Privacy Policy
Date Last Revised: 06/01/2026
Esoteric is committed to complying with its legal obligations under the General Data Protection Regulation 2016/679 (“GDPR”), the UK GDPR, and the Data Protection Act 2018 for the protection of the rights and freedoms of individuals whose personal data Esoteric obtains or generates as part of its business operations. Esoteric also complies with the requirements of the Privacy and Electronic Communications Regulations (PECR), ensuring comprehensive protection of personal data in electronic communications.
In this notice, “we”, “us”, and “our” mean Esoteric, a Mitie Group business, responsible for any personal information collected about you. This privacy notice explains how and why we collect, store, and use your personal information when you visit our website, contact us, or use our services, and outlines individuals’ rights. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
What personal data do we collect and process?
We will only process personal data where we have a lawful basis on which to do so. The lawful basis on which data is processed will depend on the nature of the information collected and the purposes for which we use it, but will be one or more of the following:
- Consent: you have provided your consent for us to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with us or because you have asked us to take specific steps before entering a contract.
- Legal obligation: the processing is necessary for us to comply with our legal obligations.
- Vital interests: the processing is necessary to protect someone’s life.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party. Where we use legitimate interests as our lawful basis, we have assessed the processing’s necessity, proportionality, and reasonability.
How we use your data
| Purposes | Data types | Lawful bases of processing |
|---|---|---|
| Business contact information for our business operations. | Name, work email address, work telephone number and work address. | Legitimate interest/ Performance of a contract. |
| Business contact information obtained through events and conferences for marketing. | Name, work email address, work telephone number, work address. | Consent. |
| Business contact information through the channels you have consented to (marketing campaigns, promotional activities and market analysis). | Name, work email address, work telephone number, work address. | Consent. |
| Employee personal data. | Name, contact details, and employment data, including pay-related data. If you are an existing employee, please see the Employee Privacy Policy on the Mitie Intranet. | Legitimate interest. |
| CCTV. | Video footage may be collected when you visit our offices. | Legitimate interest. |
| Job applicants’ personal data. | Name, contact details, employment history and CV. If you are a job candidate, please see the section for job applicants on https://www.mitie.com/legal/privacy/. | Legitimate interest. |
| Website cookies for the purposes of analysing and improving our services and communications to you. | Please see the link to our Cookies Policy: https://www.esoteric.com/cookie-policy | Consent. |
How long will we keep your personal data?
We keep your personal details for as long as necessary for the purposes for which we use them, and this will vary depending on our relationship with you.
Further information on how long we hold your data concerning the Esoteric service can be requested by contacting us via privacy@mitie.com.
Transferring and storing your data
We must transfer your data to our staff and suppliers outside the EEA for billing, finance and administration purposes. We will ensure that we use appropriate safeguards to protect your data, including authorised standard contractual clauses and supplementary measures, to ensure that your data has an equivalent level of protection to that in the UK or the EEA.
We will take all necessary steps to ensure that your data is secure and is handled in accordance with this Privacy Notice. If you wish to find out more about the safeguards we use when transferring your data, please contact us at privacy@mitie.com or use the contact details provided in this Privacy Notice.
Data security and integrity
Esoteric is committed to ensuring your data is kept secure from loss, misuse or alteration. We use technical, physical, and organisational security measures and comply with ISO27001 standards to keep your data secure.
We store all information provided via our websites on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. As such, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
Disclosure of your information
We may disclose your personal information to any member of our group, which means Mitie Group plc, its subsidiaries, and subsidiary undertakings from time to time (as defined in the Companies Act 2006).
We may also share or disclose your personal information to third parties in certain circumstances:
- We may provide personal data to clients, third-party suppliers, service providers, professional advisors, and other business partners to enable us to provide or receive products or services.
- In connection with the administration and operation of our business, we may provide personal data to third parties who provide support services, including IT, finance and accounting, HR services, research, marketing, business development, and consultancy services.
- If we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
- We may disclose or share your personal data if we are under a duty to do so to comply with any legal obligation or, where necessary, to enforce any legal right or contractual agreement, or to protect the rights, property, or safety of Esoteric, our employees, Clients, or others. This includes exchanging information with other companies, organisations, and bodies to protect against fraud and reduce credit risk.
If you want to know more about how we share your data, please email us at privacy@mitie.com.
Links to other websites
Our websites may contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Changes to our privacy notice
This Privacy Notice was last updated on 6th January 2026. Any changes we make to our Privacy Notice in the future will be posted on this page, and we suggest you check back frequently for updates.
Your rights
You have certain rights which you can exercise if we are processing your personal data:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right of erasure – you have a right, in certain circumstances, to ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply, you have a right to restrict the processing of your personal data.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing, such as direct marketing.
To exercise these rights, please contact us using the details given in this Privacy Notice or at privacy@mitie.com.
Contact information
If you wish to make a complaint about how your personal data is being processed by us (or the third parties referred to in this Privacy Notice), or how your complaint has been handled, you have a right to lodge a complaint with our Data Protection Officer using the following contact details or by contacting privacy@mitie.com.
If you have any questions about this Privacy Notice or your rights, you can contact us using the following details:
Data Protection Officer
Mitie Group plc
Level 12, The Shard
32 London Bridge Street
London SE1 9SG
You can also email us at:
You have the right to complain to the Information Commissioner’s Office (ICO). You can visit the ICO website for more information. Alternatively, you can contact them by post:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow
Cheshire
SK9 5AF