Under data protection law, we have to:
- Tell you about your rights regarding the processing and control of your personal data
- Keep your records accurate and held securely
- Keep only enough data to provide information about our products and services and meet our contractual responsibilities
- Only keep your information for as long as it is necessary for a specific purpose
- Process personal data fairly and lawfully
- Be transparent about what information we process and how we use personal information
What is personal data?
Personal data includes information that relates to an identified or identifiable person. This may include your name, email address, organisation you work for and job title. Information is also collected about how you use the Exterity website.
What personal data do we collect?
We collect personal data when you interact with us for a legitimate business purpose as a customer or partner, or when you complete a form on our website.
How do we collect this data?
Information we collect includes:
- Your title (Mr, Mrs)
- Your name - first name and last name
- Your job title
- Your business email address (or personal email address if provided by you)
- Name and address of the organisation you work for
- Your business phone and/or mobile number (or personal number if provided by you)
- Your username for logging in to the secure areas of the Exterity website
- Financial and payment data (channel partners and/or end users only)
- Details of products or services you have purchased
The personal information we have for you is made up of what you tell us, and data we collect when you use our services, or from related third parties we work with.
We may also collect information about your online and website activity such as:
- MAC address details
- Your IP address
- Cookie details
- We may track the details of the pages you visit on our website such as pages viewed and the resources that you access. Such information includes traffic, location and other communication data.
Cookies and Tracking Technologies
- We may use IP address tracking technology to analyse data about website traffic to help us improve our services and provide you with more relevant content
- Cookies are used to make the website work better, as well as to provide information on how the site is used
- To understand and improve upon how our customers and partners are engaging with our email communications, we may use analytics tools to allow us to analyse open and click rates
How do we collect this data?
- When you enter into a legal or financial contractual agreement with Exterity
- When you complete a form on the Exterity website
- When you provide your details to us at an event/trade show
- When you sign up for an Exterity webinar
- When you register to attend an Exterity training course
- When you complete an online survey sent out by Exterity
- When you register for access to the Support, Partner or Consultant sections of the Exterity website
- When you send a message to our support team - we collect this data in order to reply to help you and answer your enquiry
- When you apply for a job vacancy at Exterity
- When we purchase a list from a GDPR-compliant data broker for marketing communication purposes
Why and How do we use personal data?
Under data protection law, we can only use your personal data if we have a legal basis for doing so, e.g.:
- For the performance of our contract with you or to take steps at your request before entering into a contract;
- To comply with our legal and regulatory obligations;
- For our legitimate interests or those of a third party (see below);
- For the establishment, exercise or defence of legal claims or proceedings; or
- Where you have given consent.
The basis on which we use your personal data
- If you have previously purchased products or services from us we use your data to provide to you details of related products or services, or other products and services in which you may be interested.
- We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about ‘marketing’.
- We study this to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
- We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’ to do so, which is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.
- You can ask us to stop sending you marketing messages by contacting us at any time.
- Whatever you choose, you will still receive commercial statements, and other important information such as changes to your existing products and services.
- We may ask you to confirm or update your choices, for example, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.
- If you change your mind you can update your choices at any time by contacting us.
Processing Personal Data on the basis of consent
Data may be processed if we have gained freely given consent from an individual for any number of reasons outlined above.
Consent can be withdrawn at any time by clicking on the unsubscribe link in any of our email communications or you can email [email protected] and we will ensure that your details are removed from our mailing lists as requested.
Processing Personal Data for a Legitimate Interest
What does Legitimate interest mean?
Legitimate interest means the interests of our company in conducting and managing our business to enable us to give our customers and channel partners the best and most secure experience. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests and which will enable you to effectively use and/or promote our products and services.
Processing is necessary for the purposes of legitimate interests pursued by Exterity, the controller, or by a third party, our selected channel partners, to provide you with details relating to our products and services.
Why would we process your information for a legitimate interest?
We process personal information for certain legitimate business purposes, which include some or all of the following:
- Where the processing enables us to enhance, modify, personalise or otherwise improve our products, services and communications for the benefit of our customers
- To identify and prevent fraud
- To enhance the security of our network and information systems
- To better understand how people interact with our websites
- For administrative transfers within our group of companies - we may occasionally transfer personal data about our channel partners/ existing customers between Exterity and Accommtec Ltd- a subsidiary company of the Exterity Group. This data will not be transferred outside of the EEA and is held on secure servers.
- To determine the effectiveness of promotional campaigns and advertising
- To protect our commercially valuable information and also our intellectual property;
- To prevent and detect fraud and/or criminal activity that could be damaging for us and for you;
- For credit control purposes and to make sure our customers can pay for the goods and services we provide; and
- Ensuring we are able to keep up to date with our customers and contacts and developments in their organisations.
Whenever we process data on the basis of legitimate interest we will ensure that we always keep your personal data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish to do so please contact [email protected]. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.
Any marketing undertaken by Exterity is processed in compliance with e-privacy regulation and direct marketing best practice.
We may process personal data for direct marketing by email. If you are an existing channel partner or customer it is important that we are able to keep you updated with the latest news about Exterity products, services and events. We are therefore legally allowed to send direct marketing to personal data obtained using soft opt-in consent as outlined in the EU Privacy and Electronic Communications Regulation (PECR).
Processing Personal data with Consent for direct marketing
You may freely consent to your personal data being processed by Exterity for direct marketing in the following circumstances:
- When you tick an optional field for opt-in on a form on the website
- Where you click through to opt-in from an opt-in button in an email
- When you leave a business card or have your details collected at an event/ trade show - we may verbally ask whether you consent to receive communications from us
- Signing a consent statement on a paper form to receive marketing communications - you may be asked to do this at a trade show or event
Where applicable we keep clear records of where, when and how consent was obtained.
We process personal data for the purpose of direct marketing by electronic means, i.e., email. For individuals who are not current channel partners or existing customers (e.g. we may have acquired your details by purchasing a list from a third party), we require that individuals give consent - or opt-in - to receive direct marketing in accordance with applicable laws.
We ensure you have a free and fully informed choice to exercise your right to consent or actively opt-in. Where explicit consent is to be gathered we endeavour to ensure that you are fully aware of what you are consenting to and how your personal data will be used. These purposes may fall under the section Why and How do we use personal data?
You are able to withdraw your consent at any time by clicking on the Unsubscribe link in any of our email communications or you can email [email protected] and we will ensure that your details are deleted as requested.
Disclosing your information
If we have acquired your personal data from a data broker for direct marketing purposes we will ensure that prior consent has been obtained and will request consent from you for any future communications. We will also ensure that any personal data that is disclosed to us is held safely and securely.
We may disclose your personal data in these circumstances:
- For any of the reasons highlighted in the section above labelled Why and How do we use personal data?
- To further protect and reduce the risk of fraud
- In the event that we sell any or all of our business to a buyer
How long do we keep your personal data?
We do not keep any personal data for any longer than is reasonably necessary.
If you are an existing channel partner or customer, it is important that you receive product and services information to ensure you are kept informed and up to date with the latest news. We will continue holding and processing this personal data until told otherwise e.g. by unsubscribing to marketing communications.
For individuals who are not existing channel partners or end users we will keep data until consent is withdrawn, e.g. by unsubscribing to marketing communications or any other means.
Data Storage and Security
We ensure that all data is stored securely. All data is stored on secure servers within the EEA and where applicable is held in password protected accounts and accessible only by relevant personnel. A company-wide firewall is in place to ensure security.
Unfortunately, the sending of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically and it will be done so at your own risk.
Where Exterity discloses personal data to third parties such as our channel partners we require them to adhere to relevant measures to ensure all personal data is protected and securely held.
If you ask us to delete your information in accordance with your rights set out below, we will retain basic information on a suppression list to record your request and to avoid sending you unwanted materials in the future.
You have the following rights regarding the processing of your personal data:
- The right to object to the processing of your personal data based on legitimate interests.
- The right to withdraw your consent to processing at any time. This can be done at any time by yourself by unsubscribing to email communications or emailing [email protected]. This does not affect the lawfulness of processing based on consent before withdrawal;
- The right to request your data is erased where it is no longer necessary for Exterity to retain such data.
- The right to port your personal information in certain circumstances;
- The right to lodge a complaint with the UK regulator, the Information Commissioner’s Office, if you have concerns about how we use your personal information. Please see https://ico.org.uk/concerns/ to find out more.
- You have a right to see what information we hold about you. This is known as Subject Access and can be obtained by emailing [email protected]
- Right to rectification - we ensure that all data that is held is up to date and accurate. You have the right to have any inaccurate personal data we may hold about you rectified.
- Right to restrict processing - you may consent not to receive marketing communications when you complete any forms on our website. As a result, we may store your personal data but will not process it for any reason as we do not have your consent.
Transfer of Data Across Borders
We may update this privacy notice where necessary. Please check back frequently to see any changes and where applicable, we will ensure you are informed of any changes that have been made.
In case of a data breach we will:
- Notify those affected within 24 hours of the breach being discovered.
- Establish a response team to take action and deal with the breach.
- Keep a log of the details regarding the data breach.
St Davids House
St Davids Drive
Updated: 8 May 2018