Last updated: 28th February 2024
Our privacy policy aims to give you information on how Exacta PLC collects, stores, uses and shares your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we process personal data of UK residents, we are subject to the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulation.
This privacy policy supplements other notices and privacy policies and is not intended to override them. Any questions about this policy can be sent to us at:
Exacta PLC
125 Deansgate
Manchester
M3 2BY
Tel: 0161 669 8165
Email: dataprotection@exacta.co.uk
Changes to the privacy policy
We keep our privacy policy under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
We may collect, use, store and transfer different kinds of personal data about you as follows:
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect special categories of personal data.
How personal data is collected?
We use different methods to collect data, including through:
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we use personal data
The following describes how we use personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process personal data for more than one lawful ground depending on the specific purpose for which we are using it.
Type of data |
Lawful basis for processing including basis of legitimate interest |
|
To register you as a new customer and verify your identity when you use our services or contact us |
(a) Identity (b) Contact |
Performance of a contract with you |
To process and deliver your order including:
|
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
|
To monitor, record, store and use any email or other electronic communications with you for training purposes, so that we can check any instructions given to us and to improve the quality of our customer service, and in order to meet our legal and regulatory obligations |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Profile (f) Marketing and Communications |
(a) Necessary for our legitimate interests (b) Necessary to comply with a legal obligation |
To manage our relationship with you which may include: (a) Notifying you about changes to our website or applications, services, terms or privacy policy (b) Asking you to leave a review or take a survey |
a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|
To enable you to complete a survey |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
|
To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
|
To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
(a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our websites updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about goods or services that may be of interest to you |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
Conducting checks to identify our customers and verify their identity Screening for financial and other sanctions or embargoes Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator |
(a) Identity (b) Contact Data |
To comply with our legal and regulatory obligations |
Gathering and providing information required by or relating to audits or quality checks, e.g. the audit of our accounts, enquiries or investigations by regulatory bodies |
(a) Identity (b) Contact Data (c) Financial (d) Transaction |
(a) To comply with our legal and regulatory obligations (b) Necessary for our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards
|
Ensuring business policies are adhered to, e.g. policies covering security and internet use |
(a) Technical (b) Usage |
Necessary for our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you |
Ensuring the confidentiality of commercially sensitive information |
(a) Identity (b) Contact Data (c) Financial (d) Transaction (e) Technical (f) Profile |
(a) Necessary for our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information (b) To comply with our legal and regulatory obligations
|
Preventing unauthorised access and modifications to systems |
(a) Technical (b) Usage |
(a) Necessary for our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you (b) To comply with our legal and regulatory obligations
|
Statutory returns |
(a) Identity (b) Contact Data (c) Financial (d) Transaction
|
To comply with our legal and regulatory obligations |
Ensuring safe working practices, staff administration and assessments |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
(a) To comply with our legal and regulatory obligations (b) Necessary for our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you |
Marketing our services and applications to:
|
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
Necessary for our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers |
Credit reference checks via external credit reference agencies |
(a) Identity (b) Contact Data |
Necessary for our legitimate interests or those of a third party, i.e. to ensure our customers are likely to be able to pay for our products and services |
To provide the personal data of individuals associated with businesses within our case management system(s) operated by us for case management purposes |
(a) Identity (b) Contact |
(a) Necessary for our legitimate interests (b) Necessary for us to perform a task in the public interest
|
Marketing
We strive to provide choices regarding certain personal data uses, particularly around marketing and advertising.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that information.
ii. Opting out
You can ask us to stop sending you promotional messages at any time by contacting us at any time or by following the opt-out links on any marketing message sent to you.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.
Change of purpose
We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
We routinely share personal data with:
We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your it. We may also share personal data with external auditors, e.g. in relation to accreditation and the audit of our accounts.
We may disclose and exchange information with law enforcement agencies and regulatory bodies such as Ofcom or the Information Commissioner’s Office, to comply with our legal and regulatory obligations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Data location and retention
Data may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see above: ‘Disclosures of your personal data’).
We will keep your personal data for as long as is necessary:
We will not retain your personal data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal data.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
Your rights
You have the following rights, which you can exercise free of charge:
Access |
The right to be provided with a copy of your personal data (the right of access) |
Rectification |
The right to require us to correct any mistakes in your personal data |
To be forgotten |
The right to require us to delete your personal data — in certain situations |
Restriction of processing |
The right to require us to restrict processing of your personal information, in certain circumstances, e.g. if you contest the accuracy of the data |
Data portability |
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party, in certain situations |
To object |
The right to object:
|
Not to be subject to automated individual decision making |
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
|
For further information on each of those rights should contact our Data Privacy Lead at dataprotection@exacta.co.uk or in writing to:
Data Protection Lead
Exacta PLC
125 Deansgate
Manchester
M3 2BY
This contact should include:
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your data will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, no data transmission over the internet or any other network can be guaranteed as 100% secure. As a result, whilst we strive to protect your personal data, we cannot ensure and do not warrant the security of any information you transmit to us, and this information is transmitted at your own risk.
How to complain
We hope that our Data Privacy Lead can resolve any query or concern you may raise about our use of your data.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.