Last updated: [15 May 2025]
This Privacy Policy explains how Core Essentials (“we”) collects, uses, and safeguards personal data when you interact with our website or Services.
1. Data We Collect
| Category | Examples | Legal Basis (GDPR Art. 6) |
|---|---|---|
| Account Data | Name, email, organisation | Contractual necessity |
| Technical Data | IP address, browser type, OS, error logs | Legitimate interests (service security & improvement) |
| Usage Data | Pages visited, plug-in settings, feature use | Legitimate interests |
| Billing Data | Payment card last 4 digits, billing address | Contractual necessity; legal obligation (tax) |
| Support Data | Help-desk chats, emails, call recordings | Legitimate interests; explicit consent for recordings |
2. How We Use Personal Data
- Provide & maintain Services
- Process transactions & send invoices
- Respond to enquiries & provide support
- Detect, prevent, and resolve security issues
- Improve and develop new features
- Send service-related notices (non-marketing)
- Send marketing communications only if you have opted in (unsubscribe anytime)
3. Sharing & Disclosure
We never sell personal data. We share it only with:
- Cloud hosting, analytics, payment, and support providers processing data on our behalf under strict DPAs;
- Professional advisers (lawyers, accountants) bound by confidentiality;
- Authorities where required by law or court order;
- A successor entity in the event of a merger or acquisition (subject to this Policy).
4. International Transfers
Where data is transferred outside the UK/EU we rely on adequacy decisions, Standard Contractual Clauses, or Binding Corporate Rules, as applicable.
5. Data Retention
- Account data – while your account is active + 6 years
- Technical & usage logs – 12 months
- Support data – 3 years after ticket closure
- Back-ups are deleted on a 30-day rolling basis
6. Your Rights
You may access, rectify, erase, restrict, port, and object to processing of your personal data, and lodge a complaint with the ICO. Contact support@core-essentials.com.
7. Security
We use TLS 1.2+ encryption in transit, AES-256 encryption at rest, least-privilege access controls, regular penetration testing, and documented incident-response procedures.
8. Children
Our Services are not directed to children under 16 and we do not knowingly process their data.
9. Changes
We will post changes on this page and, where appropriate, notify you by email.
10. Contact
Data-controller: Core Essentials Ltd. Email: support@core-essentials.com.