According to The General Data Protection Regulations (GDPR), all personal data we hold must be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up-to-date
- Retained only for as long as necessary
- Processed in an appropriate manner to maintain security
ExcelRedstone has assessed the six grounds for lawful processing of personal data under GDPR and has selected ‘Legitimate Interests’ as the most suitable lawful ground for the processing of data. We believe that the individuals whose data we process are likely to have an interest in ExcelRedstone services. This is typically based upon specific criteria including the business industry sector, size of organisation as well as the individual’s job function within the organisation. Our typical segmentation includes those within IT, operations, facilities and real estate roles, although this list is not exhaustive and other variables may apply.
- Information you consent to provide ExcelRedstone that is required to carry out our obligations arising from any contracts entered between you and us, or potential contracts that may be in liaison between you and us.
- Information that you consent to provide by filling in forms on our website, or as part of any direct marketing or sales activities. This includes and is not limited to personal information about you such as your name, telephone contact number, geographical address/location, email address and interests.
- If you contact us by telephone or in writing, we may keep a copy of your correspondence or communication.
We will only ever collect, process and store the essential information required for contacting individuals within a business environment. The personal data we collect is limited to first name, last name, email address, social profiles, business IP address, business name, job function and address.
We will not process or hold any data irrelevant to the purposes of doing business with you, nor any special category data, including: race; ethnic origin; political opinions; religion; philosophical beliefs; trade union membership; health data; concerning a natural person’s sex life; or sexual orientation.
The data we collect will be used to communicate messages relating to ExcelRedstone’s services via email, social media, telephone or any other business to business (B2B) marketing methods that may be relevant. You have the right to object from any method of correspondence at any time via the methods detailed below.
We use information held about you to carry out our obligations arising from any contracts entered between you and us; and to notify you about changes to our services. At ExcelRedstone we procure data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. If you have received correspondence from us, we will have procured your data in one of the following ways:
- You have requested information from ExcelRedstone on a previous occasion
- Someone has sent us your e-mail address requesting information about our articles and/or services be sent to you
- There is a contract in place between you and ExcelRedstone
- You or someone else has expressly shared your contact details with us for the purpose of receiving information now and/or in the future
- We have previously met at an event and your business card or contact details were handed to us willingly
- You or a business colleague has visited our website and we believe that there is a genuine legitimate interest in our services
- You have previously connected with a member of our team and discussed our services
- A member of our team has found your business and your contact details online, believing that your business would genuinely be interested in ExcelRedstone’s services, based on your job function aligning with our typical customer profiles they have made contact to introduce you to our product
- Your data has been purchased from a registered third-party data supplier, and will have been segmented by industry, organisation size and job function based upon our typical customer profiles (due diligence checks around GDPR compliance will have been conducted accordingly)
Per the ICO guidance, ExcelRedstone can confirm:
- We have checked that legitimate interests are the most appropriate basis
- We understand our responsibility to protect the individual’s interests
- We have conducted a legitimate interest’s assessment (LIA) and kept a record of it, to ensure that we can justify our decision
- We have identified the relevant legitimate interests
- We have checked that the processing is necessary and there is no less intrusive way to achieve the same result
- We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests
- We only use individuals’ data in ways they would reasonably expect
- We are not using people’s data in ways they would find intrusive or which could cause them harm
- We do not process the data of children
- We have considered safeguards to reduce the impact where possible
- We will always ensure there is an opt-out / ability to object
- Our LIA did not identify a significant privacy impact, and therefore we do not require a DPIA
- We keep our LIA under review every six months, and will repeat it if circumstances change
- We include information about our legitimate interests in our privacy notice
Using your personal information
We may use this data to:
- administer the website;
- improve your browsing experience by personalising the website;
- enable your use of the services available on the website;
- send you general (non-marketing) commercial communications;
- send to you marketing communications relating to our business which we think may be of interest to you by post, email or similar technology;
- send you email notifications which you have specifically requested;
- provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
- deal with enquiries and complaints made by or about you relating to the website; and
- keep our website secure and prevent fraud.
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Storage, security and retention of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your data.
The personal data we hold in accordance with the policies above will be stored on secure servers our CRM platform, email or marketing software.
We will retain the personal data we hold for as long as we consider it necessary for working with you, selling and marketing our services, or to comply with any legal obligations, and then we will securely delete your data. We will delete your data at an earlier date if you request it.
You have the right to rectification, erasure, restriction and objection.
You may instruct us to provide you with any data we hold about you via a subject access request. Provision of such information will be subject to the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address). We may withhold such personal information to the extent permitted by law. We may also refuse nuisance requests, where a person requests their data excessively on multiple occasions without legitimate reason.
You can at any time request that the information we hold about you is updated or corrected.
In all correspondence with you we will give you the right to object from receiving further correspondence from ExcelRedstone. On any emails you receive from ExcelRedstone there will be the option to ‘unsubscribe’ from receiving any further email correspondence. If you receive a telephone call from us, you have the right to request not to receive any further calls.
You can also make any request for rectification, erasure, restriction and objection by emailing email@example.com or by writing to: ExcelRedstone, 40 Holborn Viaduct, London EC1N 2PB.
All requests will be processed within 30 days. Your details will be added to a suppression file to ensure that your details cannot be processed by ExcelRedstone systems in the future.
It is important to understand the difference between a right to object and a request for deletion. If you make a request for deletion, we will remove any data we hold about you from our systems. This will also mean that we will remove you from our suppression files. If you are removed from our suppression files, there is a risk that your data may be processed again in the future if your details are re-added to our system by a member of our team who genuinely believes that you would benefit from ExcelRedstone services. If you do not wish for us to contact you again about ExcelRedstone, we would recommend you request to object rather than a request for deletion, as this will ensure that your details are always suppressed from processing.
The website also contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites.
A privacy event: A privacy event is the unauthorised or inappropriate access, use, destruction or disclosure of personal information, that is collected, processed or maintained by ExcelRedstone or by a third party on behalf of ExcelRedstone.
Procedures for the escalation of a privacy event: Any such events must be reported within twenty-four hours to firstname.lastname@example.org. Our compliance team will, following the receipt of the email, action the event in accordance with the current policies, procedures, agreed contracts, and legislation.
Security threats, incidents and suspicions must be reported immediately within the hours of 0900 hrs and 17.30 hrs to email@example.com, to report a situation outside of these hours you must call: 020 020 8661 4651 immediately.
Procedures for monitoring and resolution of an event: It is ExcelRedstone’s policy to log, monitor and resolve where practicable all events reported to the compliance team. Each ticket will be monitored by the Compliance Director and escalated to key stakeholders, the ticket will also remain active on the database until a satisfactory resolution has been found and agreed by all parties.
For and on behalf of:
ExcelRedstone Services Limited