Evidence Matters Ltd. Privacy Policy

This Privacy Policy (‘the Policy’) (together with any other of our terms and conditions, and any other documents referred to in them) sets out the basis on which any personal data we collect from you, or that you provide, will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it.

We will only use your personal data in the manner set out in this Policy and in a way that is fair to you. We will only collect personal data where it is necessary for us to do so and where it is relevant to our dealings with you. We will only keep your personal data for as long as it is relevant to the purpose for which it was collected or for as long as we are required to keep it by law.

The Policy sets out (1) who we are and describes (2) the information we collect (3) how we use your information (4) where we store your information and (5) the lawful basis to process.


  1. Who we are

For the purpose of the General Data Protection Regulations (the “Regulations”), the data controller is Evidence Matters Limited (Company registration number 03232047) registered office is at 30 Carters Lane, Kiln Farm, Milton Keynes, Buckinghamshire, MK11 3HL.

We will refer to Evidence Matters Limited as (‘the Company”) which operates http://evidence-matters.com/  “the Site”.  The users of our Site and other business or personal contacts that we deal with as customers or suppliers are referred to as ‘you’ or ‘your’.

This Policy explains what happens to any personal data that you provide, or that is collected from you as part of The Company’s usual business, marketing and/or accessing the Site.


  1. Personal information

The majority of the data that we collect and store will be business data relating to the client or organisation that we are dealing with and contracts that are being undertaken.  Although our software programs and data processors may process data on an individual’s computer and other devices, we rarely know the identity of the device user(s). Similarly, the review of these devices may allow us to identify a living individual(s). Such personal data will only be disclosed in line with our legal and contractual obligations and not for marketing purposes. We may hold personal data, limited to contact information, for prospective contacts and clients that we have through business.

For each visit to our login page we automatically recognise your IP address, domain and Web browser. This information is not used to personally identify you. We use your IP address to help diagnose possible problems with our server and Internet connection.

We do not sell or market this information to any third party. We do however, on occasion, aggregate this information internally and analyse it to help improve the performance of our service. We shall not under any circumstances divulge your e-mail address to any person who is not an employee, contractor or business partner of the Company and who does not need to know, either generally or specifically.

As part of our business and marketing processes we will process limited personal data to include your name, email address job title, mobile phone number (where applicable).


  1. How we use your information

We use your information to provide you with our services.

We will also use your information in the following ways:

  1. To provide you with the information on our services and news which you request.
  2. To carry out our obligations arising from any contracts entered into between you and the Company.
  3. To provide you with billing information in relation to the Company.
  4. To notify you about changes to our business.
  5. In a collective way not referable to any particular individual, for the purpose of quality control and improvement of our site.


  1. Where we store your personal data
  1. All information you provide to us is stored on our secure servers. We use industry standard security and firewalls on our servers.
  2. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information.
  3. Only authorised personnel, contractors and business partners have access to your information.
  4. We keep personal data secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
  5. We ensure that sensitive data relating to the client work that we do is stored and accessed securely.
  6. We undertake to keep and maintain such records for a minimum amount of time as required by law or contractual duty and will securely dispose of any such records and information as soon as we receive notification or such duty ends.

We undertake to ensure the protection and security of Personal Data that you choose to communicate, in order to ensure the confidentiality of your Personal Data and prevent your Personal Data from being distorted, damaged, destroyed or disclosed to unauthorised parties.

However, while we strive to protect your Personal Data, in light of the inevitable risks of data transmission over the internet, we cannot guarantee full protection against any error occurring during the course of Personal Data transmission which is beyond the Company’s reasonable control.

Since all Personal Data is confidential, access is limited to employees, contractors and agents of the Company, who have a need to know such data in carrying out their tasks. All the people who have access to your Personal Data are bound by a duty of confidentiality and subject to disciplinary actions and/or other sanctions if they fail to meet these obligations.

However, it is important for you to exercise caution to prevent unauthorised access to your Personal Data. You are responsible for the confidentiality of your password and information appearing on your own computer devices. Consequently, you must ensure that you log out of your session in the event of shared use of a computer.

  1. Lawful basis of Processing

We will process personal data regarding clients and client work as we are under contract.  The processing of such limited personal data is necessary for the contract or we have been asked to take specific steps before entering into a contract.

We may also process limited personal data of contacts for the purposes of the legitimate interests of the Company.  We have a legitimate interest in sending targeted emails to our contacts regarding news about our business and to keep in touch with our contact base.  We have balanced this legitimate interest of the Company against the rights of the individual and do not conclude this is unreasonable, as at all times the data subject has a right to be forgotten and their personal details deleted, subject to our duties to keep records with regards to contracts we are undertaking.

  1. Retention Periods

Customers: we need to keep your personal data to allow us to ensure compliance with the contract. We keep limited records for at least 6 years (after a contract comes to an end), to ensure compliance with that contract. However, we ensure deletion of investigatory evidence after 3 months of conclusion of the associated legal proceedings if no appeal is pending, so that we do not hold such content on our systems. We may keep limited personal data of customers with respect to transactional history for longer than these minimum periods, in certain circumstances, as we have a legitimate business interest to keep such records as well as customer contact details, to assist our business, to ensure that our customers are provided with the best possible service.

 Recruitment: If you apply for a job with us, we may use your information for the purposes of recruitment and selection, corresponding with you and equal opportunities monitoring.  We will not store your Personal Data for more than 12 months if you are not successful.



By submitting limited personal data to us, you consent to our use of your data and of anyone you represent in the manner set out in this Policy (as amended from time to time, as described below) and you are responsible for ensuring that you have authority to consent on behalf of anyone about whom you submit data to us.

You can revoke any consent you have given us under this Policy at any time by contacting Sarah Vella, Case Manager, referencing this Policy in the email subject line, using the body of the email to say what consent you are revoking.


Use of Cookies

We use cookies to save your email address and language preference, so you don’t have to re-enter it each time you visit our service.

Google Analytics is also used to track website trends without identifying individual visitors. The cookie used by Google Analytics stores information such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to The Company.

The Right to deletion and rectification of your personal details

We take all reasonable steps to ensure we have the correct Personal Information on you. You have the right to ask us for a copy of the information supplied by you that we hold. We may ask you to verify your identity and for more information about your request. If you would like to make a request for information, please contact [                   ].

You also have the right to ask the Company to stop using your information. However, if this involves a request for deletion of emails or documents you have sent we may not be able to do so, particularly as we have a legitimate business interest to keep all correspondence and documentation that relate to contracts with our clients.  Where we are unable to comply with your request we will provide reasons for failing to do so.

When we share your information

We will not sell, rent or trade your Personal Data. We only share your Personal Data with trusted contractors and business partners.

Other than as set out in this Policy, we shall NOT sell or disclose your personal data to third parties without obtaining your prior consent unless this is necessary for the purposes set out in this Privacy Policy or unless we are required to do so by law.

 Transfers of Data in Europe

Data protection legislation is harmonised throughout the European Economic Area (‘EEA’) which comprises the EU member states, Norway, Iceland and Liechtenstein. Countries outside the EEA do not generally have the same level of protection for personal information as those within the EEA.  However, we may need to transfer personal data outside the EEA in limited circumstances where our trade partners and suppliers may need to hold data, for example when dealing with maintenance contracts.  We will ensure such partners have measures in place to protect the personal data that they hold.

Other websites

The Website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.

Our service contains links to other sites. The Company is not responsible for the privacy practices or the content of such Web sites.

Changes to this Policy

This Policy is effective as of May 2018 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change this Policy at any time and you should check this Policy periodically. Your continued use of our business after we post any modifications to this Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Policy.

If we make any material changes to this Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our Site.

Contact Us

If you have any questions about this Policy, please contact us.

If you have any queries about the information we hold on you, please email:


Updated May 2018