Privacy Policy

BACKGROUND:

ExGate Limited understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits our website:

www.exgate.co.uk (“Our Site”)

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.

1. Definitions and Interpretation

1.1 In this Policy, the following terms shall have the following meanings:

“personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and

“We/Us/Our” means ExGate Limited, a limited company registered in England under company number 12814835, whose trading address is 64 Upper Mulgrave Road, Cheam, Sutton, Surrey SM2 7AJ.

2. Information About Us

2.1 Our Site is owned and operated by ExGate Limited, a limited company registered in England under company number 3108419, whose trading address is 64 Upper Mulgrave Road, Cheam, Sutton, Surrey SM2 7AJ.

2.2 We are regulated by the Information Commissioner’s Office under Registration Number ZA781429.

3. What Does This Policy Cover?

This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

4. Your Rights

4.1 As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:

4.1.1 The right to be informed about Our collection and use of personal data

4.1.2 The right of access to the personal data we hold about you (see section 8)

4.1.3 The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 9)

4.1.4 The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 6 but if you would like Us to delete it sooner, please contact Us using the details in section 9)

4.1.5 The right to restrict (i.e. prevent) the processing of your personal data

4.1.6 The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation)

4.1.7 The right to object to Us using your personal data for particular purposes; and

4.1.8 Rights with respect to automated decision making and profiling.

4.2 If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 9 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.

4.3 For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.

5. What Data Do We Collect and How?

5.1 Depending upon your use of our website or upon what services you receive from us, we may collect and hold some or all of the personal data set out in the table below, using the methods also set out in the table.

Data CollectedHow We Collect the Data
Identity Information including name, title, date of birth, genderTelephone, email, post, verbally, documents supplied by you, information supplied by your legal advisers, information supplied by associates or family, third party public domain records, private & confidential third-party records that you have consented in writing to share with us.
Contact information including address, email address, telephone numberTelephone, email, post, verbally, documents supplied by you, information supplied by your legal advisers, information supplied by associates or family, third party public domain records, private & confidential third-party records that you have consented in writing to share with us.
Business information (where applicable) including business name, job title, profession.Telephone, email, post, verbally, documents supplied by you, information supplied by your legal advisers, information supplied by associates or family or employees or contractors, third party public domain records, private & confidential third-party records that you have consented in writing to share with us.
Payment information including card details, bank account numbers.Card, cheque or electronic fund transfer coordinates or any account information provided by you or your legal advisers or any statutory authority via telephone, post or in person.
Profile information including preferences, interests, purchase history.Telephone, email, post, verbally, information supplied by you, information supplied by your legal advisers, information supplied by associates or family, third party public domain records, our internal client relationship records.
Data from third parties including contact information, profile information.Telephone, email, post, verbally, information supplied by your legal advisers, information supplied by associates or family, third party public domain records, private & confidential third-party records that you have consented in writing to share with us

6. How Do You Use My Personal Data?

6.1 Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The following table describes how we may use your personal data, and our lawful bases for doing so:

What We DoWhat Data We UseOur Lawful Basis
Administering our business.Contact coordinates for communication, payment data to manage the commercial relationships, company CRM recordsConsent from the data subject, negotiations of & performance of a contract, protection of the vital interests of the data subject
Supplying our services to you.Contact coordinates for communication, payment data to manage the commercial relationships, documentary and financial data supplied as part of an examination process and/or financial risk assessment, information supplied from third partiesConsent from the data subject, negotiations of & performance of a contract, protection of the vital interests of the data subject, compliance with a legal obligation.
Managing payments for our services.Contact coordinates for communication, payment data to manage the commercial relationships, company CRM recordsPerformance of a contract with the data subject or to take steps to enter into a contract.
Personalising and tailoring our services for you.Contact coordinates for communication, payment data to manage the commercial relationships, company CRM records.Consent from the data subject, performance of a contract with the data subject or to take steps to enter into a contract.
Communicating with youContact coordinates for communication, company CRM records.Consent from the data subject, performance of a contract with the data subject or to take steps to enter into a contract.
Supplying you with information by email or post that you have opted-in-to (you may opt-out at any time – see Part 11).Contact coordinates for communication, company CRM records, sales & marketing information regarding existing or new services.Legitimate interests – advisory information about new or existing services, or relevant company information.

6.2 With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email or telephone or post with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

6.3 We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in Section 11.

6.4 If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

6.5 In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

7. How Long Will You Keep My Personal Data?

7.1 We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):

Type of DataHow Long We Keep It
Identity Information including name, title, date of birth, gender.Six years or an agreed lesser period of time.
Contact information including address, email address, telephone number.Six years or an agreed lesser period of time.
Business information (where applicable) including business name, job title, profession.Six years or an agreed lesser period of time.
Payment information including card details, bank account numbers.Six years or an agreed lesser period of time.
Profile information including preferences, interests, purchase history.Six years or an agreed lesser period of time.
Data from third parties including contact information, profile information.Six years or an agreed lesser period of time.

8. How and Where Do We Store Your Data?

8.1 We only keep your personal data for as long as We need to in order to use it as described above in section 6, and/or for as long as We have your permission to keep it.

8.2 Your data will only be stored in the UK.

8.3 Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure any data We hold about you (even if it is only your email address).

8.4 Steps We take to secure and protect your data include:

8.4.1 All computer systems are firewall protected and secured with all latest system updates.
8.4.2 Regular virus and security scans are executed.

8.4.3 If any hard copies are taken of data we have received, this information is held in a secure, alarm protected, location and is secured in locked cabinets.

9. Do You Share My Personal Data?

9.1 We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions.

9.1.1 If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.

9.1.2 In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

10. How Can You Access Your Data?

You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable and We will provide any and all information in response to your request free of charge. Please contact Us for more details at using the contact details below in section 11.

11. Contacting Us

If you have any questions about Our Site or this Privacy Policy, please contact Us by email at training.services@exgate.co.uk, by telephone on 020 8819 3873, or by post to: Data Protection Officer, Exgate Ltd, 64 Upper Mulgrave Road, Cheam, Sutton, Surrey SM2 7AJ. Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you (as under section 7, above).

12. Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.