Skip to Content

Privacy Policy

1. Important Information and Who We Are

This privacy policy aims to give you information on how we collect and process your personal data through your use of this website and beyond.

  • Data Controller Network: empacta® international ltd. operates an international system of independent audit and accounting firms. Depending on your location and interaction, your data is processed either by us as the licensor, for example with the help of this website, or jointly or separate with our local license partners ("Licensees") who operate individual offices under license.

  • Joint Controllership: For specific processing activities (such as global loyalty programmes, centralized marketing, but not for audit activities and audit related activities), the Licensor and the respective Licensee act as Joint Controllers. A summary of the essence of our joint controllership agreement can be requested via our contact email.

  • Separate Controllership: For processing activities such as audit engagements and audit related engagements, the Licensees are responsible and cannot share information in accordance with confidentiality rules of the profession. The Licensor is not an audit company and does not offer audit services.

  • Company Registration: Registered in England and Wales under company number 13635244

  • Registered Office: 20 Fore street, Moretonhampstead, Devon TQ138LL, United Kingdom

  • Contact Email: sg@empacta.org

2. The Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you, including:

  • Identity Data: Name, username, title, date of birth.

  • Contact Data: Billing address, delivery address, email address, telephone numbers.

  • Financial Data: Bank account and payment card details.

  • Technical Data: IP address, login data, browser type, time zone setting, operating system, and platform.

  • Usage Data: Information about how you use our website, products, and services.

  • Web Analytics Data: Anonymized client IP addresses, device information, referral URLs, and interactions on our site via Google Analytics.

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we use your data in the following circumstances:

  • Performance of a Contract: To perform the contract we are about to enter into or have entered into with you, other than audit or audit related services, which are the prerogative of our local Licensee.

  • Legitimate Interests: Necessary for our legitimate interests (such as to manage payments, recover debts, analyze performance, or improve our international brand services, whistle blower handling, complaints), provided your rights do not override those interests.

  • Legal Obligation: Where we need to comply with a legal or regulatory obligation.

  • Consent (Web Analytics): For the use of Google Analytics, we rely strictly on your explicit Consent (Article 6(1)(a) UK GDPR) granted via our Cookie Consent Banner before any tracking script is initialized.

  • Complaints: Customers and other parties may use the Complaint-Facility in this website, in order to report supposed deficiencies of licensees (so called "whistle-blower facility"). The licensor does not share the identity of whistleblowers with the licensees, except in those cases where the whistleblower gives her or his explicit consent. 

  • Quality Assurance Visits: The Licensor establishes quality assurance visits on site. In these cases, client data collected by the licensees is shared with the person  for performing the quality assurance visit. This person is obliged to keep the client data confidential. The licensees are required to include this particularities in their local terms and conditions.

4. Disclosures of Your Personal Data

We may share your personal data with internal and external third parties, including:

  • License Network Sharing: empacta® international ltd. shares personal data within our global license network.

  • Service Providers: IT and system administration services, payment processors, delivery/courier companies, and analytics providers.

  • Professional Advisers: Lawyers, bankers, auditors, and insurers providing consultancy or legal services.

  • HM Revenue & Customs (HMRC): UK regulators and authorities who require reporting of processing activities in certain circumstances.

  • Whistle blowers: We do not share the identity of whistle blowers.

5. International Transfers

Your personal data may be transferred to, stored, and processed in countries outside the United Kingdom (including the USA and EU member states).

Whenever we transfer your personal data out of the UK to countries without an adequacy decision by the UK Government, we secure the data flow by implementing UK Standard Contractual Clauses (SCCs) or the International Data Transfer Addendum (UK Addendum).

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting requirements.

8. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing or request restriction of processing.
  • Request transfer of your personal data.
  • Withdraw consent at any time.

If you wish to exercise any of these rights, please contact us at sg@empacta.org.

9. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

www.ico.org.uk