INFORMATION SECURITY & PRIVACY POLICY
Data Classification: Public
eXate Technology Limited (company number 09512030) (collectively referred to as “eXate”, “we“, “us” or “our” in this privacy policy) provides a platform for implementing data privacy and security.
When you visit our website http://www.exate.com, and use our services, you trust us with your personal information. We take your privacy very seriously. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Sites and our services.
This privacy notice applies to all information collected through our website (such as http://www.exate.com), and/or any related services, sales, marketing or events (we refer to them collectively in this privacy notice as the "Services").
Please read this privacy notice carefully as it will help you make informed decisions about sharing your personal information with us.
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the Data Protection Officer using the details set out below.
eXate is certified in both ISO 27001 and ISO 27701.
eXate recognises information security and privacy protection as preservation of confidentiality, integrity, and availability of information in its processes, information systems and information assets.
Information security and privacy management are integral parts of its management function. The management of eXate views these as primary responsibilities and fundamental to the business practice of adopting appropriate information security controls and privacy controls along the lines laid down in ISO 27001: 2022 and ISO 27701 :2019.
Data Protection Officer
Our Data Protection Officer is Sonal Rattan. She is responsible for overseeing data protection across eXate.
You can contact Sonal at:
Post: Data Protection Officer, 85 Great Portland Street, London, England, W1W 7LT
Email: dpo@exate.com
Data Protection Rights
Data protection rights defines how eXate uses the PII (Personal Identifiable Information). The rights are detailed in the ICO website (Information Commissioner’s Office) : www.ico.org.uk.
No charge is to be paid for exercising data protection rights. Responses are provided within a month of raising any data protection request.
Data protection rights are detailed below.
Right of Access
Data subjects have a right to access their stored data, to know if data is being processed, purpose of processing, categories of personal data being processed, recipients of data
Right to Transparency:
Data subjects are to be informed about how their data being processed using clear and plain language
Right to rectification
Data subjects have a right to update existing data.
Right to Erasure or Right to be forgotten:
Data controllers must erase personal data in a timely manner as per the data subject request and inform the other controllers also.
Right to Data Portability:
Data Subjects have the right to receive data in a structured machine-readable format. Right to have the data transmitted to another controller.
Right to object processing:
Data subjects can object to processing of their data at any time.
Right not to subject to automated decision making e.g., loan approval applications
Right to complain
The data collected and stored is protected with care. In case, there are any questions or complaints with respect to data usage, they may be raised by sending a mail to the DPO. Responses are provided within a month of receipt of compliant
Complaints may be escalated to the ICO (Information Commissioner’s Office). Contact details of ICO :0303 123 1113. website: https:// ico.org.uk/make-a-compliant
Record Keeping:
A record of all processing activities of data is to be maintained.
It is important that any information you provide directly to us is accurate and correct. Please let us know as soon as you can if any information we hold about you is no longer correct.
Providing false or inaccurate information in order to obtain a product or service may also result in services being restricted or cancelled.
What information do we collect?
Information automatically collected
Some information — such as IP address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookies Policy: http://www.exate.com/cookie-policy
How do we use your information?
We process your information for purposes based on legitimate business interests, the fulfilment of our contract with you, compliance with our legal obligations, and/or your consent.
We use personal information collected via our Services for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the information we collect or receive:
For other Business Purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services, products, marketing and your experience. We may use and store this information in aggregated and anonymised form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information without your consent.
Will your information be shared with anyone?
We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfil business obligations.
We may process or share data based on the following legal basis:
Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
How long do we keep your information?
We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this policy will require us keeping your personal information for longer than 2 years.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Do we collect information from minors?
We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please email dpo@exate.com.
GENERAL INFORMATION
eXate respects your privacy and is committed to protecting your personal data. This information security and privacy policy will inform you as to how we look after your personal data when you visit our Website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
This notice is layered so you can click through to the specific areas in which you are interested.