Privacy Policy

Privacy Policy 


This policy contains the core information around personal data processing at Entity Group. It sets out information that would need to be provided in relation to all processing, to be supplemented with more specific information where necessary.

Policy Statement

Entity Group is committed to absolute transparency around what we are going to do with your data. This policy sets out in a single, accessible place, the common processing that we undertake with your data.

What information we collect about you

The Entity website has contact forms for different purposes where you are able to provide your name and contact details. We may also collect names and contact details through telephone, email or letter communication. Your details, which includes name, address, email, telephone number etc, all form what is known as your Personal Data.

When you visit this website, and even if you do not enter your details into a form, we may collect technical information about you such as your IP Address (Internet Protocol), the type of device that you used to access the website, browser type and version, the country, the telephone code for the area your computer is located, the pages that you visited, response rates of the web pages, your length of visit to certain pages. A cookie is a small file which is placed on your computer.

Where data is collected by Entity Group, Entity Group becomes the Data Controller. Our contact details are the same as those for our Data Protection Officer. 

If you have any comments or queries regarding the use of your data or you wish to express your individual rights.

Please contact the Entity Data Protection Officer (DPO) by email – dataprotectionofficer@entitygroup.com or by post Data Protection Officer, Entity Group, 980 Cornforth Drive, Kent Science Park, Sittingbourne, Kent. ME9 8PX or by phone +44 (0) 1795 415800.

Why do we collect your data and what will we do with it?

  1. Where you enter personal data into the website, we will collect your data for the purpose(s) specified on the relevant form and will only use that data for those purpose(s) and the support purposes set out below. Each purpose will have a legal basis upon which we shall rely to justify processing your personal data. We will choose the most appropriate basis for processing that respects your rights and protects your personal data from one of the following:
    1. Consent: we will seek consent to specific processing purposes where you are new to Entity or the processing is unrelated to any previous contact between us
    2. Legitimate interest: will be relied on where you would reasonably expect us to process your data for a given purpose, particularly where you are a client of Entity.
  2. The technical information (which may be stored on your device) that may be collected as part of your visit to this website is used to assist with improving our website performance and effectiveness for you and your device, and protecting it from attacks. This is necessary for us to be able to analyse web traffic and optimise the website experience for you. We only use this information for statistical analysis purposes and individuals cannot be identified from it. Although it may be possible to identify an individual from an IP address that is captured, Entity Group does not do this. This data is only used to protect the website from denial of service attacks and to investigate suspicious activity. This is necessary for the protection of any web presence against cyber threats and to ensure adequate security (GDPR Legal Basis  – Legitimate Interest)
  3. Back-ups of all data are taken and stored securely in order to minimise disruption in the event of an incident that affects business continuity. This ensures that we can continue to respect your data rights, provide services to you with minimal disruption, and only process your data for the purposes for which it was collected. In the event of such an incident, personal data from back-ups may be restored to the original system from which the back-up was taken. The period for which back-ups will be kept will vary for different purposes and will be specified at the point of data collection. (GDPR Legal Basis – Legitimate Interest)
  4. In order to ensure that we continue to respect your data rights, particularly around security of personal data, it is necessary for systems and processes to be kept under review. Development of systems, and training of staff for process improvements, as a result of those reviews will use randomised and or pseudonymised personal data. This protects you by preventing the identification of individuals, but ensures the best outcome for the training and development by basing it in real data (GDPR Legal Basis – Legitimate Interest).

Who do we share your data with?

Categories of recipient will be defined at point of data entry for personal data, or your consent will be sought before sharing data with a new recipient.

Technical data may be used with other organisations in the Entity Group for the same purposes, but will not be used beyond the Group.

Data will be shared with hosting companies and similar organisations who support our infrastructure, subject to appropriate controls and security measures that we define.

We will never sell your personal data to any external organisation

Your rights regarding the personal data we hold

The following sets out your rights under GDPR and when they arise

1. The right to be informed

This is your right to be informed about the collection and use of your personal data that we hold. This document provides the details of this to be read in conjunction with more specific information provided where personal data is collected.

2. The right of access

This is your right to see your personal data that we hold, together with supplementary information around the processing it is undergoing.

3. The right to rectification

This is your right to have inaccurate personal data we hold corrected, or completed if it is incomplete.

4. The right to erasure

This is your right to have your personal data erased, this is also known as ‘the right to be forgotten’. A request for erasure can be verbally or in writing, and Entity has 1 month to respond to a request. The right is not absolute and only applies in certain circumstances

5. The right to restrict processing

This is your right to request that Entity restricts the use of your personal data. This is not an absolute right and only applies in certain circumstances. If you exercise your right to restrict processing is restricted, Entity is still permitted to store the personal data, but not use it. You can make a request for restriction verbally or in writing and Entity Group has 1 month to respond.

6. The right to data portability

This is your right to data portability, this allows you to obtain and reuse for your personal data for your own purposes across different services. We will provide your data in a structured, commonly used and machine-readable format and will transmit it directly to another data controller if required.

7. The right to object

You have the right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority;
  • direct marketing; and
  • processing for purposes of scientific/historical research and statistics

Entity Group do not carry out profiling based on personal data for any purpose.

Rights in relation to automated decision making and profiling

You have the right not to be subject to any automated decision making (making a decision solely by automated means without any human involvement) that has a legal or other similar significant effect on you.

Entity group do not carry out such automated processing on any personal data for any purpose.

1. Right to withdraw consent

Where processing for a specific purpose is based on consent you have given, you can withdraw consent at any time, and we will no longer process your data for that purpose. This does not affect the lawfulness of the processing prior to withdrawal.

2. Right to lodge a complaint

You have the right to lodge a complaint with the Information Commissioner’s Office

To exercise any of the above rights please contact our Data Protection Office using the link above.

Duration for storing personal data

We never keep personally identifiable information for any longer than is necessary for the specific purpose(s) for which it has been collected. We consider each purpose carefully and separately to ensure that this is the case. Specific retention periods may be defined at point of data entry.