Privacy Policy

Last updated February 2021

Excession Technologies Limited (company no. 10098147) ("Excession" / "we" / "our" / "us") is committed to protecting and respecting your privacy. This policy and cookies policy sets out the basis on which we process any personal data that we collect from, or is provided to us by, visitors to our website (excession.co), our customers/prospective customers or their employees/representatives, employees/representatives of our suppliers, customer/suppliers of our customers or suppliers, our shareholders, visitors to our premises, relatives and emergency contacts of our employees, employment referees, witnesses of legal documentation and other people who otherwise interact with us (“you”).

Topics covered:

Please read the following carefully to understand how we will treat your personal data.

ABOUT US

Excession Technologies Limited is a company registered in England and Wales under company number 10098147 whose registered office is at Fifth Floor, 11 Leadenhall Street, London EC3V 1LP. Excession Technologies Limited is the data controller in respect of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.

WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT

We collect personal data so that we can operate effectively and provide you with the best possible service. The information we collect depends on the context of your interactions with us and our website and how you use our products and services. It also depends on the choices you make when using our website, for example the functions you use and your privacy settings. You may choose not to provide certain information but if you do, and that information is necessary to provide a particular feature, then you may not be able to use that feature. We will only use your personal data where we have a lawful basis to do so.

The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.

This privacy policy does not apply to data we process in our app/platform, i.e. data, text, messages, communications or other materials submitted to and stored within our platform by users. We have a separate App Privacy Policy, which users receive when they access our app/platform.

For information on our use of cookies, see our cookies policy.

Our customers (or prospective customers) and their employees/representatives

What information will we collect about you?
Name, email address, callsign and phone number
Employment organisation and address, your role
Username, password and security information
Feedback, questions and other information you provide when you contact us (e.g. for customer support)
How will we collect information about you?
Collected when you sign up for an account with us, contact our customer services team or place an order for our products and services
Collected directly from you through our website, by email, face-to-face or by telephone when you contact us with an enquiry or ask for information
Collected from managers or administrators at customer organisations
Collected when you give us business cards and other contact information
Why are we processing information about you?
To perform essential business operations
To provide and improve our services
To provide customer support, including dealing with enquiries, correspondence and complaints, and to manage your account with us
To protect the security of our website and products, and to prevent fraud
To process orders placed with us
To complete any transactions or provide any products and/or services you have ordered
To communicate and personalise communications with you regarding information about products or services that you request from us, and for sales and contracting purposes
To enable us to bid for tenders
To store details used during the sales or procurement process in our CRM/ record-keeping system
What is our legal basis for processing information about you?
To allow us to perform our contract with you
To enable us to pursue our legitimate interests to:
deliver services or products that you request;
improve our services;
maintain the security of our computer systems;
protect our rights;
establish and/or maintain a business relationship with you (or your employer, if you are employed by a prospective customer); and
provide information on products or services that may be of value to your business
What information will we collect about you?
Device and usage data including IP addresses and device identifiers
Device event information including crash logs, hardware settings, browser type and browser language
Location information
How will we collect information about you?
Automatically collected and stored in our server logs when you interact with our website and/or our products
Collected from IP address, GPS and other sensors
Why are we processing information about you?
To improve your experience of our website, for example to offer you tailored content
To protect the security of our website and products, and to prevent fraud
To communicate and personalise communications with you regarding information, products and services that you request from us
What is our legal basis for processing information about you?
To enable us to pursue our legitimate interests to:
understand how our site is used;
improve user experience of our site;
maintain the security of our computer site; and
protect our rights

Employees/representatives of our suppliers

What information will we collect about you?
Name, email address, phone number
Employment organisation and address, your role
How will we collect information about you?
Collected directly from you by email, face-to-face or by telephone when you contact us
Collected from managers or administrators at supplier organisations
Collected when you give us business cards and other contact information
Why are we processing information about you?
To perform essential business operations
To protect the security of our website and products, and to prevent fraud
To ask you for information about your products or services, and for sales and contracting purposes
To evaluate suppliers and respond to customer tender/bids as part of the sale process
To store details used during the sales or procurement process in our record-keeping system
What is our legal basis for processing information about you?
To allow us to perform our contract with the supplier
To enable us to pursue our legitimate interests to:
deliver services to our customers;
improve our services;
maintain the security of our computer systems;
protect our rights; and
establish and/or maintain a business relationship with you (or your employer)
What information will we collect about you?
Device and usage data including IP addresses and device identifiers
Device event information including crash logs, hardware settings, browser type and browser language
Location information
How will we collect information about you?
Automatically collected and stored in our server logs when you interact with our website and/or our products
Collected from IP address, GPS and other sensors
Why are we processing information about you?
To improve your experience of our website, for example to offer you tailored content
To protect the security of our website and products, and to prevent fraud
To communicate and personalise communications with you regarding information, products and services that you request from us
What is our legal basis for processing information about you?
To enable us to pursue our legitimate interests to:
understand how our site is used;
improve user experience of our site;
maintain the security of our computer site; and
protect our rights

Customers/suppliers of our customers or suppliers

What information will we collect about you?
Name, email address and phone number
Employment organisation and address
How will we collect information about you?
Collected directly from you by email, face-to-face or by telephone when you contact us with an enquiry or ask for information
Why are we processing information about you?
To perform essential business operations
To provide and improve our services
To provide support, including dealing with enquiries, correspondence and complaints
To protect the security of our website and products, and to prevent fraud
To process orders placed with us
To complete any transactions or provide any products and/or services ordered by our customers
To communicate and personalise communications with you regarding information about products or services that you request from us, and for sales and contracting purposes
What is our legal basis for processing information about you?
To enable us to pursue our legitimate interests to:
deliver services or products that our customers request;
improve our services;
maintain the security of our computer systems;
protect our rights; and
maintain a business relationship with our customers
What information will we collect about you?
Device and usage data including IP addresses and device identifiers
Device event information including crash logs, hardware settings, browser type and browser language
Location information
How will we collect information about you?
Automatically collected and stored in our server logs when you interact with our website and/or our products
Collected from IP address, GPS and other sensors
Why are we processing information about you?
To improve user experience of our website, for example to offer you tailored content
To protect the security of our website and products, and to prevent fraud
To communicate and personalise communications with you regarding information, products and services that you request from us
What is our legal basis for processing information about you?
To enable us to pursue our legitimate interests to:
understand how our site is used;
improve user experience of our site;
maintain the security of our computer site; and
protect our rights

Visitors to our website (excession.co) and other people who contact or interact with us

What information will we collect about you?
Name, address, email address and phone number
Employment address
Username, password and security information
Feedback, questions and other information you provide when you contact us (e.g. for customer support)
How will we collect information about you?
Collected when you sign up for an account with us, contact our customer services team or make an enquiry about our products and services
Collected directly from you through our website, by email, face-to-face or by telephone when you contact us with an enquiry or ask for information
Why are we processing information about you?
To perform essential business operations
To provide and improve our services
To provide customer support, including dealing with enquiries, correspondence and complaints, and to manage your account with us
To protect the security of our website and products, and to prevent fraud
To communicate and personalise communications with you regarding information about products and services that you request from us
What is our legal basis for processing information about you?
To enable us to pursue our legitimate interests to:
improve our services;
provide information on our products and services;
maintain the security of our computer systems; and
protect our rights
What information will we collect about you?
Device and usage data including IP addresses and device identifiers
Device event information including crash logs, hardware settings, browser type and browser language
Location information
How will we collect information about you?
Automatically collected and stored in our server logs when you interact with our website and/or our products
Collected from IP address, GPS and other sensors
Why are we processing information about you?
To improve your experience of our website, for example to offer you tailored content
To protect the security of our website and products, and to prevent fraud
To communicate and personalise communications with you regarding information, products and services that you request from us
What is our legal basis for processing information about you?
To enable us to pursue our legitimate interests to:
understand how our site is used;
improve user experience of our site;
maintain the security of our computer systems; and
protect our rights

Our shareholders

What information will we collect about you?
Name, address, email address and phone number
Nationality, date of birth and gender
Shareholder information such as details of shareholding and shareholder reference number
Bank details
Copies of ID such as passport, driving licence and utility bills
How will we collect information about you?
Collected when we request this information from you by email, face-to-face or by telephone
Why are we processing information about you?
To notify you of financial results and other shareholder communications
To include you on our register of shareholders and to maintain it
To make dividend payments
To carry out background checks and anti-money laundering checks
To enable investors to identify shareholders
What is our legal basis for processing information about you?
To allow us to perform our contract with you
To enable us to pursue our legitimate interests:
to produce and maintain shareholder records, announcements and communications;
to review and respond to your enquiries and complaints; and
for record-keeping purposes
To comply with our legal obligations as a UK limited company

Visitors to our premises, relatives and emergency contacts of our employees, employment referees and witnesses of legal documentation

What information will we collect about you?
Visitors: name, email address, employment organisation and address, your role, phone number
How will we collect information about you?
Collected directly from you on entry to our premises or via the Business Cube
Collected when a meeting is arranged
Collected when you give us business cards and other contact information
Collected from you face-to-face or when you communicate with us
Why are we processing information about you?
To record visitors to our premises
To provide visitors with entrance to and a security pass for the building
To diarise and confirm meetings
What is our legal basis for processing information about you?
To comply with a legal obligation to maintain the security/safety of you, our staff and others at our premises. If you fail to provide your personal data on visiting our premises, this may result in you not being permitted entry
To enable us to pursue our legitimate interests to:
protect the wellbeing and welfare of our staff
establish and/or maintain a business relationship with you or your employer; and
provide information on products or services that may be of value to your business
What information will we collect about you?
Witnesses: name, address, occupation
How will we collect information about you?
Collected directly from you if you witness a signature on a contract
Why are we processing information about you?
To ensure the validity of legal documentation
What is our legal basis for processing information about you?
To enable us to pursue our legitimate interests to perform contracts with our customers and other third parties
What information will we collect about you?
Emergency contacts: name, relationship to employee, contact phone number
How will we collect information about you?
In-case-of-emergency contact details are collected from our employees
Why are we processing information about you?
To communicate with you in the event of an incident concerning an employee who has elected you as next-of-kin or in-case-of-emergency contact
What is our legal basis for processing information about you?
To comply with a legal obligation to maintain the security/safety of our staff and others at our premises
To enable us to pursue our legitimate interests to protect the wellbeing and welfare of our staff
What information will we collect about you?
Employment references: name, contact number, email address, organisation and job title, opinion about potential employee
How will we collect information about you?
Employment reference contact details are collected from our prospective employees
Why are we processing information about you?
To communicate with you regarding requests for information from you
To gather employment references as part of our hiring process
What is our legal basis for processing information about you?
To enable us to pursue our legitimate interests to carry out background checks on potential employees

More about the information we collect and why

We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data without consent (as set out in the sections above), this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used.

Where consent is required for our use of your personal data, we will ask you to positively opt-in and you may withdraw your consent at any time.

If you have any questions or require any further information regarding our use of your personal data, please contact our Data Protection Officer at dpo@excession.co.

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

SHARING YOUR INFORMATION

You acknowledge that we may share your personal data with your consent or as necessary with selected third party service providers that support us in the performance of the activities set out in the sections above.

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or otherwise to comply with the law.

We require all our third party service providers and other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.

Why might you share my personal data with third parties?

We may share your personal data with third parties where required by law or it is necessary in order to provide you with our services or information you have requested, or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers, or to operate and maintain the security of our computer systems.

Which third party service providers process my personal data?

The following third party service providers process personal data about you for the following purposes:

Our customers/prospective customers and their employees/representatives

We use Twilio and SendGrid, which are cloud communications platforms, to send communications to our customers by text message and email. You can access their privacy policy here: twilio.com/legal/privacy.

We use Google Cloud Messaging to send push mobile notifications to send data or information to mobile devices. You can access their privacy policy here: policies.google.com/privacy

We use AWS servers (London region for customers in UK and North Virginia for US customers). More information on AWS’s GDPR compliance can be found here: aws.amazon.com/compliance/gdpr-center/.

We use Workbooks for our CRM system. You can access their privacy policy here: workbooks.com/legal/.

We use Deskpro to provide customer support. You can access their privacy policy here: deskpro.com/legal/privacy/.

We also use Google Workspace to store customer documents, and you can access their privacy policy here: policies.google.com/privacy?hl=en-US#intro.

We also use Microsoft 365 to store customer documents, and you can access their privacy policy here: privacy.microsoft.com/en-gb/privacystatement.

Our shareholders

We use CreditSafe to carry out background checks and investigate the creditworthiness of our shareholders; they may be provided with your name, address, date of birth, nationality, passport or driving licence number to do this. You can access their privacy policy here: creditsafe.com/gb/en/legal/privacy-policy.html.

We use Inform Direct, which is a company secretarial solution, and we provide them with details of shareholders to assist with company secretarial compliance, such as name and address. You can access their privacy policy here: informdirect.co.uk/privacy-policy/.

We provide information to HMRC to comply with our legal obligations as a UK Limited company and in respect of EIS applications. We may provide HMRC with your name and address for these purposes. You can access their privacy policy here: gov.uk/government/publications/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you.

We use Google Workspace, to store shareholder documents. You can access their privacy policy here: policies.google.com/privacy?hl=en-US#intro.

Relatives and emergency contacts of our employees, visitors to our premises, employment referees and witnesses of legal documentation

As our offices are located in a Business Cube building, Business Cube collects records of entrances and exits of visitors to the building and office floors. You can access their privacy policy here: businesscube.co.uk/privacy-and-cookies-policy.

We use Google Calendar to diarise visitor appointments. You can access their privacy policy here: policies.google.com/privacy?hl=en-US#intro.

We use Google Drive to store signed documents and emergency contact information. You can access their privacy policy here: policies.google.com/privacy?hl=en-US#intro.

We use DocuSign to facilitate the electronic signature of legal documentation and store signed contracts. Their privacy policy can be accessed here: docusign.co.uk/company/privacy-policy.

Our employees may provide their emergency contact information via Slack or our HR system, People HR. Their privacy information is available, respectively, here: slack.com/intl/en-gb/trust/privacy/privacy-policy?geocode=en-gb and here: peoplehr.com/gdpr.html.

Employees/representatives of our suppliers

We use Google Drive to store supplier data. The Google Drive privacy policy can be found here: policies.google.com/privacy?hl=en-US#intro.

We use Workbooks for our CRM system. You can access their privacy policy here: workbooks.com/legal/

STORING YOUR INFORMATION

We will store and process the personal data that we hold about you within the United Kingdom/European Economic Area, unless you are an employee or representative of a US customer, supplier or prospective customer, when we may store and process your personal data in the US.

Some of our third party service providers listed above are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal data out of the UK and EEA, we ensure it will have a similar degree of protection as it has in the UK, [by using special contracts approved by the European Commission and the Information Commissioner's Office. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations.

KEEPING YOUR INFORMATION SECURE

All information that you provide to us is stored on secure servers. We have put in place appropriate measures to protect the security of your information.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.

You are responsible for keeping confidential any passwords that you have to access our services. Please do not share your password(s) with anyone else. If you lose control of your password, you may lose control over your personal data. If your password has been compromised for any reason, please let us know immediately by contacting us at: info@excession.co.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Our customers/prospective customers or their employees/representatives

Business cards received from business contacts are stored in the personal, combination-locked set of desk drawers of the person receiving them. Our representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers. All other data is stored electronically, in access and permission-restricted folders containing the data, such as in G Suite.

Specifically, customer data in Excession’s platform is stored in access and permission-restricted, firewalled accounts, logically separated according to each organisation.

Each customer has a separate database in the CRM and we use strong encryption for any data transfers of customer data and use extensive RBAC as well as the principle of ‘least privilege’ to ensure data separation. The CRM system we use is ISO27001 accredited. We use password vaults to securely share passwords internally. Data is encrypted at rest.

Customer/suppliers of customers/suppliers

Data is stored in a separate part of the CRM for your company and in separate, access-restricted folders in Google Drive. Business cards received from business contacts are stored in the personal, combination-locked set of desk drawers of the person receiving them. Our representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers.

Visitors to our website (excession.co) and other people who contact or interact with us

We store the personal data that you provide us with on our secure servers.

Business cards received from business contacts are stored in the personal, combination-locked set of desk drawers of the person receiving them. Our representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers. All other data is stored electronically, in access and permission-restricted folders containing the data, such as in G Suite.

Our shareholders

Business cards received from business contacts are stored in their personal, combination-locked set of desk drawers. Our representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers. Hard copies of shareholder agreements are stored in a locked filing cabinet. All other data is stored electronically, with specific access and rights permissions to the folders containing the data.

Relatives and emergency contacts of our employees, visitors to our premises, employment referees, witnesses of legal documentation and individuals otherwise interacting with us

Our employees/representatives retain data of visitors in their individual Google Calendar diaries.

When a document is witnessed, the witness’ details are stored within the document in a specific folder on Google Drive or on DocuSign.

Details of emergency contacts are stored electronically in a specific folder on Google Drive, with specific access and rights permissions to the folders containing the data.

Details of referees are retained on our secure email servers.

Employees/representatives of our suppliers

Suppliers’ data is stored within their own ‘umbrella’ of their company within the CRM and in separate, access-restricted folders in G-Drive.

Business cards received from business contacts are stored in personal, combination-locked set of desk drawers. Our representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers.

Your Rights

You have the right under data protection laws to access information held about you, subject to certain conditions, and to request its rectification or deletion.

If you would like to access, update or amend the information which we hold about you, or would like us to stop using your personal data, please contact info@excession.co.

Your rights in connection with your personal data

By law, you have the right to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. This right is subject to a number of exemptions, which allow information to be withheld in certain circumstances. For example, where compliance would involve disclosing: information relating to another individual; data which consists of information that is subject to legal professional privilege; negotiations or confidential references.
  • Request correction or erasure of your personal data (unless we have the legal right to retain it). You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation that makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.
  • Change your data processing preferences at any time. If you have changed your mind, you can update your account settings by signing in to your account on the website or by contacting us by email at info@excession.co.

You should be aware that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the website, you may not be able to use the website as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.

If you want to exercise any of the above rights, please contact us by emailing us at info@excession.co.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where we are relying on your consent as the legal basis to process your personal data for a particular purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer at dpo@excession.co. Once we know that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

CHANGES TO THIS PRIVACY POLICY

We keep our privacy policy under regular review and will post any updates on this webpage. This privacy policy was last updated in February 2021.

HOW TO CONTACT US AND COMPLAINTS

If you have any questions about this privacy policy or how we handle your personal data, please contact our Data Protection Officer at dpo@excession.co.

If for any reason you are not happy with the way that we have handled your personal data, please contact us using the email address set out above. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office at: ico.org.uk/global/contact-us/ but we would appreciate the opportunity to address your concern first, so please contact us as above.