PRIVACY POLICY

ExcluServ, as a provider of outsourced accounting, consulting and software services, deal with personal information daily. We do this both as

  1. a data controller with our own customers, staff and associates;
  2. a data processor, handling data on behalf of our customers.

Since we take privacy very seriously, we have updated our privacy policy to reflect how we deal with both categories of personal information. Please read the Policy below to help you decide how you want to share your personal data with us. You have the option to withhold or limit the use of some categories of personal information held and processed by us, but that may prevent us from being able to provide that service to you.

By using our services, you consent to the terms of this Policy.

ExcluServ collects your Personal Information

For you as a direct customer, associate, staff member or subscriber to ExcluServ, this describes the personal information we will collect.

Our accounting, consulting and software services all require us to collect and process some personal information as part of our service delivery. The personal data we require may
include full name, bank account details, contact details and information of the goods and services provided.

We may collect personal data from you when you an interest in any of our service areas, and further data at the point when the service commences.

ExcluServ will use your personal information for limited purposes

For you as a direct customer, associate, staff member or subscriber to ExcluServ, this describes the limits of how we will use your information and process it.

Provision of Service:

  • This is the primary purpose for which we process the data, and is to provide you with the services you have contracted with us.
  • Providing technical support.
  • Review and feedback of service provided.

Communication with You:

  • In relation to existing services contracted.
  • To respond to a request for information from you.
  • To make you aware of related services being offered by ExcluServ.

Related Purposes such as:

  • Verifying your identity.
  • Informing you of updates or additional services related to your account.
  • Delivering training and guidance related to the services you subscribed to.
  • Compliance with relevant laws and regulations (including AML).

By entering into a contract with ExcluServ, you agree that we may collect, hold and use your personal information in the way described in this Policy. ExcluServ will not use your personal data for any purpose other than that described in this Policy, unless we have your express permission or instruction to do so.

Information provided by you about others

For you as a data controller, providing ExcluServ with personal data relating to your data subjects, enable us to process it on your behalf.

In most cases (Outsourcing, Consulting and Software services), we are required to collect and process information about others from you as part of our service delivery. This makes us a data processor in these cases.

Our responsibilities

ExcluServ will process all data in accordance with the process that is agreed with you as the data controller. We will establish processes and procedures that keep the data secure and we will not share it with any other third parties, nor use it for any other purposes.

We will work with you fully to support any GDPR compliance requirements, and where appropriate change our working practice to meet your needs. We will advise you of areas that we become aware of within your own processing, that in our opinion compromise the GDPR compliance.

Your responsibilities:

It remains your responsibility, as the data controller, to comply fully with GDPR in relation to this data, including:

  • You must ensure you are authorised to disclose such information and for it to be processed by ExcluServ in the manner requested.
  • You must ensure that the individuals concerned are aware that their personal information is being collected and for what purpose, who the intended recipients of the information are and of their right to obtain access to that information.
  • You must ensure that your own systems and processes in relation to such data are compliant.

Data Access Requests

  • In cases where there is a subject access request, this should always be directed to you as a data controller. You may request assistance from ExcluServ in this matter. ExcluServ will do all it can to assist in these requests.

ExcluServ protects your data

For you as a direct customer, associate, staff member or subscriber to ExcluServ, but also as a data controller for the data provided to ExcluServ to process.

Across all services

ExcluServ will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

ExcluServ use trusted third-party service providers for the processing and storage of personal information. These all have their own privacy policies to be compliant with GDPR and data transfer protocols. Some of these providers store data outside of the EU, mainly in the United States.  While we carefully select our third-party service providers, ExcluServ is not responsible for the privacy policies or practices of any third party.

Information that ExcluServ collects may be stored and processed in and transferred between any of the countries in which ExcluServ operates to enable the use of the information in accordance with this privacy policy. You agree to such cross-border transfers of personal information.

For data integration services

ExcluServ facilitates the transfer of data between two systems both of which are under your control.

  • ExcluServ is the data processor and you are the data controller.
  • ExcluServ’s software hosting provider is based in Germany within a secure data centre facility.
  • ExcluServ’s integration software uses secure authentication and data transfer protocols to ensure that any personal data is protected, at all stages within the transfer.

Data Breach

In the unlikely event that a breach of data privacy occurs, ExcluServ will inform you as soon as we become aware.

Where the breach affects data that is owned by you as the data controller it will be your responsibility to notify the data subjects affected.

Sharing your data

This section applies to both data being handled as a data controller (our own customers, staff and associates) and as a data processor (your data, and your staff, customers, supporters etc).

ExcluServ commits to only use your personal information for the intended purpose and service delivery. It might be necessary to share this information with carefully selected third parties where they facilitate this service delivery, but only in cases where this is required, and limited to that purpose.

On principle, ExcluServ will never otherwise share your information with a third party, unless we have your express consent. There are a limited number of instances where we are legally required to do so (such as with HMRC) to comply with legislation and processes. Where that disclosure is required, we will inform you, unless we are prevented from doing so by law.

Data Retention

This section relates to Data in both Categories. Personal data of our customers, staff, associates and subscribers, but also data that we are processing on behalf of our clients.

Any personal information we hold will only be kept for as long as it is required to provide the requested service.

Where appropriate, the data will be moved so that it is only on the data controller’s own systems. It will then be the responsibility of the data controller to manage that data in accordance with GDPR.

In some cases, we have a legal obligation to keep your information for a specified amount of time, which might be longer than the intended purpose (e.g. due diligence information required to comply with laws relating to money laundering, the required period for retention of financial records).

Data Subject Access Request

This section relates to your rights as a Data Subject: customer, associate, staff member or subscriber of ExcluServ

Under GDPR, you have a number of rights as a Data Subject. These include, but are not limited to:

  • You have the right to request access to the information that we hold about you, and to request updates to such information.
  • If you become aware of any inaccuracy in the personal data that we hold about you, you should inform us and we will correct it appropriately.
  • If you wish for any of your personal data to be removed, this will be deleted as far as is legally permitted.
  • If you wish to change our records on how we should communicate with you then you may request that.

Any such requests should be submitted in e-mail to info@excluserv.com, or in writing to ExcluServ’s registered address.

Unless we are legally prohibited from providing this information, we will process your request as soon as is practicable, and within 40 days of receiving your request. If we are unable to process your request, we will let you know why.

ExcluServ will not process your data in order to arrive at an automated decision.

If you have a complaint about how your personal information is handled, you should provide full details either to:

  • e-mail to info@excluserv.com
  • letter to The Data Privacy Officer, ExcluServ Ltd, 133 Deepcut Bridge Road, Camberley, GU16 6SD

Policy may be updated from time to time

ExcluServ has the right to change this Policy when needed. Such changes will become effective when posted to this Website. We will make a reasonable effort to communicate any significant changes via email, but your continued use of our services will be deemed as your acceptance and agreement to our policy.