Last updated: 01/07/2020
Revision: 004A (Simplified Our lawful basis for processing your Personal Data)
Our customers are at heart of what we do. We appreciate the trust you place in us when sharing your
Personal Data and the security of such is very important to us.
This policy explains how we collect, use and protect your Personal Data, and what rights you have with regards to your Personal Data and how you can exercise those rights.
This policy is provided on behalf of ACCELITA LIMITED (Accelita), a company registered as a DATA CONTROLLER with the Information Commissioner’s Office (ICO).
Information that can be linked to a living individual.
An individual or organisation responsible for the collection of Personal Data and how it will be used.
An individual or organisation acting on behalf of, and only on the instructions of, the relevant controller.
The collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, aligning, combining, restricting, erasure or destruction of data.
3. Data protection principles
Accelita follows six principles when dealing with your Personal Data. We will take all reasonable care to
ensure it is:
Processed lawfully, fairly and in a transparent manner;
Processed for specified, explicit and legitimate purposes;
Adequate, relevant and limited to what is necessary;
Accurate and kept up-to-date;
Kept for no longer than is necessary; and
Processed in a manner that ensures appropriate security.
We operate by these principles alongside our duty of confidentiality to you.
ACCELITA LIMITED with its websites www.accelita.com and www.accelita.co.uk are within scope of this
policy. We consider these websites to be UK-based.
This policy includes Personal Data that is collected through electronic means; including but not limited to our websites, telephone, email and social media applications; as well as physical form such as letters and business cards.
We may provide links or references to other external sources. Following these references may allow third parties to collect or share data about you. We have no control over these external sources and therefore assume no responsibility for the privacy policies they operate.
5. Collection of Personal Data
Our websites provide an indication of the services we provide.
We collect Personal Data from you for one or more of the following purposes:
1. To provide you with information that you have requested or that we think may be relevant to a subject in which you have demonstrated an interest.
2. To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
3. To fulfil a contract that we have entered into with you or with the entity that you represent. In these circumstances it may be your entity, rather than yourself, that has provided us with your Personal Data.
4. To ensure the security and safe operation of our websites and underlying business infrastructure.
5. To manage any communication between you and us.
In addition, we may use your Personal Data for the purpose of direct marketing and other legitimate business interests.We do not market our services to children. However, we may need to hold Personal Data about children to provide services to others, usually their parents, custodians or carers.
6. Our lawful basis for processing your Personal Data
Accelita must have a lawful basis to process your Personal Data. More than one lawful basis may apply to
the processing of the same Personal Data.
These are the bases we most often rely on:
Contractual: The processing is necessary for a contract we have with you as an individual, or because you have asked us to take specific steps before entering into a contract with us.
Legal obligation: The processing is necessary for us to comply with the laws or regulations we are subject to (not including our contractual obligations). We would be unable to provide our services to you if you did not provide or we were unable to process your Personal Data under these lawful bases.
Legitimate interests: We also undertake processing in our legitimate interests or the legitimate interests of a third party. We check beforehand that this processing is not going to override your rights and interests.
When we process on the lawful basis of legitimate interest, we apply a three-part test to determine whether it is appropriate:
The purpose test – is there a legitimate interest behind the processing?
Necessity test – is the processing necessary to achieve that purpose?
Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?
Consent: We use the lawful basis of consent in some circumstances. For example, we may seek consent from you to share your Personal Data with other parties, which are not identified under the other lawful bases we use.
Processing your Personal Data in the above ways can include sharing your Personal Data with relevant third parties, where we would otherwise be unable to provide our services to you. For example, we need to share your Personal Data with product and service providers to obtain quotes, product information under your instruction or as defined in a contract of work.
7. Storage of Personal Data
Accelita Limited is a UK-domiciled organisation whose offices are in the UK.
All of our websites and web applications are hosted in the EU and are accessed only by our EU-based staff.
Our information systems, including Cloud Service Providers (CSP’s), are either EU- based or hosted by companies providing EU Model contracts for data transfer. This is true for all of our systems unless specifically stated otherwise.
We use Microsoft as our CSP, including Microsoft Business 365, as part of our processing environment. Unless we specifically state otherwise, we are, in respect of this CSP, the data controller. Microsoft provide a security and trust portal which gives details on how your data is being safeguarded.
We operate a data retention policy in respect of all data, whether paper-based or digital. The timescales for the retention of your Personal Data and related documentation are subject to various legal, regulatory or contractual requirements, which will reflect the purpose and lawful basis for processing the data. This is presented in table under section 6.
8. Personal Data obtained directly from you
Accelita obtains Personal Data from individuals directly when they, for example:
Enquire about any of the services we provide;
Negotiate or enter into a contract or client agreement with us to provide a service;
Provide us with information connected with the contract or client agreement;
Correspond with us via our website, by phone, e-mail or otherwise;
Participate in meetings, seminars or other events we arrange or attend;
Give us a business card;
Fill in forms on our website and submit information to us;
Participate in other social media functions on our website or enter a competition, promotion or survey; or
Report a problem with our website.
Our website is set up to collect some information about you automatically. This helps us to provide you
with a better experience when browsing our site, to enable us to improve our website and to maintain the
security of our website. For this reason, we may collect the following:
Technical information, including the originating and proxy IP (Internet Protocol) address used to connect your device to the Internet;
Any login information related to our website;
Browser type and version, time zone setting, browser plug-in types and versions;
Operating system and platform;
Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site;
HTTP headers and request bodies.
9. Other sources of data and who we share your Personal Data with
Depending on the nature of the service we provide, the lawful basis and purpose of processing, we may
need to share your Personal Data with other parties (examples listed below). These parties are subject to
data protection legislation and principles. We will usually have notified you of the sharing of your data
with these parties. However, certain legislation may prevent us from doing so. Many of these parties both
receive Personal Data from us and provide it to us:
Providers of technical, payment and delivery services;
Social media sites;
HM Revenue & Customs, other Government agencies and departments;
Law enforcement agencies and courts;
Solicitors, accountants, auditors and other professional advisers;
Agents and representatives;
Banks and other financial institutions;
Credit reference and fraud prevention agencies;
Providers of credit reference or fraud prevention services;
Marketing and social event organisers and venues and websites;
Online analytic and search engine providers;
Our regulators and governing bodies;
Quality assurance assessors and other business consultants;
Through our research we may also obtain information from publicly-available databases, or details on a
Furthermore, we will disclose your Personal Data:
In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets;
If we or substantially all of our assets are acquired by a third party, in which case Personal Data held by us about customers will be one of the transferred assets;
If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of Accelita Limited, our clients, or any other third parties.
10. Data Processors
Where we are appointing any individual or organisation to process your Personal Data on our behalf
(otherwise known as ‘Data Processors’), they may only do so for specified purposes and according to our
written instructions. Accelita seeks confirmation of the processor’s IT security arrangements and whether
Personal Data is processed outside the European Union.
Where possible we will only use Data Processors that are either EU-based or provide EU Model contracts for data transfer.
11. Keeping your Personal Data secure
We operate a series of security measures concerning access to our offices and our systems. The level and
extent of each individual measure may vary, but can include, for example:
Access controls to buildings, systems and, where appropriate, individual IT applications;
Anti-virus and malware prevention;
Arranging back-up copies of Personal Data;
Industry standard compliance;
Penetration testing, system monitoring and system updates (e.g. patching);
The transmission of information via the Internet is not completely secure. Although we will do our best
to protect your Personal Data, we cannot guarantee the security of your data transmitted to us; any
transmission is at your own risk.
Where we have given you (or where you have chosen) any passwords or authenticating credentials, you are responsible for keeping this confidential. We ask you not to share this information with anyone.
12. Your rights
Data protection legislation provides certain legal rights for individuals.
Your rights are as follows
The right to be informed: As a data controller we are obliged to provide clear and transparent information about our data processing activities. This is covered by this policy and any related communications that we may have sent you.
The right of access: A right to a copy of your Personal Data and other supplementary information. This means that you may request a copy of the Personal Data we hold about you free of charge.
The right to rectification: Where you believe that your Personal Data that we hold is inaccurate or incomplete, you can request us to rectify this.
The right to erasure (the ‘right to be forgotten’): Where no overriding legal basis or legitimate reason continues to exist for processing Personal Data, you can request for your Personal Data to be erased from our records. We will take all reasonable steps to ensure erasure.
The right to restrict processing: You can ask us to stop processing your data where you consider it to be inaccurate or we are using it unlawfully, when we no longer need the information but you wish us to keep it or otherwise believe that we do not have a legitimate reason for processing it.
The right to data portability: Individuals have the right to receive Personal Data they have provided to a Data Controller in a structured, commonly used and machine readable format. It also gives them the right to request that a Data Controller transmits this data directly to another controller. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
The right to object: You have the right to object to our processing of your data where: Processing is based on legitimate interest; Processing is for the purpose of direct marketing; Processing is for the purpose of scientific or historic research; or Processing involves automated decision making or profiling.
If you wish to exercise any of these rights, please email firstname.lastname@example.org. In order to process your
request, we may ask you to provide two valid forms of identification for verification purposes.
More information is available from the Information Commissioner’s Office website https://ico.org.uk/.
Some rights can only be exercised under certain circumstances. If we are unable to comply with your request for any reason, we will contact you to explain our reasoning.
13. Contact details
your rights, you can contact us at email@example.com.
We aim to respond to your queries as soon as possible.
Accelita aims to deal efficiently with any query or to resolve any complaint you might have about how we
handle your Personal Data. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the UK, this is the ICO (Information Commissioner’s Office) whose contact information can be found at https://ico.org.uk/.
15. Changes to this policy
Office (ICO) at the date of its publication. The policy takes into account the General Data Protection
Subsequent changes to the policy may occur due to changes in the ICO’s guidance. Each version of the policy will be uniquely referenced.