercise any of those rights, please contact us (see 'How to Contact Us' below).

The Personal Information We Collect and Use

If you are our Website user, we might collect:

  • Your name,
  • Your contact information (email address),
  • Your Contact Us form responses.
  • Your Usage Data (e.g., your IP address).
  • Cookies and Tracking Technologies.

We will also collect information about you when you apply for a job with us.

If you applied for a job with us, please refer to our Recruitment Privacy Notice for more information.

Information Collected from Other Sources

We collect information about your interests and browsing behaviour from Google Analytics, Google AdWords, and social media providers such as Facebook, LinkedIn, and Twitter. Please see our Cookie Policy for more information.

Please see our CCTV Privacy Notice for more information on CCTV.

How We Use Your Personal Information

We use your personal information for the following purposes:

  • To respond to your enquiries and keep a record of our communications with you.
  • To help us understand our clients and potential clients, and the effectiveness of our advertising, so that we can plan and deliver effective campaigns to develop our business.
  • To understand how people use our website, so that we can design the website to suit our users.
  • As part of our efforts to keep our website secure.
  • To process employment applications within PhoreMost.
  • To fulfil our obligations as an employer under employment contract.
  • We operate CCTV cameras on premises for security purposes.

Who We Share Your Personal Information With

We share your data with the businesses that provide IT and related services to us, such as our customer relationship management systems, and website hosting. We only share the types of data that those businesses need to provide us with those services, and we make sure our data sharing is governed by a contract that controls what those businesses can do with that data.

If we sell our business, we may provide your personal data to the new owner so that the new owner can continue to operate the business.

We will share personal information with law enforcement or other authorities if required by applicable law.

We will not share your personal information with any other third party.

How Long Your Personal Data Will Be Kept

We will hold your personal data for no longer than necessary for the purposes explained above, and in accordance with our retention schedule. Please contact our Data Protection Officer for more details if required. If you are a job applicant, please see Recruitment Privacy Notice for more details.

Reasons We Can Collect and Use Your Personal Information

Under UK GDPR, the lawful bases we can rely on for processing your information are:

  • GDPR Article 6(1)(a) – your consent. *
  • GDPR Article 6(1)(b) – We have a contractual obligation.
  • GDPR Article 6(1)(c) – We have a legal obligation.
  • GDPR, Article 6(1)(d) – In order to protect the vital interests of You or a third party.
  • GDPR, Article 6(1)(e) – We have a public interest.
  • GDPR, Article 6(1)(f) – We have a legitimate interest.

* Where the lawful basis for processing is Consent, you are able to remove your consent at any time. You can do this by contacting our DPO using the contact details provided in the Contact Us section below.

Processing Activity Lawful Basis
To collect information from you and monitor, provide and maintain our Service. Legitimate Interest
To contact you following your enquiry where you have provided your contact information and to reply to any questions, suggestions, issues, or complaints, including any Data Subject Requests, about which you have contacted us. Legitimate Interest
To collect your Usage Data to power our security measures and services so you can safely access our website and other services. Legitimate Interest
To contact you, where you have provided your contact information, about news and information relating to our Services through service messages Legitimate Interest
B2B direct marketing to you, where you have provided your contact information, about products and services from us where you are classified as a corporate subscriber and/or the ‘soft opt-in’ applies under UK PECR. Legitimate Interest
B2B direct marketing to you, where you have provided your contact information, about products and services from us where you are a sole trader, partnership or otherwise classified as an individual subscriber and/or the ‘soft opt-in’ does not apply under UK PECR. Consent
Where you are an employee of PhoreMost’s Service Providers, to collect information from you or your employer and make available our services to your employer. Legitimate Interest
Where you are an employee of PhoreMost Service Providers, to collect information from you or your employer and liaise with your employer about your contact details and/or the nature and performance of your work, as required. Legitimate Interest
To retain any accounting information generated during our interaction for statutory accountancy retention periods. Legitimate Interest
To respond to and defend against legal claims, where you have provided us with information which may give rise to legal claims. Legal Obligation
To ensure the safety and security of our office premises and to fulfil any legal obligations we might have towards health and safety of our employees (CCTV). Legitimate Interest/Legal Obligation

Transfer of Your Information Out of The EEA

We may transfer your personal information outside the UK and European Economic Area (EEA) for us to use the services of our suppliers where they are based outside the EEA. We do this, for example, where we use IT services hosted on servers outside the EEA.

Such countries have different data protection laws to the United Kingdom and EEA. Where we transfer of your personal information to non-EEA countries we will do so in accordance with the General Data Protection Regulation, ensuring that appropriate safeguards are in place. In most cases, the safeguard will be the use of standard data protection clauses adopted by the European Commission or IDTA within the United Kingdom.

To obtain more information about those safeguards please contact us (see 'How to Contact Us' below).

Keeping Your Personal Information Secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We deployed appropriate procedures and technical security measures to safeguard your information across all our computer systems, networks, websites, mobile apps, offices, and stores.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to Make a Complaint

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns.

Children’s Privacy

We do not seek to collect any personal information about children under 13 years of age. If we become aware that we have unknowingly collected personal information from a child under the age of 13, we will make commercially reasonable efforts to delete such information from our database. CCTV footage for entry and exit to the offices is covered by our CCTV policy.

Changes to This Privacy Notice

This privacy notice was published on 8th June 2018 and last updated on 14th August 2023.

We may change this privacy notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.

How to Contact Us

If you wish to contact us, please send an email to gdpr@phoremost.com, write to PhoreMost Ltd, Unit 7, The Works, Unity Campus, Pampisford, CB22 3FT or call 01223 856 740.

Version Description of changes Change Type Date Author
1.0 Creation of original document Creation 14-Aug-2023 Amy Prosser