Our Privacy Policy


  • ESRconnect Limited, (“we”/”us”) are committed to protecting and respecting any personal information you share with us and upholding all relevant laws and regulations concerning the same.
  • This statement describes what types of information we collect from you, how it is used by us, how we share it with others, how you can manage the information we hold and how you can contact us.
  • We will always give you the option not to receive marketing communications from us. We will never send you unsolicited ‘junk’ email or communications or share your data with anyone else who might. We do not sell your information to third parties, but we do work closely with selected partners who help us to provide you with the information, products and services that you request from us. For example, Microsoft who supply the computer software program ‘Excel’, the platform upon which our software is built.
  • The contents of this statement may change from time to time, so you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where possible, we will also contact you directly to notify you of these changes.
  • This version of our Privacy Statement is live from 6th May 2018.


We collect information about you and the NHS Trust you work for (“your employer”) when you engage with our website and marketing materials. We only collect information which is necessary, relevant and adequate for the purpose you are providing it for.

  • We collect information about you or your employer when you use ESRconnect’s websites or respond to any marketing materials. Some of this information does not identify you personally but provides us with information about how you use our services and engage with us (we use this information to improve our services and make them more useful to you). The information we collect includes some or all of the following:
    • Name (including title);
    • The date and time you used our services;
    • The pages you visited on our website and how long you visited us for;
    • Your IP address;
    • The country you visited us from (but not the precise location);
    • Details of any transactions between you and us;
    • Where you engage with us in a business context, we may collect your job title, company/organisation contact details (including email addresses), number of employees employed by your company/organisation and any publicly-available company/organisation details (some of which we may obtain from an online or public business directories);
    • We may collect voice recordings of calls you make to our customer support line and calls that we make to your company/organisation;
    • Any “Live chat” records; and
    • Any information within correspondence you send to us.


ESRconnect Ltd will only process information that is necessary for the purpose for which it has been collected. You will always have the option not to receive marketing communications from us (and you can withdraw your consent or object at any time). We will never send you unsolicited ‘junk’ email or communications, or share your personal information with anyone else who might.

There are various ways in which we may use or process your personal information.  We list these below:


  • Where you have provided your consent, we may use and process your information to contact you from time to time about promotions, events, products, services or information which we think may be of interest to you (don’t worry, we won’t bombard you);
  • You can withdraw your consent at any time by contacting us on the details given below.

Contractual performance

We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us.

  • We may process your personal information where it is necessary for us to respond to technical and support requests by customers;
    • The ESRconnect software is used to process live payroll data containing personal data of all employees in a given organisation or collection of organisations.
    • The ESRconnect Software is hosted and used by the customer on their own computers and servers, and neither the raw data being processed or the results of processing the same using our software are visible to, available to, transmitted to or collected by ESRconnect.
    • In the event of a request for technical support by a customer, we may ask that either a raw data file or a processed data file are sent to us for analysis. The ESRconnect Software contains extensive anonymisation processes to remove all personal data from all file types before they are transmitted to us.
    • The use of these anonymisation processes, and subsequent checking that all personal data has been removed from the file(s) by employing them, before sending, are a condition of us receiving the file(s).
    • The customer is responsible for checking that all personal data has been removed from the file(s) before transmission to us and ESRconnect accepts no responsibility for any transmission of personal data to us by the customer where our policies and procedures are not followed correctly or in their entirety.
    • In the event that a file is received by us containing any personal data, it will be immediately and permanently deleted, and the sender will be notified.
    • On occasion, directors of, or persons directly employed by ESRconnect may visit customer sites to conduct training, installation or other technical work. Personal information and raw data from the organisation’s payroll may be physically visible during these processes. ESRconnect will not remove, save, transfer or change any customer data and any director or employee in attendance at customer sites will be fully trained on our policies and procedures around data protection. The ownership and physical location of raw data remains vested in the customer and will be treated as strictly confidential.

Legitimate Interests

We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so.

  • Processing necessary for us to support customers with sales and other enquiries
    • To respond to correspondences you send to us and fulfil the requests you make to us (for example: software demonstrations, service requests, brochure requests or information about specific products);
  • Processing necessary for us to respond to understanding customers’ needs
    • To analyse, evaluate and improve our products and services so that your visit and use of our website and products are more useful and enjoyable;
    • To undertake market analysis and research (including contacting you with customer surveys) so that we can better understand you as a customer and provide tailored offers, products and services that we think you will be interested in. We will only send marketing communications to you if you have provided your consent for us to do so or which we have obtained in the ways mentioned in the paragraphs below;
    • For product development purposes (for example to improve quality, performance and security)
  • Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns
    • To send you marketing information from time to time after you have purchased a product or service from us or made a purchasing enquiry, or requested a software demonstration, brochure or other information of interest. We will only contact you with information about our own products and services (and in ways the law allows), which we hope you will like. You have the right to object to us sending you this information at any time;
    • To contact you from time to time with marketing information (unless you object) if you have expressly indicated to us that you are acting on behalf of a business/organisation or where we have obtained your business contact details from an online or public business directory. In relation to any such information we send by email, post or telephone, we will include an option allowing you to object to receiving future messages by unsubscribing;
    • To contact you with targeted advertising delivered online through social media and other platforms operated by other companies, unless you object. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us. To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us;
    • To administer competitions and promotions that you enter with us from time to time and to distribute prizes;
    • To contact you when there is a change in our business hours, if we move premises, or any other change we make which may affect you.
  • Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
    • To verify the accuracy of information that we hold about you and create a better understanding of you as a customer;
    • For network and information security purposes i.e. in order for us to take steps to protect your information against loss, damage, theft or unauthorised access;
    • To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
    • To inform you of updates to our terms and conditions and policies.

Legal Obligation

  • We may process your personal information to comply with our legal requirements.

Vital Interest

  • Sometimes we will need to process your personal information to contact you if there is an urgent security update, product notice or general software update and we need to tell you about it.

Careers and Recruitment

  •  If you apply for a job or work placement with ESRconnect, you may need to provide information about your education, employment, background and state of health. Your application will constitute your express consent to our use of this information to assess your application and to allow us to carry out both recruitment analytics and any monitoring activities which may be required of us under applicable law as an employer.
  • We may also carry out screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal and regulatory record checks) and consider you for other positions. We may exchange your personal information with academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment providers, referees and your current and previous employers. Without your personal information, we may not be able to progress considering you for positions with us.


We do not sell your information to third parties, but we do work closely with our third party suppliers who fulfil business activities for us (for example: Microsoft who supply the ‘Excel’ program on which the ESRconnect Software is based as well as our cloud-based data storage system, or third-party technical support ticketing systems such as ‘Freshdesk’.)

  • We do not sell your information to third parties. However, we may from time to time store or share your information with the following categories of companies or organisations to which we pass the responsibility to handle services on our behalf: Microsoft, cloud storage providers, customer relationship management software providers, and our legal and other professional advisors.
  • We take steps to ensure that any third-party partners who handle your information are of a reputable nature and that they comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We will aim to anonymise your information or use aggregated none specific data sets where ever possible.
  • The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services; any transmission is at your own risk but we do use all security measures at our disposal including secure socket layers to encrypt any information supplied to us via our website. Once we have received your information, we use procedures and security features to prevent unauthorised access, modification or disclosure. For example, if you communicate with us using email, you assume the risks that such communications between us are intercepted, not received, delayed, corrupted or are received by persons other than the intended recipient.
  • We take all reasonable steps to hold information securely in electronic or physical form. Our information security policy is made up of industry-standard security processes and procedures and we store information in access-controlled premises or in electronic databases from reputable suppliers who comply with all relevant laws with demonstrably high security standards requiring logins and passwords.
  • Due to the international nature of the third-party suppliers we sometimes engage with, there may be some instances where your information is stored outside of the EU.  In those instances, we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.
  • Specifically, our software is developed using Microsoft Excel, and we also use a Microsoft Cloud Storage System. You can view Microsoft’s Privacy Policy here. We also ustilise Freshworks customer relationship management tools to handle support requests and sales enquiries effectively. You can view their privacy policy here and details about their security arrangements here.
  • If all, or substantially all our assets, or the assets of an associated firm, are merged with or acquired by a third party, or we expand or re-organise our business, your personal information may form part of the transferred or merged assets or we may need to transfer your information to new entities or third parties through which our business will be carried out.


We will not hold your personal information in an identifiable format for any longer than is necessary. If you are a customer or otherwise have a relationship with us we will hold personal information about you for a longer period than if we have obtained your details in connection with a prospective relationship.

  • We do not retain personal information in an identifiable format for longer than is necessary.
  • If we have a relationship with you (e.g. you are a customer), we hold your personal information for 6 years from the date our relationship ends. We hold your personal information for this period to establish, bring or defend any legal claims that may arise.
  • Where we have obtained your personal information following a request for information, a software demonstration, brochure, quotation or any other information on any of our products or services, we hold your personal information for 1 year and 6 months from the date we collect that information, unless during that period we form a relationship with you e.g. you purchase one or more of our products.  We hold your personal information for this period to give us an opportunity to form a relationship with you.
  • The only exceptions to the periods mentioned above are where:
    • the law requires us to hold your personal information for a longer period, or delete it sooner;
    • Where you have raised a complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query; or
    • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see ‘How can you manage the information we hold about you’)


You have the right as an individual to access your personal information we hold about you and make corrections if necessary. You also have the right to withdraw any consent you have previously given us and ask us to erase information we hold about you. You can also object to us using your personal information (where we rely on our business interests to process and use your personal information).

  • You have a number of rights in relation to your personal information under data protection law. In relation to most rights, we will ask you for information to confirm your identity and, where applicable, to help us search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received any request (including any identification documents requested).
  • You have the right to:
    • Ask for a copy of the information that we hold about you;
    • Correct and update your information;
    • Withdraw your consent (where we rely on it). Please see further ‘How do we use this information’;
    • Object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information.  When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
    • Erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information;
    • Transfer your information in a structured data file (in a commonly used and machine-readable format), where we rely on your consent to use and process your personal information or need to process it in connection with your contract.

You can exercise the above rights, manage your information, express any concerns or make a complaint by contacting us using the details below:

  • Post: ESRconnect Ltd, 3rd Floor, 82 King Street, Manchester, M2 4WQ
  • Email: enquiries@esrconnect.co.uk
  • Phone: 0161 711 0500

If you are still unhappy following your contact with us over data protection, you have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed.  The contact details for the Information Commissioner’s Office, the data protection regulator in the UK, are below: