Privacy Policy
Last updated: February 2026 | Version 1.0
1. Who We Are
EMC ("we", "us", "our") operates the EMC Client Portal to provide equipment management, calibration tracking, software licensing, and technical support services to our clients.
For the purposes of data protection legislation (including the UK GDPR and the Data Protection Act 2018), EMC is the data controller.
Contact: For data protection enquiries, please contact us at privacy@emc.co.uk
2. What Data We Collect
We collect and process the following categories of personal data:
Account Information
- Name and email address
- Organisation/company affiliation
- Role within the portal
Business Data
- Equipment details (serial numbers, models, locations)
- Calibration records and certificates
- Software subscription information
- Support tickets and correspondence
- Orders and quotation history
Technical Data
- IP address and browser user agent (for security and audit purposes)
- Login timestamps and session data
- Cookie preferences
3. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing portal access and account management | Contract performance |
| Managing equipment, calibrations, and subscriptions | Contract performance |
| Processing support tickets | Contract performance |
| Security monitoring and audit logging | Legitimate interest |
| Maintaining calibration traceability records | Legal obligation (ISO/IEC 17025) |
| Analytics and service improvement | Consent |
4. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| User account data | Duration of account + 1 year |
| Calibration certificates | 10 years (industry/regulatory requirement) |
| CAPA records | 7 years |
| Support tickets | 3 years after closure |
| Audit logs | 3 years |
| Security logs (IP addresses, user agents) | 90 days |
| Orders and quotations | 7 years (financial records) |
5. Your Rights
Under data protection legislation, you have the following rights:
- Right of access — Request a copy of your personal data
- Right to rectification — Request correction of inaccurate data
- Right to erasure — Request deletion of your personal data (subject to legal retention requirements)
- Right to restrict processing — Request that we limit how we use your data
- Right to data portability — Request your data in a machine-readable format
- Right to object — Object to processing based on legitimate interest
- Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please contact us at privacy@emc.co.uk. We will respond within 30 days.
6. Data Sharing & Third Parties
We may share your data with the following categories of service providers who act as data processors on our behalf:
- Hosting — Cloud infrastructure provider for the portal
- Database — Managed database hosting
- Email — Transactional email service (for sign-in links and notifications)
- File storage — Secure cloud storage for certificates and documents
All third-party processors are bound by data processing agreements and are required to implement appropriate technical and organisational security measures. We do not sell your personal data to any third party.
7. Cookies
We use the following types of cookies:
- Essential cookies — Required for authentication and portal functionality. These cannot be disabled.
- Analytics cookies — Used to understand portal usage and improve our services. These are only set with your explicit consent.
You can manage your cookie preferences at any time using the cookie settings available at the bottom of any page.
8. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encrypted data transmission (HTTPS/TLS)
- Role-based access controls
- Audit logging of all data access and modifications
- Regular security reviews
- Secure authentication (passwordless magic links)
9. International Transfers
Your personal data is stored in a database hosted within the European Union (AWS eu-west-2, London region). This means all personal data at rest remains within the UK/EU jurisdiction.
Some of our service providers are based in the United States and may process data outside the UK/EEA:
- Vercel (application hosting) — processes request metadata (IP addresses, user agents) at US and EU edge locations
- Resend (email delivery) — processes email addresses and authentication tokens for magic link emails
- Cloudflare (file storage and CDN) — stores files in EU with global CDN caching
For all transfers to the United States, we rely on one or more of the following safeguards under GDPR Chapter V and UK GDPR:
- EU-US Data Privacy Framework (and UK Extension) — where our processors are DPF-certified
- Standard Contractual Clauses (EU Commission Implementing Decision 2021/914) — incorporated into our processor agreements
- UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs — for UK-specific transfer compliance
We have conducted a Transfer Impact Assessment evaluating the laws of each destination country and implemented supplementary technical measures including encryption in transit, PII redaction in logs, and time-limited access tokens. Our full International Data Transfer Policy and Transfer Impact Assessment are maintained internally and available upon request.
If you are based outside the UK/EEA and access the portal, your personal data remains stored in our EU-hosted database. You access your own data via encrypted connection — EMC does not export your data to a third country.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any significant changes by email or through a notice on the portal. The version number and date at the top of this page indicate when the policy was last revised.
11. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: ico.org.uk
Telephone: 0303 123 1113