At ITEXACT Limited, we respect the privacy of our staff, clients, and visitors to our website(s). This policy is concerned with how we collect information, what we do with it, and what controls you have over the information we collect.
We take our duty to process your personal data very seriously. This policy explains how we collect, manage, use, and protect your personal data.
We may change this policy from time to time to reflect the latest view of what we do with your information. Please check back frequently; you will be able to see if changes have been made by the date it was last updated.
1.2.1 Who Are We?
In this policy, references to ITEXACT Limited, or to ‘we’ or ‘us’ are to ITEXACT Limited which is a company registered in England and Wales, Company No 6946307. ITEXACT Limited is registered at 1A High Street, Epsom, Surrey, KT19 8DA, United Kingdom.
1.2.2 What Personal Data We Collect and How We Use It
What We Need
ITEXACT Limited are what is known as the ‘controller’ of the personal data you provide to us. We may collect basic personal data about you such as your name, postal address, telephone number, email address or your bank details if you are purchasing a product, service, or event registration from us.
Sometimes we will collect other information about you if it’s relevant to this purpose, such as your dietary requirements for an event. We will be very clear with you that we wished to collect such information, our reason for collecting such information, and we would only do so with your specific consent and permission.
We also use Snitcher and Google Analytics to gather insights on the IP addresses of those visiting the website, for the purposes of legitimate interest. To achieve this, we use a SNID cookie. No personally identifiable information is collected via Snitcher.
Why We Need It
We collect your personal data in connection with specific activities, such as campaign updates, newsletter requests, registration, product purchases, feedback, information you provide in public forums, at third party events or on our website(s) and social media.
The information is either needed to fulfil your request or to enable us to provide you with a more personalised service. You don’t have to disclose any of this information to browse our sites. However, if you choose to withhold requested information, we may not be able to provide you with certain services.
When Can We Use It
Any information collected by ITEXACT Limited will only be processed lawfully in accordance to GDPR’s Article 6(1). Typically, of the 6 points under Article 6(1), ITEXACT Limited will only process data based on:
- the data subject giving explicit consent to ITEXACT Limited (point a)
- it being necessary for the performance of a contract in which the client has signed up to (point b)
- it being necessary for the purposes of the legitimate interests pursued by the controller or by a third party (point f)
1.2.3 Our Marketing
Sometimes, with your consent, we will process your personal data to provide you with information about our work or our activities that you have requested or are expecting.
On other occasions, we may process personal data when we need to do this to fulfil a contract (for example, if you have purchased a service from us) or where we are required to do this by law or other regulations.
ITEXACT Limited also processes your data when it is in our legitimate interests to do this and when these interests do not override your rights. Please see the section on ‘Legitimate Interest’ for more information.
1.2.4 How We Obtain Your Details
We will also hold information about your details so that we can respect your preferences for being contacted by us.
We collect your personal information in several ways:
- When you provide it to us directly;
- When you provide permission to other organisations to share it with us (including social media platforms such as Facebook or Twitter);
- When we collect it as you use our website;
- When you have given it to a third-party and you have provided permission to pass your information on to us;
- Through the use of third-party software, Snitcher, and its associated SNID cookies;
- Through the use of third-party software, Microsoft Clarity, and its associated cookies;
- From publicly available sources (where possible) to keep your information up to date (e.g., the Post Office’s National Change of Address database).
We combine the information from these sources with the information you provide to us directly.
When providing permission for third-party organisations to share your data you should check their Privacy Policies carefully to understand fully how they will process your data.
1.2.5 Building Profiles of Contacts
The Company may make use of profiling and screening methods to produce relevant communications and provide a better experience for our contacts. Profiling can help us target our resources more effectively through gaining an insight into the background of our contacts and helping us to build relationships that are appropriate to their interests and requirements.
To do this we may use additional external sources of data to increase and enhance the information we hold about you. This may include obtaining details of changes of role, telephone numbers and other contact details, and consumption and demographic data generated through publicly available resources. It may include information from public registers and other publicly available sources such as Companies House, newspapers, and magazines.
If you do not wish your data to be used in any of the ways listed above or have questions about this, then please let us know, using the contact form on our ‘Contact Us’ page.
1.2.6 Transferring Your Personal Information Outside the EEA
All the personal data we control is processed by our staff based in the UK, however for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). These systems have policies in place to comply with GDPR and are listed below, but more information on each can be found on their website:
- Freshworks(USA/India): Provides our CRM platform and has certified their agreement with the EU-U.S. Privacy Shield Framework
Going forward, our internal policy for IT hosting and maintenance is to ensure data is stored within the UK or the EEA, and data will only be stored outside the EEA where a requirement cannot be fulfilled within the EEA. In these cases, GDPR compliance through mechanisms such as Privacy Shield will be mandatory for the hosted solutions.
If you would like to know more about the EU-US Privacy Shield, please visit: https://www.privacyshield.gov/
We only disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations and the following:
- If you have agreed that we may do so
- When we use other companies to provide services on our behalf, e.g., processing, mailing or delivering orders, answering customers’ questions about products or services, sending mail and emails, customer analysis, assessment and profiling, when using auditors/advisors or processing credit/debit card payments
- To our subsidiaries or partners
- If we receive a complaint about any content you have posted or transmitted to or from one of our sites, to enforce or apply our Terms & Conditions or if we believe that we need to do so to protect and defend the rights, property or personal safety of ITEXACT Limited, our websites and for other lawful purposes
- If we merge with another organisation to form a new entity, information may be transferred to the new entity
- We may disclose aggregate statistics about our site visitors, contacts, customers and sales to describe our services and operations to prospective partners, customers, advertisers and other reputable third parties and for other lawful purposes, but these statistics won’t include any personally identifying information
- If we run an event in partnership with other named organisations your details may need to be shared. We will be very clear what will happen to your data when you register
We will never sell or rent your personal information to other organisations.
We hold your information for only as long as is necessary for each purpose we use it, and we will provide examples of some of our retentions in this paragraph to give you an idea of how long we hold your information for.
- The SNID cookie utilised by Snitcher on this website has a lifetime of 2 years, but consent can be withdrawn at any time following a visit
- If you are a customer or partner and we require your information to contact you about projects underway, we will need to retain your details
If you decide not to follow ITEXACT Limited anymore or request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future and to ensure that we don’t accidentally duplicate information.
A new data protection law, starting in May 2018, gives everyone a number of very important rights. These are:
- Transparency over how we use your personal information (right to be informed).
- Request a copy of the information we hold about you, which will be provided to you within one month (right of access).
- Update or amend the information we hold about you if it is wrong (right of rectification).
- Ask us to stop using your information (right to restrict processing).
- Ask us to remove your personal information from our records (right to be ‘forgotten’).
- Object to the processing of your information for marketing purposes (right to object).
- Obtain and reuse your personal data for your own purposes (right to data portability).
- Not be subject to a decision when it is based on automated processing (automated decision making and profiling).
If you would like to know more about your rights under the data protection law, see the Information Commissioners Office (ICO) website.
Remember, you can change the way you hear from us or withdraw your permission for us to processing your personal data at any time by using the form on our ‘Contact Us’ page or unsubscribing to email notification.
Our data protection lead can be contacted via:
1A High Street
- Email: info@ITEXACTGlobal.com
- Phone: 07372 824715
Please note that calls may be monitored or recorded.
Under the new data protection law starting in May 2018 we have a number of lawful reasons that we can use (or ‘process’) your personal information. One of the lawful reasons is called ‘legitimate interests’.
Broadly speaking Legitimate Interests means that we can process your personal information if:
- We have a genuine and legitimate reason and we are not harming any of your rights and interests
So, what does this mean? When you provide your personal details to us, we use your information for our legitimate business interests to carry out our work. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.
Some typical examples of when we might use the approach are for preventing fraud, direct marketing, maintaining the security of our system, and enhancing, modifying or improving our services. We also use Snitcher under ‘legitimate interests’, to identify individuals visiting the site and to provide a personalised experience for them.
When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Remember, you can change the way you hear from us or withdraw your permission for us to processing your personal data at any time by using the form on our Contact Us page or unsubscribing to email notification.