Last updated: 22/04/2026
1. Introduction
This Privacy Policy explains how EC4 Group Limited (“EC4C”, “we”, “us” or “our”) collects, uses, shares and protects personal data when you visit our website at ec4c.com (the “Website”) or otherwise interact with us.
We are committed to protecting your personal data and your privacy rights. This policy is intended to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).
If you have any questions about this policy, please contact us using the details in section 14.
2. Who we are (the Data Controller)
EC4 Group Limited is the “controller” responsible for your personal data.
- Company name: EC4 Group Limited
- Registered office: 424 Margate Road Westwood, Ramsgate, Kent, CT12 6SJ
- Website: ec4c.com
- Email: [email protected]
3. Personal data we collect
We may collect and process the following categories of personal data:
- Identity data – name, title, job title, username or similar identifier.
- Contact data – email address, telephone number, postal address.
- Company data – employer name, role, business address.
- Financial and transaction data – bank details, payment card details (processed by our payment provider), details of products or services you have purchased from us, invoicing information.
- Technical data – IP address, browser type and version, time zone setting, operating system, device identifiers and other technology on the devices you use to access our Website.
- Usage data – information about how you use our Website and services, including pages viewed, links clicked and referring URLs.
- Marketing and communications data – your preferences in receiving marketing from us and your communication preferences.
- Correspondence data – the content of any emails, messages or other communications you send to us.
We do not routinely collect “special category” personal data (such as data revealing racial or ethnic origin, health data or biometric data) or data relating to criminal convictions. If we ever need to collect such data, we will tell you at the time and will only do so where we have a lawful basis to do so.
4. How we collect your personal data
We collect personal data:
- Directly from you – when you fill in a form on our Website, create an account, subscribe to our newsletter, request information, purchase our products or services, correspond with us by email or telephone, or otherwise interact with us.
- Automatically – as you use our Website, we may automatically collect technical and usage data through cookies and similar technologies (see section 10).
- From third parties – we may receive personal data from third parties such as analytics providers (e.g. Google Analytics), advertising networks, search information providers, providers of technical and payment services, identity verification services, publicly available sources (e.g. Companies House) and our business partners.
5. How we use your personal data and our lawful basis
We will only use your personal data when the law allows us to. Most commonly, we rely on the following lawful bases under the UK GDPR:
- Contract – where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
- Legitimate interests – where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Legal obligation – where processing is necessary to comply with a legal or regulatory obligation.
- Consent – where you have given clear consent for us to process your personal data for a specific purpose (for example, certain marketing activities).
The table below sets out how we use your personal data and the lawful basis we rely on:
| Purpose | Types of data | Lawful basis |
|---|---|---|
| To register you as a customer or user | Identity, Contact | Performance of a contract |
| To process and deliver your order, including taking payment and communicating with you | Identity, Contact, Financial, Transaction | Performance of a contract; Legitimate interests (to recover debts) |
| To respond to enquiries and provide customer support | Identity, Contact, Correspondence | Legitimate interests (to respond to our customers); Performance of a contract |
| To manage our relationship with you, including notifying you of changes to our terms or policy | Identity, Contact | Legal obligation; Performance of a contract; Legitimate interests |
| To administer and protect our business and Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Identity, Contact, Technical | Legitimate interests (running our business, network security); Legal obligation |
| To deliver relevant Website content and measure the effectiveness of the advertising we serve | Technical, Usage, Marketing | Legitimate interests (to study how customers use our products/services, to develop them and grow our business); Consent (where required) |
| To send you marketing communications about our products and services | Identity, Contact, Marketing | Consent; Legitimate interests (for existing customers under the “soft opt-in”) |
| To use data analytics to improve our Website, products, marketing, customer relationships and experiences | Technical, Usage | Legitimate interests (to keep our Website updated and relevant, to develop our business) |
| To comply with legal, tax and accounting obligations | All as relevant | Legal obligation |
6. Marketing
You will receive marketing communications from us only where you have opted in to receive them, or where you are an existing customer and we are relying on the “soft opt-in” permitted under PECR for similar products or services.
You can ask us to stop sending you marketing messages at any time by clicking the unsubscribe link in any marketing email, updating your preferences in your account, or by contacting us at [email protected].
Opting out of marketing will not affect any communications we send you relating to a product or service you have purchased (such as order confirmations or important service notices).
7. Disclosure of your personal data
We may share your personal data with the following categories of recipients:
- Service providers acting as processors who provide IT, hosting, cloud storage, email, payment processing, analytics, marketing, customer support and other business services to us.
- Professional advisers including lawyers, accountants, auditors, bankers and insurers.
- Government bodies, regulators and law enforcement where required by law, including HM Revenue & Customs and the Information Commissioner’s Office.
- Third parties in connection with a sale, merger, acquisition or restructuring of all or part of our business.
- Business partners and suppliers where this is necessary to deliver a product or service you have requested.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Our processors are only permitted to process your personal data for specified purposes and in accordance with our instructions.
We do not sell your personal data to third parties.
8. International transfers
We are based in the United Kingdom and primarily store personal data within the UK and the European Economic Area (EEA).
Some of our third-party service providers are based outside the UK. Where your personal data is transferred outside the UK, we ensure that a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
- Transferring to a country that has been deemed to provide an adequate level of protection for personal data by the UK government.
- Using specific contracts approved for use in the UK (such as the International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses).
- Relying on another appropriate safeguard permitted under the UK GDPR.
You may contact us at [email protected] if you would like further information on the specific mechanism used when transferring your personal data out of the UK.
9. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it and whether we can achieve those purposes through other means, and applicable legal requirements.
In general:
- Customer records are retained for the duration of our relationship with you and for [6] years afterwards, to comply with contractual, tax and accounting obligations.
- Enquiry and correspondence records are retained for up to [2] years after the last contact.
- Marketing records are retained until you unsubscribe, and suppression data is kept indefinitely to ensure we respect your opt-out.
- Website analytics data is retained in line with the settings of our analytics providers (see section 10).
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
10. Cookies and similar technologies
Our Website uses cookies and similar technologies to distinguish you from other users, remember your preferences and help us improve the Website.
We use the following categories of cookies:
- Strictly necessary cookies – required for the operation of the Website. You cannot opt out of these.
- Analytical/performance cookies – allow us to recognise and count the number of visitors and see how they move around the Website.
- Functionality cookies – used to recognise you when you return to the Website.
- Targeting cookies – record your visit to our Website, the pages you have visited and the links you have followed, to make the Website and advertising more relevant to your interests.
You can manage your cookie preferences at any time using our cookie banner or via your browser settings.
11. Your legal rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete personal data.
- Right to erasure (“right to be forgotten”) – to ask us to delete your personal data in certain circumstances.
- Right to restrict processing – to ask us to suspend the processing of your personal data in certain circumstances.
- Right to data portability – to request transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
- Right to object – to object to our processing of your personal data where we are relying on legitimate interests (including profiling), and to object at any time to processing for direct marketing purposes.
- Right to withdraw consent – where we are relying on consent to process your personal data, you may withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Rights in relation to automated decision-making – you have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.
You can exercise any of these rights by contacting us at [email protected]. We will respond to your request within one month, although this may be extended by a further two months for complex requests.
We will not usually charge a fee. We may need to ask you for information to confirm your identity before responding.
Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.
12. Security
We have put in place appropriate technical and organisational measures to protect your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. Access to your personal data is limited to employees, agents, contractors and other third parties who have a business need to know.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) where we are legally required to do so.
13. Third-party links
Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.
14. Children
Our Website and services are not directed at children under the age of 16, and we do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete that information.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this policy indicates when it was last revised. Any changes will be effective when we post the revised policy on our Website. Where changes are material, we will notify you by email or through a prominent notice on the Website.
16. Contact us
If you have any questions or concerns about this Privacy Policy or the way we handle your personal data, please contact us:
- Email: [email protected]