Edenhouse Solutions Limited and EdenOne Solutions Limited (jointly and severally referred to as ‘we’, ‘us’ and ‘our’) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the data protection and privacy laws which apply across the European Union (including those in the United Kingdom), and we are responsible as a ‘Controller’ of that personal information for the purposes of those laws.
We collect, store and use the following personal information when you provide it to us:
Occasionally we receive personal information from third party sources, which vary from time to time, but generally include:
We use your personal information to:
Edenhouse Solutions Limited and EdenOne Solutions Limited are group companies which provide SAP related products and services. We therefore share personal data with each other which for the purpose of offering and providing products and services to you.
We further share your personal data with your consent or as reasonably necessary to provide any product or service you have requested or authorised. It is sometime necessary to share personal data with SAP (UK) Limited, Clockhouse Place, Bedfont Road, Feltham, Middlesex TW14 8HD and its group companies, and occasionally other third party suppliers, in order to provide you with the products and services you may request. Some of those third party suppliers may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We may share your personal data with vendors or agents working on our behalf e.g whom we have hired to provide us with customer service support or assistance to protect and secure our systems and services. In these cases such companies are required to abide by our privacy and security requirements, and are prohibited from using personal data received from us for any other purpose.
We will share personal information with law enforcement or other authorities if required by applicable law, or in order to respond to a valid legal process.
We will not share your personal information with any other third party without your consent.
The provision of Name and Contact Data and Credentials may be required to enable us to provide products and services to you. The use of such data also assists us to ensure the secure and effective management of the supply of products and services.
We will inform you at the point of collecting information from you, whether you are required to provide the information to us, and any impact this may have on our ability to deliver products/services if you decline.
We hold personal data for as long as is necessary to provide the products and services offered and/or supplied to you, or for other legal purposes such as complying with the law and our legal obligations, resolving disputes and enforcing our agreements. As retention periods may vary depending on the processing activity with which the personal data is concerned, the following criteria is will be considered:
We may process relevant personal data where such processing is necessary for the performance of a contract or to take steps to enter into a contract.
Processing may be necessary for our compliance with any relevant legal obligations. By way of example only, certain products, technologies and services are subject to export laws in various contracts, and you acknowledge that we may be required to take measures to prevent entities, organisations and parties listed on government –issued sanctioned party lists from accessing such products, technologies and services. This may include checks on user registrations data, or contacting a user to confirm his or her identity
We may also process personal data for our legitimate business interests in the following circumstances:
In the following circumstances, we will only use your personal data if you have granted prior consent:
You may withdraw your consent to the above processing at any time by emailing firstname.lastname@example.org, when we shall cease to process any data permitted subject to this consent, unless otherwise legally required to do so. In the event that we are required to retain your personal data for legal reasons, we shall retain your personal data for period required by law.
As a Controller we process personal data in the European Economic Area. However, we may transfer your personal information to sub-processors, who may process data within as well as outside of the EEA. As a consequence, whenever such transfers occur your personal data may be transferred to countries outside of the EEA subject to Standard Contractual Clauses in order to contractually provide that your personal data is subject to a level of data protection that applies within the EEA.
If you would like further information please contact the Privacy Team (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
We are committed to protecting the security of personal date. Being ISO 27001 certified ensures the ongoing confidentiality, integrity, availability and resilience of our processing systems. We also have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Whilst data transmission over the internet is inherently insecure (such that we cannot guarantee the security of data transmitted by this means), all electronic communications from us shall be encrypt.
Our website(s) may contain links to third party (meaning websites which are not owned by us). We are not responsible for the privacy practices or the content of such third party websites.
We hope that we can resolve any query or concern you raise about our use of your information. However, you also have a right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner, who may be contacted at https://ico.org.uk/concerns/.
If you wish to contact us, please: