News from Eido
Download our brochure >>
More from our blog

General Principles

  • We obtain and process only that data for which we have a clear and legitimate need.
  • We do not share data with any third party unless we have obtained explicit consent from, or have been requested to so by the data subject.
  • Data is deleted from our systems as soon as possible after use.
  • We will only process data supplied to us by clients who are themselves ICO-registered data controllers and have demonstrated their compliance with all requirements of GDPR.
  • Data is stored securely, with access given only to those individuals within our organisation with a legitimate need. All our data service providers meet or exceed all relevant standards for security and privacy, and are regularly reviewed for compliance.
  • We uphold the rights of data subjects under the GDPR regulations and are committed to a policy that places respect for individual privacy, not commercial interests, at the centre of our business operations.

What information do we process?

As part of our business we may obtain and process personally identifiable information such as email addresses, names, telephone numbers, job title, company name and specific business-related information such as an attendance at an exhibition, areas of specific professional interest, a specific enquiry or interest/potential interest in the services we provide.
We may also process non-personally identifiable data such as website visits and interactions, link clicks, IP addresses and general geographic location data.
We do not process sensitive data concerning sexual orientation, religion or ethnicity, political alignment, age or disability status. We do not process data relating to minors or vulnerable adults.

Where does our data come from?

Data we obtain and process as part of our business comes from a variety of sources:
  • From enquiries from our website or other direct enquiries;
  • From our own research of publicly available data;
  • From interviews, news gathering or other media generated as part of our normal business activities;
  • Legally-obtained data supplied to us by clients with a legitimate and specific reason for doing so;
  • From our own historical business records, where that data is still relevant and useful, and…
  • Anonymised data from website analytics and reporting, including email interactions.

Why do we process data?

We carry out data processing as an essential part of our business, on the legal basis of one or more of the following cases:
  1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. Processing is necessary for the purposes of the legitimate interests pursued by our company or by our clients.
Our objectives for processing data include:
  • The dissemination of news content to individuals whom we believe will find that information both informative and useful;
  • To respond effectively to enquiries concerning our company and our client’s business activities;
  • To maintain effective communication with clients, suppliers, business associates and third-parties with whom we have, or desire to have, a commercial relationship;
  • To evaluate the performance of our website or the effectiveness of promotional activities carried out on behalf of our clients.
  • To empower us to comply with the requirements of GDPR with regards data accessibility, portability, rectification and erasure.
For each use case we conduct an annual Legitimate Interests Assessment (LIA) to ensure that we are complying with legal requirements and that we are following best practice in each instance.

Where is data processed?

Eido Europe conducts data processing at its facilities in the UK and Japan, and via third party data service providers based in the EU and the USA. We are satisfied that all EU-based services providers are or will be fully GDPR-compliant from May 2018, when the laws take effect in the UK. All non-EU service providers are certified in compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. All Personal Information received from European Union (EU) member countries and Switzerland respectively adheres to the Principles of the applicable Privacy Shield Framework. To learn more about the Privacy Shield Frameworks, and to view the certification, visit the U.S. Department of Commerce’s Privacy Shield website: A list of Privacy Shield participants is maintained by the Department of Commerce and is available at:

Your rights

Under GDPR you have a number of rights with regards any personally identifiable data we store or process. These rights are: The right to be informed – all organisations must be completely transparent in how they are using personal data (personal data may include data such as a work email and work mobile if they are specific to an individual).
The right of access - individuals have the right to know exactly what information is held about them and how it is processed.
The right of rectification - individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
The right to erasure - also known as 'the right to be forgotten', this refers to an individual's right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.
The right to restrict processing - an individual's right to block or suppress processing of their personal data.
The right to data portability - this allows individuals to retain and reuse their personal data for their own purpose.
The right to object - in certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
Rights of automated decision making and profiling - the GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing.

Where to go if you have any concerns

If you feel that our activities have compromised your right to privacy under GDPR, we urge you to contact us immediately. We undertake to take your concerns seriously, to thoroughly investigate the circumstances of your complaint and to take whatever action is required in order to rectify any deficiencies. Our contact details are as follows:
Data Protection Officer
Eido Europe Ltd
78 York Street
London W1H 1DP

Tel: +44 (0)207 442 5922
Email: admin “at”

If you are not satisfied with our response, you can contact the Information Commissioners Office directly via their website:

Our registration details are:
Registration Number: ZA131188
Data Controller: Eido Europe Limited

78 York Street
London W1H 1DP
United Kingdom
LH Bancho Square
6-4 Rokubancho
Chiyoda ku
Tokyo 102-0085

sampleLondon: +44 (0)207 442 5922
Tokyo: +81 (0)3 6890 8577

sample This email address is being protected from spambots. You need JavaScript enabled to view it.
Request a callback