Exigia respects your privacy
Exigia Ltd. takes the security and privacy of client data very seriously. After all, one of the main proposes of the Company is to provide our clients with advice, guidance and support for their own security and data protection regimes.
We believe this notice is compliant with the United Kingdom’s Data Protection Act, 2018, including the ‘UK General Data Protection Regulation (UK GDPR)’, and all other relevant legislation.
Changes to our privacy notice
This Privacy Notice will be amended from time to time if we make any significant changes in the way that we collect, store and/or use personal data. Please check back here occasionally to refresh your understanding.
Last updated: 17 August 2022
We are Exigia Ltd., a small consultancy company, based in the UK, specialising in providing a range of services for SME clients, including support for information governance compliance, cyber security compliance and web services.
Our clients are mostly UK organisations working in the health and social care sector as providers or suppliers alongside the NHS. We also serve charities, local government organisations such as parish councils, small businesses and individuals.
The personal data we may collect about you and others will vary depending on your relationship with us and how we interact. It may include the following:
General identification and contact information
We may collect nameless, address, phone numbers, email addresses, IP addresses, passwords, ages, genders and dates of birth.
We may collect names, bank account numbers and sort codes. For example, where you are a client or a supplier we need to pay you or send you a refund.
We may collect some technical information from devices and applications you use when accessing our services (e.g. computers, mobiles, tablets, smart speakers, web browsers etc. This might include IP addresses and device IDs.
We may collect information if you access our services, such as how you use those services and the pages or articles you read.
Information if you communicate with us
If you call, text, email, chat online, videoconference or otherwise communicate with us, we may collect your name, location and a brief summary of your message or opinion. Please note that depending on what you say or type, this may include confidential information.
We may ask for your address in order to offer you services and exchange information. We may also have information regarding your general geographic location based on your IP address.
Information on your activities etc.
If you contact use or submit a comment via a noticeboard, blog or other website facility, we will not normally collect any sensitive personal data from you (unless you provide it to us voluntarily), and will, in any event, ask for your express consent to hold this information if we need to do so.
Please do not submit sensitive information if you do not wish us to collect it.
We may obtain additional information about you from trusted third parties and public sources.
We need to have a valid reason to use your personal data. This is called a “lawful basis for processing”. We process personal data for the following legal bases:
We may use your personal data if we have your consent. We rely on consent for the following:
- to enable you to login to your account
- to tell you about products, events, services and promotions that we or our third party partners are offering
- for marketing purposes
- to send you notifications on your device if you have selected them
You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
We may process your data when we need to fulfil a contract with you.
We process your data when it is in our legitimate interest to do this and when these interests are not overridden by your data protection rights.
Our legitimate interests include:
- to improve our content, products, services and customer experiences by monitoring your use of our services and working with our suppliers to improve the products and services we offer or develop new content and services
- to create profiles for targeted advertising and marketing opportunities
to ensure the security and integrity of our services
- to ensure that our websites and apps operate effectively
- to protect clients and other individuals and maintain their safety, health and welfare
for market research
- to deal with your requests, complaints and enquiries
- We may use your information to deliver targeted advertising about our services to you when you visit our websites
Legal and regulatory obligations
We may process your personal data to comply with our legal and regulatory obligations e.g. taxation, preventing, investigating and detecting crime, fraud or anti-social behaviour and to comply with actions taken by law enforcement agencies.
Our service providers (processors)
We may pass personal data to our external third-party service providers who act either as our data processors or in exceptional cases as data controllers in their own right e.g. professional advisors.
Our providers may include:
- accountants, auditors, lawyers, other professional advisors
- IT systems, support and hosting service providers
- printing, advertising, marketing, market research and analysis service providers
- website analytics, technical engineers, data storage and cloud providers and similar third party vendors and outsourced service providers that assist us in carrying out business activities
These third parties (and any subcontractors they are be permitted to use) are legally obliged not to share, use or retain your personal data for any purpose other than as necessary for the provision of our services. For further information on our processors and sub-processors please refer to the list of our Data Processors.
As required by law or regulation
Other third parties
We hold personal data for different purposes and the length of time we keep it will vary depending on the services or products we are providing. We will only keep your data for a reasonable period of time, which is based on the purpose for which we are using it. Once that purpose has been fulfilled, we will securely delete that data or anonymise it (so that neither we, nor anyone else, can tell that the data relates to you) unless we are required to retain the data longer for legal, tax or accounting reasons.
To determine the period we store personal data, we always use these principles:
- we design our services so that we do not hold your longer than we need to or have to
- we think about what type of information it is, the amount collected, how sensitive or intrusive it might be and any legal requirements
Personal data which you and others supply to us is generally stored and kept inside the United Kingdom.
However, due to the nature of our business and the technologies required, personal data may be transferred to a third party service provider outside the UK. This is nearly always within the EEA or other countries considered 'adequate' in data protection terms by the UK.
Countries without an 'adequacy' status may not have the same level of data protection laws and have a lower level of protection.
If we need to transfer personal data to such countries we will take steps to ensure adequate privacy and security, including, where appropriate, data minimisation, anonymisation and pseudonymisation. We will undertake due diligence on the recipients and their country's privacy laws and seek alternatives in countries that have been granted Adequacy Decisions by the UK where possible. We will also place data recipients under contractual obligations to take care of personal data, for example by using UK standard contractual clauses (SCCs) or their equivalent.
Data Protection laws give you certain rights in respect of your personal data and how we use it. You have the following rights:
Right to rectification
The right to have your personal data corrected if it is inaccurate or incomplete. You can also manage some of this yourself if you have registered with us via our website.
Right of access
You have the right to obtain your personal data from us. This is referred to as a data subject access request.
Right to be erasure (“right to be forgotten”)
You have the right to be forgotten.
Right to object and opt-out of marketing
You have the right to object to the processing of your personal data. This includes the right to object to direct marketing. You will always be given the opportunity to opt-out of further direct marketing when you receive such communications from us or you can contact us as set out in the Contacting us section below.
Right to portability
You have the right to move, copy or transfer certain personal data
Right to restrict processing
You have the right to restrict the use of your personal data in certain circumstances
Right to opt-out of automated individual decision-making (including “profiling”)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which significantly affects you or produces legal effects.
If you wish to submit a request in relation to any of your rights, please contact us as set out in the Contacting us section below. Please note you may be asked to supply us with proof of identity before we provide a response. We do not charge for requests to exercise these rights unless they are manifestly unfounded or excessive, when we may refuse to respond or charge a reasonable fee before dealing with them.
A cookie is a small amount of data, which often includes an anonymous unique identifier. Cookies are sent to your browser from a website's computer and stored on your computer or mobile device.
Each website can send its own cookies to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites.
Many sites save cookies whenever a user visits their website in order to:
- Provide website personalisation (for example: saving preferences such as font size, accessibility features, template versions etc.)
- Save data or user’s decisions (for example: removing the need to enter login and password on every website, remembering a login during for the next visit, keeping information on products added to a shopping cart)
- Provide social media integration (for example: displaying your friends, fans or post publishing on Facebook directly from the website)
- Adjust adverts that are displayed on the website and make the 'more relevant' to the person viewing them
- Create website and flow statistics between different websites to track online traffic flows
Users have the opportunity to set their computers to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The last of these, of course, means that certain personalised services cannot then be provided and you may not be able to take full advantage of all of the features of websites. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie settings or preferences.
You can clear cookies stored by your browser e.g. by using one of its menu options or a third party add-in. For further information, please refer to your browser's 'Help' documentation.
On this website, we provide you with a means of controlling the cookies you wish to reject or accept (if any). You may see a banner requiring a response and you can alter your settings at any time via the 'cog' icon at the top right corner of the screen.
During the course of any visit to our websites, the pages you see are downloaded to your computer. In addition we may download cookies.
Information supplied by cookies can help us to provide you with a better online user experience and assist us to analyse the profile of our visitors. For example: you need to allow the session cookie to be able to send us a message via the contact form or login to a client account (if you have one).
This notice applies to our processing of your personal data as a controller.
We may also act on your behalf as a (data) processor or sub-processor of personal data which you control.
Examples of this include where we manage mailings for you or collect data on your behalf.
This notice does not apply to those activities, and you should refer instead to the relevant contract or terms and conditions that apply between us, or, where we are a sub-processor, your contract with the processor we work for.
For the avoidance of doubt:
- We will not automatically log personal data nor link information automatically logged by other means with personal data about specific individuals
- We will not sell your personal data to anyone
- We will not share your personal data with anyone without your expressed permission unless permitted or required to do so by law
- We will co-operate with you to enable you to speedily exercise your rights over your personal data
The controller responsible for your personal data collected via this and associated websites is Exigia Ltd.
If you have any concerns, we would like to know about them and have the opportunity to deal with them.
We encourage you to contact us first so that we can try to help you. Please contact us at:
Post: Exigia Ltd., 124 City Road, London EC1V 2NX
Please mark you correspondence for the attention of the Data Protection Officer.
If you do not think we are handling your personal data adequately, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, are available from the Information Commissioner (see below).
In order to comply with current legislation, The Company maintains a Data Protection Act, 2018 Registration No. ZA019088. Further information is available at the Information Commissioner's website.