Privacy Policy

Ensemble Analytics

Last Updated: 28 October 2025

Purpose

The purpose of this Privacy Policy is to describe how Ensemble Analytics Ltd (“Ensemble”, “we”, “us”, “our”) collects, uses, protects, and shares personal information obtained through its website and workforce management platforms. This policy also outlines the rights of individuals regarding their personal data and our responsibilities in protecting that data.

Scope

This policy applies to:

• Visitors to Ensemble Analytics’ public website and contact forms.

• Users of Ensemble Analytics’ software products and platforms.

• All individuals whose personal data is processed by Ensemble Analytics in connection with these services.

This policy does not apply to third-party websites, integrations, or applications that connect to our services.

Policy

Data Controller and Contact Information

Ensemble Analytics Ltd acts as:

• Controller for personal data collected through its website, direct customer interactions, user account registrations, recruitment and HR-related activities.

• Processor for data processed within its platform on behalf of client organisations.

For any queries, contact:
Email: support@ensembleanalytics.co.uk
Postal: Ensemble Analytics Ltd, 79-81 Borough Rd, London SE1 1DN

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

• Names and contact details

• Usage data (including information about how you interact with and use our website, products and services)

• Account access information

• Website user information

We collect or use the following personal information for the operation of client or customer accounts:

• Names and contact details

• Addresses

• Purchase or service history

• Account information, including registration details

• Security information

• Marketing preferences

• Technical data, including browser and operating system information

We collect or use the following personal information for information updates or marketing purposes:

• Names and contact details

• Addresses

• Profile information

• Marketing preferences

• Purchase or account history

• Website and app user journey information

• IP addresses

We collect or use the following personal information for recruitment purposes:

• Contact details (e.g. name, address, telephone number, or personal email)

• Date of birth

• National Insurance number

• Copies of passports or other photo ID

• Employment history (e.g. job application, references, or secondary employment)

• Education history (e.g. qualifications)

• Right to work information

• Details of any criminal convictions

• Security clearance details (e.g. basic checks and higher security clearance)

We collect or use the following personal information for handling queries, complaints, or claims:

• Names and contact details

• Addresses

• Account information

Lawful Bases and Data Protection Rights

Your Data Protection Rights

Under UK data protection law, we must have a lawful basis for collecting and using your personal data. Which lawful basis applies may also affect the specific rights you can exercise.

You can find detailed guidance on lawful bases and individual rights on the ICO’s website. In summary, you have the following rights:

• Right of access – to request copies of your personal data and information about how we process it.

• Right to rectification – to ask us to correct or complete inaccurate or incomplete information.

• Right to erasure – to request deletion of your personal data in certain circumstances.

• Right to restriction of processing – to ask us to limit how we use your personal data.

• Right to object – to object to our processing where we rely on legitimate interests.

• Right to data portability – to ask us to transfer your personal data to you or another organisation.

• Right to withdraw consent – where processing is based on consent, you can withdraw it at any time.

We will respond to all rights requests without undue delay and within one month.

To exercise any of your rights, please contact us using the details provided at the top of this Privacy Policy.

Our Lawful Bases for Processing Personal Data

We rely on one or more of the following lawful bases under the UK GDPR, depending on the activity and purpose of processing.

1. Providing and Improving Our SaaS Products and Services

   • Contract – processing is necessary to enter into or perform our contract with you (e.g., providing user accounts, access, support).

   • Legitimate interests – to monitor, maintain, and improve the performance, security, and reliability of our platform.

     • To ensure the service functions correctly, identify bugs, enhance performance, and communicate relevant product updates to users — all without unduly impacting individual privacy.

2. Operating Client and Customer Accounts

   • Contract – to administer client relationships and deliver agreed services.

   • Legal obligation – to comply with financial, tax, and regulatory requirements.

   • Legitimate interests – to maintain contact records, ensure accurate billing, and provide continuity of service.

     • To manage client relationships effectively and ensure service reliability and business efficiency.

3. Information Updates and Marketing

   • Consent – where you have opted in to receive marketing communications. You may withdraw consent at any time.

   • Legitimate interests – to inform existing clients about relevant product updates and improvements directly related to their contract.

     • To keep customers informed about changes or enhancements that improve their use of the platform.

4. Recruitment and Hiring

   • Contract – to take steps at your request prior to entering into an employment contract.

   • Legal obligation – to meet employment, equality, and record-keeping requirements.

   • Legitimate interests – to evaluate candidates and manage the recruitment process efficiently.

     • To assess applicant suitability, ensure fair hiring decisions, and maintain a talent pool for future opportunities. We minimise risks to applicants’ privacy through restricted access, secure handling, and defined retention periods.

5. Queries, Complaints, and Legal Claims

   • Contract – to respond to and resolve issues related to a client’s contract.

   • Legal obligation – to meet regulatory or legal record-keeping requirements.

   • Legitimate interests – to investigate and resolve queries or disputes efficiently and fairly.

     • To maintain service quality, address complaints, and defend or pursue legal claims where necessary. Access to such data is limited, and retention is restricted to what is required for resolution and compliance.

Where we get personal information from

We collect personal information in a variety of ways, including:

• when you interact directly with us, including face-to-face, over the phone, over email, or online

• when you complete a form, such as registering for any events or newsletters, or responding to surveys

• when you apply for a job with us

• from third parties, such as details of your use of any website we operate (from our analytics providers and marketing providers) or

• from publicly available sources

Sharing of Information

Ensemble Analytics Ltd may share personal information only where necessary and lawful, and always in accordance with this Privacy Policy and applicable data protection legislation.

• Customers and Platform Users. Where you are a Customer or External User (such as a user of our platform, website, or related services), we may disclose personal information to:

  • Our employees, contractors, and authorised service providers who require access to perform their duties;

  • IT and cloud service providers, including data storage, web hosting, authentication, and monitoring services;

  • Payment systems operators or processors to facilitate secure payment processing;

  • Professional advisors, auditors, bankers, insurers, and insurance brokers;

  • Marketing or analytics providers assisting us with business development and service improvement;

  • Our existing or potential agents, business partners, or affiliates;

  • Law enforcement agencies, regulatory authorities, courts, or tribunals, where required or authorised by law; and

  • Any third party involved in the sale, merger, or transfer of all or part of our business or assets.

• Prospective Employees (Recruitment). Where you are applying for a position at Ensemble Analytics, we may share personal information with:

  • Internal HR and recruitment staff involved in reviewing your application;

  • IT service providers that support recruitment and applicant tracking systems;

  • Background check and screening providers, including DBS, Access NI, or Disclosure Scotland (where applicable);

  • Referees or educational institutions (where you have provided consent or requested verification); and

  • Relevant authorities or professional bodies for compliance or right-to-work verification.

• Employees (Internal HR & Workforce Management). For employees and contractors, Ensemble Analytics may share personal information with:

  • Internal management, payroll, HR, and compliance teams;

  • Payroll and pension providers to manage remuneration and benefits;

  • IT and security service providers supporting internal systems;

  • Training and performance management platforms;

  • Health and safety or occupational health service providers;

  • Professional advisors, auditors, and insurers; and

  • Regulators or public authorities where disclosure is required by law.

Data Retention

Personal data is retained only for as long as required to fulfil its intended purpose or meet legal and contractual obligations. Retention periods are defined in Ensemble Analytics’ Data Retention Policy. When data is no longer required, it is securely deleted or anonymised.

Who we share information with

Data Processors