Skip to main content Skip to search

Privacy Policy

Last updated: 17th April 2019.
Revision: 003A (replaced Google with Microsoft as CSP)

1. Introduction

Our customers are at heart of what we do. We appreciate the trust you place in us when sharing your Personal Data and the security of such is very important to us.

This policy explains how we collect, use and protect your Personal Data, and what rights you have with regards to your Personal Data and how you can exercise those rights.

This policy is provided on behalf of ACCELITA LIMITED (Accelita), a company registered as a DATA CONTROLLER with the Information Commissioner’s Office (ICO).

2. Definitions

Personal Data
Information that can be linked to a living individual.

Data Controller
An individual or organisation responsible for the collection of Personal Data and how it will be used.

Data Processor
An individual or organisation acting on behalf of, and only on the instructions of, the relevant controller.

Data Processing
The collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, aligning, combining, restricting, erasure or destruction of data.

3. Data protection principles

Accelita follows six principles when dealing with your Personal Data. We will take all reasonable care to ensure it is:

  • Processed lawfully, fairly and in a transparent manner;
  • Processed for specified, explicit and legitimate purposes;
  • Adequate, relevant and limited to what is necessary;
  • Accurate and kept up-to-date;
  • Kept for no longer than is necessary; and
  • Processed in a manner than ensures appropriate security.

We operate by these principles alongside our duty of confidentiality to you.

4. Scope

ACCELITA LIMITED with its websites and are within scope of this policy. We consider these websites to be UK-based.

This policy includes Personal Data that is collected through electronic means; including but not limited to our websites, telephone, email and social media applications; as well as physical form such as letters and business cards.

We may provide links or references to other external sources. Following these references may allow third parties to collect or share data about you. We have no control over these external sources and therefore assume no responsibility for the privacy policies they operate.

5. Collection of Personal Data

Our websites provide an indication of the services we provide.
We collect Personal Data from you for one or more of the following purposes:

  1. To provide you with information that you have requested or that we think may be relevant to a subject in which you have demonstrated an interest.
  2. To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
  3. To fulfil a contract that we have entered into with you or with the entity that you represent. In these circumstances it may be your entity, rather than yourself, that has provided us with your Personal Data.
  4. To ensure the security and safe operation of our websites and underlying business infrastructure.
  5. To manage any communication between you and us.

In addition, we may use your Personal Data for the purpose of direct marketing and other legitimate business interests.

We do not market our services to children. However, we may need to hold Personal Data about children to provide services to others, usually their parents, custodians or carers.

6. Our lawful basis for processing your Personal Data

Accelita must have a lawful basis to process your Personal Data. More than one lawful basis may apply to the processing of the same Personal Data.
These are the bases we most often rely on:

  1. Contractual: The processing is necessary for a contract we have with you as an individual, or because you have asked us to take specific steps before entering into a contract with us.
  2. Legal obligation: The processing is necessary for us to comply with the laws or regulations we are subject to (not including our contractual obligations). We would be unable to provide our services to you if you did not provide or we were unable to process your Personal Data under these lawful bases.
  3. Legitimate interests: We also undertake processing in our legitimate interests or the legitimate interests of a third party. We check beforehand that this processing is not going to override your rights and interests.

    When we process on the lawful basis of legitimate interest, we apply a three-part test to determine whether it is appropriate:
    The purpose test – is there a legitimate interest behind the processing?
    Necessity test – is the processing necessary to achieve that purpose?
    Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?
  4. Consent: We use the lawful basis of consent in some circumstances. For example, we may seek consent from you to share your Personal Data with other parties, which are not identified under the other lawful bases we use.

Processing your Personal Data in the above ways can include sharing your Personal Data with relevant third parties, where we would otherwise be unable to provide our services to you. For example, we need to share your Personal Data with product and service providers to obtain quotes or product information under your instruction or as defined in a contract of work.

The following table defines the Personal Data we collect, the purpose for collection and how we use and manage the Personal Data.

Purpose of collectionInformation category Data collectedPurpose for collectionLawful basis for processingData shared with? Retention period
1. To provide you with informationSubject matter informationName, business name, geographic location, email address, business sector.To provide appropriate online or email information about products and services that you have requested.Contractual fulfilmentInternally only.Maximum 2 years after the data is collected.
  Name, company name, geographic location, email address, business sector.To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest.Legitimate interestInternally only.Maximum 2 years after the data is collected.
  Telephone number.Follow-up to ensure requested information meets needs and identify further requirements.Legitimate interestInternally only.Maximum 2 years after the data is collected.
  Personal contact information as provided through our website forms, at trade shows or any other means.General mailing list subscription.ConsentInternally only.Until a request to cease providing information is received. After such time only name and email address will be stored for the purpose of documenting the request to cease.
2.Transactional informationTransaction detailsName, physical address, email address, telephone number, business name, other medium of content delivery.To process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with.Contractual performanceInternally only.Maximum seven years from the date of completion of the contract. Six months from the date the data subject has input personal information but has not proceeded with a transaction.
  Name, physical address, email address, telephone number, business name, other medium of content delivery.For accounting and taxation purposes.Statutory obligationInternally and professional advisers.Maximum seven years from the date of completion of the contract.
  Name, physical address, email address, telephone number, business name, other medium of content delivery.Documentation should any contractual legal claim arise.Legitimate InterestInternally and professional advisers. 
3. Fulfilment informationFulfilment dataName, contact and identification details.Access to training courses, attendance registers.Contractual performanceInternally and training venues.Maximum seven years from the date of completion of the contract.
  Name, contact details.Licensing details necessary for allocation and maintenance of a licence purchased for use of software, domain registration and related products.Contractual performanceInternally and any third parties whose products or services you may have purchased from us.Maximum seven years from the date of completion of the contract.
  Name, addresses, email address, contact details.Actual delivery of products or services, in physical or digital form, that you may have purchased from us.Contractual performanceInternally and any third party logistics or supplier companies with whom we contract in order to fulfil these requirements.Maximum seven years from the date of completion of the contract.
4. SecuritySecurity informationTechnical information, as described in section 8, plus any other information that may be required for this purpose.To protect our websites and infrastructure from cyber attack or other threats and to report and deal with any illegal acts.Legitimate interestInternally, forensic and other organisations with which we might contract for this purpose.Relevant statutes of limitation.
5. CommunicationsContact informationNames, contact details, identification details.To communicate with you about any issue that you raise with us or which follows from an interaction between us.Legitimate interestInternally and, as necessary, with professional advisers.Relevant statutes of limitation.

7. Storage of Personal Data

Accelita Limited is a UK-domiciled organisation whose offices are in the UK.

All of our websites and web applications are hosted in the EU and are accessed only by our EU-based staff.

Our information systems, including Cloud Service Providers (CSP’s), are either EU- based or hosted by companies participating in the EU-US Privacy Shield Framework and/or providing EU Model contracts for data transfer. This is true for all of our systems unless specifically stated otherwise.

We use Microsoft as our CSP, including Microsoft Business 365, as part of our processing environment. Unless we specifically state otherwise, we are, in respect of this CSP, the data controller. Microsoft provide a security and trust portal which gives details on how your data is being safeguarded.

We use Wordfence to protect the security and integrity of our websites and their data. For this purpose, technical information as defined in section 8 is shared with Wordfence. You can find out how Defiant Inc., owners of Wordfence, use your data at

We operate a data retention policy in respect of all data, whether paper-based or digital. The timescales for the retention of your Personal Data and related documentation are subject to various legal, regulatory or contractual requirements, which will reflect the purpose and lawful basis for processing the data. This is presented in table under section 6.

8. Personal Data obtained directly from you

Accelita obtains Personal Data from individuals directly when they, for example:

  • Enquire about any of the services we provide;
  • Negotiate or enter into a contract or client agreement with us to provide a service;
  • Provide us with information connected with the contract or client agreement;
  • Correspond with us via our website, by phone, e-mail or otherwise;
  • Participate in meetings, seminars or other events we arrange or attend;
  • Give us a business card;
  • Fill in forms on our website and submit information to us;
  • Participate in other social media functions on our website or enter a competition, promotion or survey; or
  • Report a problem with our website.

Our website is set up to collect some information about you automatically. This helps us to provide you with a better experience when browsing our site, to enable us to improve our website and to maintain the security of our website. For this reason, we may collect the following:

  • Technical information, including the originating and proxy IP (Internet Protocol) address used to connect your device to the Internet;
  • Any login information related to our website;
  • Browser type and version, time zone setting, browser plug-in types and versions;
  • Operating system and platform;
  • Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site;
  • HTTP headers and request bodies.

9. Other sources of data and who we share your Personal Data with

Depending on the nature of the service we provide, the lawful basis and purpose of processing, we may need to share your Personal Data with other parties (examples listed below). These parties are subject to data protection legislation and principles. We will usually have notified you of the sharing of your data with these parties. However, certain legislation may prevent us from doing so. Many of these parties both receive Personal Data from us and provide it to us:

  • Advertising networks;
  • Providers of technical, payment and delivery services;
  • Social media sites;
  • Companies house;
  • HM Revenue & Customs, other Government agencies and departments;
  • Law enforcement agencies and courts;
  • Solicitors, accountants, auditors and other professional advisers;
  • Agents and representatives;
  • Banks and other financial institutions;
  • Credit reference and fraud prevention agencies;
  • Providers of credit reference or fraud prevention services;
  • Marketing and social event organisers and venues and websites;
  • Online analytic and search engine providers;
  • Our regulators and governing bodies;
  • Quality assurance assessors and other business consultants;
  • Our insurers;
  • Data processors.

Through our research we may also obtain information from publicly-available databases, or details on a company website.

Furthermore, we will disclose your Personal Data:

  • In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets;
  • If we or substantially all of our assets are acquired by a third party, in which case Personal Data held by us about customers will be one of the transferred assets;
  • If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of Accelita Limited, our clients, or any other third parties.

10. Data Processors

Where we are appointing any individual or organisation to process your Personal Data on our behalf (otherwise known as ‘Data Processors’), they may only do so for specified purposes and according to our written instructions. Accelita seeks confirmation of the processor’s IT security arrangements and whether Personal Data is processed outside the European Union. Where possible we will only use Data Processors that are either EU-based or participate in the EU-US Privacy Shield Framework and/or providing EU Model contracts for data transfer.

11. Keeping your Personal Data secure

We operate a series of security measures concerning access to our offices and our systems. The level and extent of each individual measure may vary, but can include, for example:

  • Access controls to buildings, systems and, where appropriate, individual IT applications;
  • Anti-virus and malware prevention;
  • Arranging back-up copies of Personal Data;
  • Breach logging;
  • Encryption;
  • Equipment/access logs;
  • Industry standard compliance;
  • Penetration testing, system monitoring and system updates (e.g. patching);
  • Security training.

The transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk.

Where we have given you (or where you have chosen) any passwords or authenticating credentials, you are responsible for keeping this confidential. We ask you not to share this information with anyone.

12. Your rights

Data protection legislation provides certain legal rights for individuals.
Your rights are as follows:

  • The right to be informed: As a data controller we are obliged to provide clear and transparent information about our data processing activities. This is covered by this policy and any related communications that we may have sent you.
  • The right of access: A right to a copy of your Personal Data and other supplementary information. This means that you may request a copy of the Personal Data we hold about you free of charge.
  • The right to rectification: Where you believe that your Personal Data that we hold is inaccurate or incomplete, you can request us to rectify this.
  • The right to erasure (the ‘right to be forgotten’): Where no overriding legal basis or legitimate reason continues to exist for processing Personal Data, you can request for your Personal Data to be erased from our records. We will take all reasonable steps to ensure erasure.
  • The right to restrict processing: You can ask us to stop processing your data where you consider it to be inaccurate or we are using it unlawfully, when we no longer need the information but you wish us to keep it or otherwise believe that we do not have a legitimate reason for processing it.
  • The right to data portability: Individuals have the right to receive Personal Data they have provided to a Data Controller in a structured, commonly used and machine readable format. It also gives them the right to request that a Data Controller transmits this data directly to another controller. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
  • The right to object: You have the right to object to our processing of your data where:
    • Processing is based on legitimate interest;
    • Processing is for the purpose of direct marketing;
    • Processing is for the purpose of scientific or historic research; or
    • Processing involves automated decision making or profiling.

If you wish to exercise any of these rights, please email In order to process your request, we may ask you to provide two valid forms of identification for verification purposes.

More information is available from the Information Commissioner’s Office website

Some rights can only be exercised under certain circumstances. If we are unable to comply with your request for any reason, we will contact you to explain our reasoning.

13. Contact details

For data protection questions, comments or suggestions relating to this privacy policy, or to exercise your rights, you can contact us at

We will aim to respond to your queries as soon as possible.

14. Complaints

Accelita aims to deal efficiently with any query or to resolve any complaint you might have about how we handle your Personal Data. All complaints will be treated in a confidential manner.

Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the UK, this is the ICO (Information Commissioner’s Office) whose contact information can be found at

15. Changes to this policy

The content of this Privacy Policy was compiled using guidance provided by the Information Commissioner’s Office (ICO) at the date of its publication. The policy takes into account the General Data Protection Regulation (GDPR).

Subsequent changes to the policy may occur due to changes in the ICO’s guidance. Each version of the policy will be uniquely referenced.