Eminence VSP Ltd (“EVSP”, “We” or “Us”) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits eminencevspltd.com (the “Site”) and shall only collect and use personal data in the ways that are described here, consistent with our obligations and your rights under the law.

It is important for you to know that We are governed by the UK’s Information Commissioner’s Office (“ICO”). ICO’s website provides in-depth information about personal data protection legislation (the “Legislation”) applicable throughout the United Kingdom, including General Data Protection Regulation (“UK GDPR”), including guidance to organisations on how the information privacy laws operate as well as information about the legal rights available to individuals.

Please read this Privacy Notice carefully and ensure that you understand it. You must fully accept this Privacy Notice for accessing and using the Site. If you do not accept any part of this Privacy Notice, please leave the Site immediately.

1. Under the Legislation, you have the rights which We shall always endeavour to uphold as follows:
   1. 1. the right to be informed about our collection and use of your personal data;
      2. the right to access the personal data We hold about you;
      3. the right to rectification of any of your personal data held by Us which is inaccurate or incomplete;
      4. the right to erasure to delete or otherwise dispose of any of your personal data that We hold, commonly known as the right to be forgotten;
      5. the right to restrict processing of your personal data;
      6. the right to object processing your personal data for a particular purpose or purposes;
      7. the right to withdraw consent to the extent that, your consent is the legal basis We rely on in processing your personal data, which you are free to withdraw that consent at any time;
      8. the right to data portability to transfer your personal data to other organisations when your personal data is machine-readable, and the requested transfer is technically feasible;
      9. the rights relating to solely automated decision-making and profiling i.e., not to be subject to any decision without human involvement concerning your legal rights (or equally important matters) or profiling for certain matters, including direct marketing; and
      10. the right to complain to the supervisory authority at any time for how We hold or process your personal data.
   2. Some or all of these rights are subject to different conditions, including limitations and exceptions. You can find more information about these rights from ICO.
2. It is important that your personal data is kept accurate and up-to-date. If you are aware that any of the personal data We hold about you is inaccurate, incomplete or not up-to-date, please inform Us immediately.
3. You may exercise any of your personal data related rights or raise related concerns to Us by sending written notice with our contact information supplied in this Privacy Notice. We may require You to provide specific information to confirm your identity or otherwise necessary to protect your interests as the individual whom the personal data is concerned.
4. In general, you will not be charged for any fee for exercising your rights above, save that We may charge You a reasonable fee to cover administrative costs when You require for more than one copy of the requested information or if your requested is unfounded or excessive clearly.
5. We welcome the opportunity to help resolving your concerns, and you are encouraged to prior contact Us for your concerns.

1. We may process data to enable Us to contact you (“Contact Data”).
   

   Contact Data	Collection method / Data source
   First name, surname, email address, telephone number	Webform; Contract

2. We may process data related to your access to and / or use of the Site and / or any our services supplied through the Site (“Usage Data”).
   

   Usage Data	Collection method / Data source
   IP address, MAC address, internet browser type / version / setting, time and length of visit	Analytic tracking system

3. We may process data contained in or related to the communication between you and Us (“Communication Data”).
   

   Communication Data	Collection method / Data source
   Communication content through email and related metadata	Communication content; System generated metadata

4. We may process data contained in or related to the surveys we conduct with you (“Survey Data”).
   

   Survey Data	Collection method / Data source
   Name, Company, survey feedback questions	Survey form, website

5. We may process data contained in or related to the purchases you have with us (“Purchase Data”).
   

   Purchase Data	Collection method / Data source
   Name, company, bank account details (debit/credit)	Stripe, GoCardless, Bank transfer/ Website

1. Under the personal data protection legislation, We are required to always have a lawful basis for processing personal data. We process your personal data with their purposes and legal bases as follows:
   

   Purpose	Lawful basis	Concerned personal data
   Operation and security of the Site	Legitimate interest	IP address, MAC address, internet browser type / version / setting, time and length of visit
   Email communication, including marketing	Consent; Contract; Legitimate interest	First name, surname, email address, telephone number, system generated metadata
   To run the survey, competition, or promotion	Consent; Legitimate interest	Name, Company, survey feedback questions, system generated metadata
   To find out what products you like	Legitimate interest	Purchase history comprises products/ services you liked, bank details, company details

2. We may process your personal data for purposes in addition to but compatible with the purposes specified in section 3.1. If We process your personal data in this way and you would like Us to explain the compatibilities of the purposes, you can contact Us with our contact information supplied in this Privacy Notice.
3. We shall seek your prior consent of any use of your personal data for a purpose that is not covered by sections 3.1 and 3.2, unless it is permitted by law and within the boundaries of the personal data protection legislation and your legal rights.

1. We may store some of your personal data within European Economic Area (“EEA”) consisting of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the EU GDPR and / or to equivalent standards by law. Transfers of personal data between EEA and the UK are permitted without requiring additional safeguards. We shall only transfer your personal data out of the UK and EEA where it has adequate levels of personal data protection. For more information, please refer to ICO.
2. We shall only engage third party services providers to process your personal data with appropriate legal instruments which ensure the same levels of personal data protection that apply under the personal data protection legislation, including the international data transfer agreement.
3. The security of your personal data is essential to Us, and We have various measures in place to protect your personal data, for instance,
   1. 1. limiting access to your personal data to those employees, agents, contractors, and other third parties on legitimate “need to know” basis; and
      2. having the vigorous procedures in place to deal with data breaches (i.e., accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data), including giving notification to you and/or ICO where We are legally required to do so.
4. You acknowledge that any personal data you submitted and may submit to the Site or Us may be available in the public domain around the world, and We have no control over or access to any processing of such your personal data.

1. We shall not keep your personal data for any longer than is necessary for the purposes specified in section 3, in particular,
   

   Data type	Maximum retention period
   Contact Data	Three (3) years.
   Usage Data	Three (3) years.
   Communication Data	Three (3) years.
   Survey Data	Six (6) years.
   Purchase Data	Six (6) years.

2. In the table under section 5.1, all the maximum retention periods start from the last of the data listed therein respectively.
3. Notwithstanding, We may retain your personal data for periods longer than any period specified in sections 5.1 and 5.2 pursuant to any legal requirement or obligation that We are subject to.

1. Other than for the purposes specified in section 3, We shall not share any of your personal data with any third parties for any purposes, subject to the exceptions as follows:
   1. 1. We sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party who may continue to process your personal data in the same way(s) that We process it;
      2. We are in the course of establishing or defending legal claims where disclosure of your personal data is necessary; and / or
      3. We are legally compelled to disclose certain personal data.

1. 1. The Site may include links to third-party websites, plug-ins and / or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy measures.
   2. All third-party contents on the Site may use third-party cookies described in section 8.2. Please note that We do not control the activities of such third parties, nor the data that they collect and process.
   3. We do not accept any responsibility for any of your visits to any third-party websites or any activities with third parties, and you are advised to refer to their privacy policies in advance of your actions.

1. 1. From the time you access the Site, We place and store certain first-party cookies on your browser and / or hardware. First-party cookies are those placed directly by Us and are used only by Us. We use cookies to facilitate and improve your experience with the Site and to provide and improve our services to you. We have carefully chosen these cookies and have taken steps to ensure that your personal data are protected and respected at all times.
   2. By accessing or using the Site, certain third-party cookies may also be placed and stored on your browser and / or hardware. Third-party cookies are those placed by operators / providers of websites, services or otherwise other than us. Third-party cookies may be used on the Site for marketing purposes. These cookies are not integral to the functioning of the Site and your use and experience of the Site will not be impaired by disabling or blocking them.
   3. All Cookies on the Site used by Us are in accordance with current laws in relation to cookies. To understand more about cookies on the Site, please refer to our Cookies Notice.

1. 1. Despite the fact that there is no complete guarantee of the security of information transmission over the internet, We strive to operate the Site with the highest security standards and put in place a robust framework of policies and procedures that includes various organisational and technical measures as matter of information risk management.
   2. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties on a “need to know” basis who only process your personal data based on our written instructions. All these parties are subject to the duty of confidentiality.
   3. We have put in place procedures to deal with any suspected personal data breach and shall notify you and any applicable regulator of a breach where We are legally required to do so.
   4. Notwithstanding, any information transmission, including transmission to the Site, is at your own risk. And where you are given or have chosen a password, including password to access the Site, you are solely responsible for keeping it confidential.

1. 1. We may update this Privacy Notice from time to time, and you acknowledge and agree that it is your responsibility to revisit and review this Privacy Notice to ensure you are good with the updates, if any. If you do not accept any part of the updates, you must cease to use and leave the Site immediately.
   2. We are not bound to notify you for any update of this Privacy Notice. We may notify you for significant updates.

• Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• Data subject means the identified or identifiable living individual to whom personal data relates.
• (Data) controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• (Data) processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Legitimate interest means the interest of our business in conducting and managing our business to enable Us to give you the best service and the most secure experience. We make sure We consider and balance any potential impact on you (both positive and negative) and your rights before We process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless We have your consent or are otherwise required or permitted to by law). You can obtain further information about how We assess our legitimate interests against any potential impact on you in respect of specific activities by contacting Us.
• Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Processing or process means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.