Last updated: 17th April 2019.
Revision: 002A (replaced Microsoft with Google as CSP)
Our customers are at heart of what we do. We appreciate the trust you place in us when sharing your Personal Data and the security of such is very important to us.
This policy explains how we collect, use and protect your Personal Data, and what rights you have with regards to your Personal Data and how you can exercise those rights.
This policy is provided on behalf of ACCELITA LIMITED (Accelita), a company registered as a DATA CONTROLLER with the Information Commissioner’s Office (ICO).
Information that can be linked to a living individual.
An individual or organisation responsible for the collection of Personal Data and how it will be used.
An individual or organisation acting on behalf of, and only on the instructions of, the relevant controller.
The collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, aligning, combining, restricting, erasure or destruction of data.
Accelita follows six principles when dealing with your Personal Data. We will take all reasonable care to ensure it is:
We operate by these principles alongside our duty of confidentiality to you.
ACCELITA LIMITED with its websites www.accelita.com and www.accelita.co.uk are within scope of this policy. We consider these websites to be UK-based.
This policy includes Personal Data that is collected through electronic means; including but not limited to our websites, telephone, email and social media applications; as well as physical form such as letters and business cards.
We may provide links or references to other external sources. Following these references may allow third parties to collect or share data about you. We have no control over these external sources and therefore assume no responsibility for the privacy policies they operate.
Our websites provide an indication of the services we provide.
We collect Personal Data from you for one or more of the following purposes:
In addition, we may use your Personal Data for the purpose of direct marketing and other legitimate business interests.
We do not market our services to children. However, we may need to hold Personal Data about children to provide services to others, usually their parents, custodians or carers.
Accelita must have a lawful basis to process your Personal Data. More than one lawful basis may apply to the processing of the same Personal Data.
These are the bases we most often rely on:
Processing your Personal Data in the above ways can include sharing your Personal Data with relevant third parties, where we would otherwise be unable to provide our services to you. For example, we need to share your Personal Data with product and service providers to obtain quotes or product information under your instruction or as defined in a contract of work.
The following table defines the Personal Data we collect, the purpose for collection and how we use and manage the Personal Data.
|Purpose of collection||Information category||Data collected||Purpose for collection||Lawful basis for processing||Data shared with?||Retention period|
|1. To provide you with information||Subject matter information||Name, business name, geographic location, email address, business sector.||To provide appropriate online or email information about products and services that you have requested.||Contractual fulfilment||Internally only.||Maximum 2 years after the data is collected.|
|Name, company name, geographic location, email address, business sector.||To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest.||Legitimate interest||Internally only.||Maximum 2 years after the data is collected.|
|Telephone number.||Follow-up to ensure requested information meets needs and identify further requirements.||Legitimate interest||Internally only.||Maximum 2 years after the data is collected.|
|Personal contact information as provided through our website forms, at trade shows or any other means.||General mailing list subscription.||Consent||Internally only.||Until a request to cease providing information is received. After such time only name and email address will be stored for the purpose of documenting the request to cease.|
|2.Transactional information||Transaction details||Name, physical address, email address, telephone number, business name, other medium of content delivery.||To process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with.||Contractual performance||Internally only.||Maximum seven years from the date of completion of the contract. Six months from the date the data subject has input personal information but has not proceeded with a transaction.|
|Name, physical address, email address, telephone number, business name, other medium of content delivery.||For accounting and taxation purposes.||Statutory obligation||Internally and professional advisers.||Maximum seven years from the date of completion of the contract.|
|Name, physical address, email address, telephone number, business name, other medium of content delivery.||Documentation should any contractual legal claim arise.||Legitimate Interest||Internally and professional advisers.|
|3. Fulfilment information||Fulfilment data||Name, contact and identification details.||Access to training courses, attendance registers.||Contractual performance||Internally and training venues.||Maximum seven years from the date of completion of the contract.|
|Name, contact details.||Licensing details necessary for allocation and maintenance of a licence purchased for use of software, domain registration and related products.||Contractual performance||Internally and any third parties whose products or services you may have purchased from us.||Maximum seven years from the date of completion of the contract.|
|Name, addresses, email address, contact details.||Actual delivery of products or services, in physical or digital form, that you may have purchased from us.||Contractual performance||Internally and any third party logistics or supplier companies with whom we contract in order to fulfil these requirements.||Maximum seven years from the date of completion of the contract.|
|4. Security||Security information||Technical information, as described in section 8, plus any other information that may be required for this purpose.||To protect our websites and infrastructure from cyber attack or other threats and to report and deal with any illegal acts.||Legitimate interest||Internally, forensic and other organisations with which we might contract for this purpose.||Relevant statutes of limitation.|
|5. Communications||Contact information||Names, contact details, identification details.||To communicate with you about any issue that you raise with us or which follows from an interaction between us.||Legitimate interest||Internally and, as necessary, with professional advisers.||Relevant statutes of limitation.|
Accelita Limited is a UK-domiciled organisation whose offices are in the UK.
All of our websites and web applications are hosted in the EU and are accessed only by our EU-based staff.
Our information systems, including Cloud Service Providers (CSP’s), are either EU- based or hosted by companies participating in the EU-US Privacy Shield Framework and/or providing EU Model contracts for data transfer. This is true for all of our systems unless specifically stated otherwise.
We use Google as our CSP, including Google G Suite Business, as part of our processing environment. Unless we specifically state otherwise, we are, in respect of this CSP, the data controller. Google provide the G Suite security and trust portal which gives details on how your data is being safeguarded.
We use Wordfence to protect the security and integrity of our websites and their data. For this purpose, technical information as defined in section 8 is shared with Wordfence. You can find out how Defiant Inc., owners of Wordfence, use your data at www.wordfence.com.
We operate a data retention policy in respect of all data, whether paper-based or digital. The timescales for the retention of your Personal Data and related documentation are subject to various legal, regulatory or contractual requirements, which will reflect the purpose and lawful basis for processing the data. This is presented in table under section 6.
Accelita obtains Personal Data from individuals directly when they, for example:
Our website is set up to collect some information about you automatically. This helps us to provide you with a better experience when browsing our site, to enable us to improve our website and to maintain the security of our website. For this reason, we may collect the following:
Depending on the nature of the service we provide, the lawful basis and purpose of processing, we may need to share your Personal Data with other parties (examples listed below). These parties are subject to data protection legislation and principles. We will usually have notified you of the sharing of your data with these parties. However, certain legislation may prevent us from doing so. Many of these parties both receive Personal Data from us and provide it to us:
Through our research we may also obtain information from publicly-available databases, or details on a company website.
Furthermore, we will disclose your Personal Data:
Where we are appointing any individual or organisation to process your Personal Data on our behalf (otherwise known as ‘Data Processors’), they may only do so for specified purposes and according to our written instructions. Accelita seeks confirmation of the processor’s IT security arrangements and whether Personal Data is processed outside the European Union. Where possible we will only use Data Processors that are either EU-based or participate in the EU-US Privacy Shield Framework and/or providing EU Model contracts for data transfer.
We operate a series of security measures concerning access to our offices and our systems. The level and extent of each individual measure may vary, but can include, for example:
The transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk.
Where we have given you (or where you have chosen) any passwords or authenticating credentials, you are responsible for keeping this confidential. We ask you not to share this information with anyone.
Data protection legislation provides certain legal rights for individuals.
Your rights are as follows:
If you wish to exercise any of these rights, please email firstname.lastname@example.org. In order to process your request, we may ask you to provide two valid forms of identification for verification purposes.
More information is available from the Information Commissioner’s Office website https://ico.org.uk/.
Some rights can only be exercised under certain circumstances. If we are unable to comply with your request for any reason, we will contact you to explain our reasoning.
We will aim to respond to your queries as soon as possible.
Accelita aims to deal efficiently with any query or to resolve any complaint you might have about how we handle your Personal Data. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the UK, this is the ICO (Information Commissioner’s Office) whose contact information can be found at https://ico.org.uk/.
Subsequent changes to the policy may occur due to changes in the ICO’s guidance. Each version of the policy will be uniquely referenced.