Privacy Policy

Who we are

Epic Enterprise Limited T/A EpicZen (“We”) is committed to protecting and respecting your privacy and safeguarding your data and individual-level information in a secure, respectful and trustworthy manner.

This notice sets out how we will process any personal data we collect from you, or that you provide to us. Please read the following carefully to understand our views, practices and processes regarding your personal data and how we will treat this information.

For the Data Protection Act, the data controller is Epic Enterprise Limited T/A EpicZen of 1a Camden Walk, London, N1 8DY.

EpicZen is committed to, and fully compliant with all our statutory and legislative regulations (and our supporting in-house best practice guidelines) to ensure the security and confidentiality of the data relating to that of our customers, our staff and all associated third parties. Our processes and systems, both computer-based and paper-based, adhere to the standards set by the Data Protection Act.

We ensure that our company servers, personal computers (PCs), laptops and company mobile devices are suitably secure for our work with our customers and suppliers.

We have rigorous systems and safeguards in place which we underpin with in-house training and regular auditing of our IT systems to ensure that all sensitive commercial data and individual level information is shared only on a need-to-know basis, and to ensure that cyber threats are managed, mitigated, and eliminated.

EpicZen has proactively sought external guidance to ascertain how we as a business can implement the stipulations of the General Data Protection Regulation (GDPR) to serve our customers best.

We are further developing our GDPR policy that we will be seeking feedback on to inform users how we manage their data. We are also honing and refining our comprehensive set of internal policies and guidance for how we as a business can maximise the opportunities offered by GDPR legislation.

The information we collect

  • Customer’s first and last name & email address for EpicZen’s point reward system & EpicZen’s marketing purposes.
  • Customer’s first, last name, email address, postal address, phone number for the Hair Analysis Service and online shop orders.
  •  Customer’s first name, last name, email address and telephone number, for out of stock product orders or/and requested products or services, by the customer.

Collection of personal information

We will use your personal and non-personal information only for the purposes for which it was collected or agreed with you, for example:

To carry out our obligations arising from any agreement entered into between you and us;
To notify you about changes to our service;
For the detection and prevention of fraud, crime, or other malpractice;
To conduct market or customer satisfaction research or for statistical analysis;
For audit and record keeping purposes;
In connection with legal proceedings;
We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law;
Collect information about the device you are using to view the EpicZen’s website, such as your IP address or the type of internet browser or operating system you are using;
To respond to your queries or comments.
Depending on the nature of our relationship with you, we may collect different information and these differences are outlined below.

Customers

We collect and process your personal information mainly to provide you with access to our services and products, to help us improve our offerings to you and for specific other purposes explained below. We do not knowingly set out to collect personal data, and it is only provided to us by you by contacting us via our website www.epiczen.co.uk (“our website”) or by phone or by email. Once collected, this data is only used to deliver the service and to respond to you, answer any questions you have. We do not collect sensitive data – financial or information about children. This does, however, include name, phone number, email etc. We receive and process the following information relating to our customers:
We will collect information relevant to our legal obligations as an employer or as a contracted party for drivers and may include your name, phone number and email, also, to address, bank account details, and information relating to criminal convictions and other information as part of our screening and vetting processes.

Suppliers

We will collect information relevant to our status as a customer of yours and may include your name, phone number and email, also, to address, and information relating to the services and products you provide us.

Why we need it

We need to know your data to reply to you and provide you with services. We will not collect any personal data from you which we do not need to produce and oversee this service to you. The lawful basis for processing data identified by EpicZen includes:

Legal obligations (for example, as an employer or as part of commitments with regards to HMRC);
Performance of a contract (especially with regards to our customers and our suppliers);
Legitimate interest (such as when we ask for your feedback or advice on how to continually improve);
Consent (only used when sensitive information is required to be processed by us).
What we do with it

The limited personal data we process is only processed in the UK. Our hosting is exclusively done in the UK. Third parties will have access to your personal data only when they are under contract and following the signature of a non-disclosure agreement and just in line with the services these third parties are contracted to do so for EpicZen to function as a business. These third parties include:

Data subject

What we may do with the personal data

Customers

Data will be disclosed to the designated driver on a fare by fare basis so as they can complete the service requested;
Auditors, consultants and specialist service providers to ensure EpicZen operate legally and safely. These include hosting, and IT services providers, critical to the infrastructure of our website;
EpicZen personnel so as they can assist with the delivery of the service requested or to respond to any contact from customers;
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services purchased from EpicZen and on an exceptional basis);

Suppliers

Auditors, consultants and specialist service providers to ensure EpicZen operate legally and safely. These include hosting, and IT services providers, critical to the infrastructure of our website;
EpicZen personnel and drivers so as they can assist with the delivery of the service requested or to respond to any contact with customers;
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services provided to EpicZen and on an exceptional basis);
Police and other regulatory authorities (upon receipt of an appropriate and legitimate request).

If there is a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce or apply our terms and conditions of supply and/or any other agreements; or to protect the rights, property, or safety of Epic Enterprise Limited, EpicZen, our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

How long we keep it

Service user personal data will be retained for no more than three years following each use of our service unless you exercise your rights highlighted below.

Of course, we will look to retain records for no longer than is necessary.

What we would also like to do with it

We do not collect personal data for marketing purposes. We publish articles from time to time and only post these on our website and/or on social media sites to assist and generate interest in our business. We will not record any personal data that may be used by cookies for this website to interact with you.

What is your Data Subject Access Rights?

You have the right to the following:

Right to access – you have the right to request a copy of all data we hold about you;
Right to rectification – where any data we hold is incorrect, you have the right to ensure it is correct;
Right to be forgotten – if you no longer wish for us to keep your data, we will delete it;
Right to portability – you can ask us to provide your data to a third party in machine-readable format;
Right to restrict processing – since we only use this to contact you, there is no processing to limit, we would delete the information wherever possible and in keeping with our obligations.
If at any point you believe the information we process on you is incorrect, you may request to see this information and even have it corrected or deleted. If you wish to raise a complaint about how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not following the law you can complain to the Information Commissioner’s Office.

Our Data Protection Officer is Ivo Aulik, and you can contact him at [email protected], 02072269930 or by post by writing to 1a Camden Walk, London, N1 8DY.