This privacy statement was last updated on 9th July 2025 and applies to citizens and legal permanent residents of the United Kingdom.
In this privacy statement, we explain what we do with the data we obtain about you via https://www.eventprophire.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:
- we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
- we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
- we first request your explicit consent to process your personal data in cases requiring your consent;
- we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
- we respect your right to access your personal data or have it corrected or deleted, at your request.
If you have any questions, or want to know exactly what data we keep of you, please contact us.
1. Sharing with other parties
We only share or disclose this data to processors for the following purposes:
Processors
Name: Zoho
Country: Ireland
Purpose: Customer Relationship Management (CRM) and quote‐request processing
2. Cookies
Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.
3. Disclosure practices
We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.
If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.
We have concluded a data processing agreement with Google.
Google may not use the data for any other Google services.
The inclusion of full IP addresses is blocked by us.
4. Security
We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.
The security measures we use consist of:
- (START)TLS / SSL / DANE Encryption
- Login Security
- Website Hardening/Security Features
- Vulnerability Detection
- HTTP Strict Transport Security and related Security Headers and Browser Policies
5. Third-party websites
This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.
6. Amendments to this privacy statement
We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.
7. Accessing and modifying your data
If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:
- You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
- Right of access: You have the right to access your personal data that is known to us.
- Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
- If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
- Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
- Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.
Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.
8. Submitting a complaint
If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner's Office:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
9. Data Protection Officer
Our Data Protection Officer has been registered with the Information Commissioner's Office. If you have any questions or requests with respect to this privacy statement or for the Data Protection Officer, you may contact EPH Creative LTD, or via hello@ex.comephcreative.co.uk.
10. Children
Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.
11. Contact details
EPH Creative
Unit 760
Street 1, Thorp Arch Industrial Estate
Wetherby, West Yorkshire LS23 7FW
England
United Kingdom
Website: https://www.eventprophire.com
Email: hello@ex.comephcreative.co.uk
Phone number: 01937 222777
Job Applicant specific
Last updated: 9 July 2025
Applies to: Candidates applying for roles at EPH Creative (EU/UK residents)
1. Introduction
EPH Creative (“we”, “us”, “our”) collects and processes personal data about you during recruitment. This Policy explains what we collect, why, how long we keep it, and your rights.
2. Data Controller & DPO Contact
Data Controller:
EPH Creative
Unit 760, Thorp Arch Industrial Estate, Wetherby, West Yorkshire LS23 7FW, UK
Data Protection Officer:
Email: [email protected]
3. Information Collected
We may process:
-
Identity & contact data: name, address, email, phone
-
Qualification & employment history: CV, resume, references
-
Remuneration details: current salary, benefits
-
Eligibility & right-to-work data: passport, visa
-
Special categories (voluntary): disability status (for adjustments)
Sources include your application forms, interviews, identity documents, and (after offer) referees.
4. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Assessing your suitability (CV, interviews) | Legitimate interest (managing recruitment) |
| Right-to-work checks | Legal obligation (Immigration Acts) |
| Disability adjustments | Explicit consent (Art 9 GDPR) and legal obligation (equal opportunities) |
| Equal-opportunity monitoring | Legal obligation / public interest |
| Communicating with you | Consent (where required) |
5. Special Categories of Data
We only collect health/disability data if you choose to provide it for reasonable adjustments. Any diversity data (e.g. ethnicity, gender) is voluntary and anonymous.
6. How We Use Your Data
-
To manage recruitment: review applications, conduct interviews, make offers.
-
To comply with legal obligations: e.g. eligibility checks.
-
With your consent for future roles: we may retain your CV for up to 6 months beyond the current process.
7. Automated Decision-Making
We do not use any fully automated decision-making or profiling in our recruitment.
8. Data Sharing
We share your data only with:
-
Internal teams: HR, hiring managers, IT (for system support)
-
External processors: Zoho Corp (CRM & quote-request processing) under our DPA
-
Referees: only if you accept an offer and provide referees
We do not transfer data outside the EEA.
9. Data Retention
-
Unsuccessful applicants: deleted 6 months after the recruitment ends.
-
With consent for future roles: retained up to 12 months total.
-
Successful applicants: moved to our Employee Privacy Notice and retained per that policy.
10. Security Measures
We apply appropriate technical and organizational controls, including:
-
TLS/SSL encryption
-
Access controls & login security
-
Regular vulnerability scans
-
Security-header enforcement (HSTS, CSP, etc.)
11. Your Rights
Under UK GDPR you can:
-
Access your personal data
-
Rectify inaccurate data
-
Erase or restrict processing
-
Object to processing (including profiling)
-
Data portability
-
Withdraw consent at any time
To exercise rights, email [email protected]. If unsatisfied, you may complain to the Information Commissioner’s Office at https://ico.org.uk.
12. How to Complain
Contact our DPO first. If unresolved, lodge a complaint with:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
13. Policy Updates
We may amend this Policy. The latest version is always available at:
https://www.ephcreative.co.uk/privacy-statement