Last updated 02.06.2026
This privacy notice applies to Everon UK Ltd.’s customers, customers’ contact persons, partners and other third parties such as prospective customers (also “Data Subject”). This notice explains how we process your personal data in connection with our services and the sale and marketing thereof, or when you interact with us in relation to the provision of our services or the conduct of our business.
We take seriously our obligation to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as well as other applicable legislation governing the processing of personal data. We also ensure that processing is carried out securely and that our data protection practices enable the full exercise of data subjects’ rights.
Everon UK Ltd
20 Hollingworth Court, Turkey Mill Business Estate, Ashford Road, Maidstone ME14 5PP
+44 (0)1 233 557 000
gdpr@everon.net
(hereinafter “we”)
If you wish to exercise your rights as described in this notice, or if you have questions about the processing of your personal data, you can contact us by email at gdpr@everon.net.
We process personal data of our customers, customers’ contact persons, prospective customers and other stakeholders such as subcontractor contact persons. The table below sets out the personal data we process, the purposes of processing, and the legal basis for each.
| Personal Data | Purpose of Processing | Legal Basis |
|---|---|---|
Basic data such as name, customer number, username and/or other unique identifier, password, language of communication Contact details such as email address, phone number, address details Company and contact person data such as company registration number and contact persons’ names, titles and contact details | Delivery and development of our products and services Customer surveys Fulfilment of our contractual and other obligations and commitments Invoicing Managing customer relationships including organising events, sending customer satisfaction surveys, and marketing our services to businesses Accounting | Performance of contract Legitimate interest based on customer relationships or other justified reasons Legal obligation (accounting) |
| Direct marketing prohibitions and consents Event-related data such as registration information, dietary requirements, billing data | Electronic direct marketing (including electronic surveys) Organising events | Legitimate interest in direct marketing to a business contact person Legal obligation to comply with direct marketing prohibitions Legitimate interest in hosting events and invoice where necessary Consent for health data (e.g. allergies) |
| Customer and contract-related data such as information about past and current contracts and orders, correspondence with the data subject and other communication-related data, such as customer feedback, billing-related data | Fulfilment of our contractual and other obligations and commitments Invoicing Managing the customer relationship Accounting | Performance of contract Legitimate interest to manage and develop the customer relationship Legal obligation (accounting) |
| Communication and device data such as IP address, device ID or other device-specific identifier and cookie data, data derived from analytics on service usage, such as interests. See also the Website Privacy Notice. | Targeting advertising in our online services Behavioural analysis and profiling | Consent |
Personal data is obtained primarily from the customer company’s contact person themselves at the time of entering the customer relationship and during the customer relationship, but also from authorities, contact information service providers and other comparable reliable sources.
Personal data may also be collected and updated from publicly available sources, contact information service providers, authorities or other third parties within the limits of applicable legislation.
We use subcontractors acting on our behalf in the processing of personal data. We have outsourced IT management to an external service provider on whose server, managed and secured by them, personal data is stored. We may also disclose data to authorities that have a legal right to receive such data.
Personal data is not generally transferred outside the UK/EEA. When personal data is processed outside the UK/EEA, we ensure that the subcontractor has committed to the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with a UK addendum, or another transfer mechanism compliant with applicable data protection legislation.
For further information about the safeguards applicable to transfers, please contact us at gdpr@everon.net.
Only those employees who have the right to process customer data in the course of their work are authorised to access systems containing personal data. Each user has their own username and password for the system. Access to data requires appropriate access rights and multi-factor authentication. Users are bound by a duty of confidentiality. Unauthorised access to data is also prevented by firewalls and technical protection measures.
We have entered into data processing agreements with system suppliers and other partners processing personal data, in which our partners have committed to complying with the data protection and security requirements set out in the UK GDPR.
Databases containing personal data are protected by passwords and access control levels. Data is stored in an environment protected by appropriate security software and technical arrangements. Physical access to data is prevented by access control and other security measures. Documents containing manually processed customer personal data are stored in locked storage facilities.
| Data Category | Retention Period |
|---|---|
| Newsletter and direct marketing data (prohibitions and consents) | 2 years |
| Customer service contacts, such as chat records and contacts regarding product return or maintenance | 12 months |
| Complaints data | 12 months |
We regularly assess the necessity of retaining data in accordance with applicable legislation. We take reasonable measures to ensure that personal data that is incompatible with the purposes of processing, outdated or inaccurate is not retained. We rectify or destroy such data without delay.
Personal data may be retained beyond the above retention periods if necessary for specific reasons, such as a suspected criminal offence and related regulatory investigation. After the end of the customer relationship, personal data relating to customer payment transactions may also be retained beyond the above periods in accordance with the retention obligations under applicable accounting legislation.
| Right | When Applicable |
|---|---|
| To access your personal data | Always |
| To require correction of inaccurate or outdated data | Always |
| To require erasure of data | When the data subject has withdrawn consent or another condition under Article 17 UK GDPR is met |
| To withdraw consent | When processing is based on consent, e.g. for direct marketing |
| To object to processing | When processing is based on legitimate interest and there is a specific personal situation, or if data is processed for direct marketing purposes |
| To request restriction of processing | If the accuracy of the data is contested or another condition under Article 18 UK GDPR is met |
| To data portability | If processing is based on consent or contract, processing is carried out automatically and the transfer is technically feasible, and the data relates to information provided by the data subject themselves |
| To lodge a complaint with the Information Commissioner’s Office (ICO) | Always |
The above requests, objections and withdrawals may be submitted in writing to gdpr@everon.net. The request must include the data subject’s name and contact details. To ensure data protection, we may ask the data subject to verify their identity or provide additional information.
We will respond to requests and enquiries concerning the exercise of data subjects’ rights within one month.
