Privacy Policy - General System &  Excession

Subheading to be provided - or it can be deleted

TOPICS COVERED

Please read the following carefully to understand how we will treat your personal data.

ABOUT US

General System is the collective trading name of the following companies registered in England and Wales: General System Group Limited (Company Number 13920622), General System Corporation Limited (Company Number 14122783) and Excession Technologies Limited (Company Number 10098147) whose registered offices are at 11 Leadenhall Street, London EC3V 1LP.

General System Corporation Limited and Excession Technologies Limited are the data controllers in respect of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.

"General System” / “Excession Technologies" / "we" / "our" / "us" are committed to protecting and respecting your privacy. This policy and our cookies policy set out the basis on which we process any personal data that we collect from, or is provided to us by, visitors to our websites (https://generalsystem.com/ and https://excession.co/), our customers/prospective customers or their employees/representatives,employees/representatives of our suppliers, customer/suppliers of our customers orsuppliers, our shareholders, visitors to our premises, relatives and emergency contacts of our employees, employment referees, witnesses of legal documentation and other people  who otherwise interact with us (“you”).

1.WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT

We collect personal data so that we can operate effectively and provide you with the best possible service. The information we collect depends on the context of your interactions withus and our website and how you use our products and services. It also depends on the choices you make when using our website, for example the functions you use and your privacy settings. You may choose not to provide certain information but if you do, and that information is necessary to provide a particular feature, then you may not be able to use that feature. We will only use your personal data where we have a lawful basis to do so.

The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.

This privacy policy does not apply to data we process in our app/platform, i.e. data, text, messages, communications or other materials submitted to and stored within our platform byusers. We have a separate App Privacy Policy, which users receive when they access our app/platform.

Our customers (or prospective customers) and their employees/representatives

What information will we collect about you?

Name, email address, callsign and phone number. Employment organisation and address, your role. Username, password and security information. Feedback, questions and other information you provide when you contact us (e.g. for customer support).

How will we collect information about you?

Collected when you sign up for an account with us, contact our customer services team or place an order for our products and services. Collected directly from you through our website, by email, face-to-face or by telephone when you contact us with an enquiry or ask for information. Collected from managers or administrators at customer organisations.

Why are we processing information about you?

To perform essential business operations. To provide and improve our services. To provide customer support, including dealing with enquiries, correspondence and complaints, and to manage your account with us. To protect the security of our website and products, and to prevent fraud. To process orders placed with us. To complete any transactions or provide any products and/orservices you have ordered. To communicate and personalise communications with you regarding information about products or services that you request from us, and forsales and contracting purposes. To enable us to bid for tenders. To store details used during the sales or procurement process in our CRM/record-keepping system.

What is our legal basis for processing information about you?

To allow us to perform our contract with you. To enable us to pursue our legitimate interests to:
deliver services or products that you request; improve our services; maintain the security of our computer systems;
protect our rights; establish and/or maintain a business relationship with you (or your employer, if you are employed by a prospective customer); and provide information on products or services that may be of value to your business.

What information will we collect about you?

Device and usage data including IP addresses and device identifiers. Device event information including crashlogs, hardware settings, browser type and browser language. Location information.

How will we collect information about you?

Automatically collected and stored in our server logs when you interact with our website and/or our products. Collected from IP address, GPS and other sensors.

Why are we processing information about you?

To improve your experience of our website, for example to offer you tailored content. To protect the security of our website and products, and to prevent fraud. To communicate and personalise communications with you regarding information, products and services that you request from us.

What is our legal basis for processing information about you?

To enable us to pursue our legitimate interests to: understand how our site isused; improve user experience of our site; maintain the security of our computer site; and protect our rights.

Employees/representatives of our suppliers

What information will we collect about you?

Name, email address, phone number. Employment organisation and address, your rol.

How will we collect information about you?

Collected directly from you by email, face-to-face or by telephone when you contact us. Collected from managers or administrators at supplier organisations. Collected when you give us business cards and other contact information. 

Why are we processing information about you?

To perform essential business operations. To protect the security of our website and products, and to prevent fraud. To ask you for information about your products or services, and for sales and contracting purposes. To evaluate suppliers and respond to customer tender/bids as part of the sale process. To store details used during the sales or procurement process in our record-keeping system.

What is our legal basis for processing information about you?

To allow us to perform our contract with the supplier. To enable us to pursue our legitimate interests to: deliver services to our customers; improve our services; maintain the security of our computer systems; protect our rights; and establish and/or maintain a business relationship with you (or your employer).

What information will we collect about you?

Device and usage data including IP addresses and device identifiers. Device event information including crash logs, hardware settings, browser type and browser language. Location information.

How will we collect information about you?

Automatically collected and stored in our server logs when you interact with our website and/or our products. Collected from IP address, GPS and other sensors.

Why are we processing information about you?

To improve your experience of our website, for example to offer you tailored content. To protect the security of our website and products, and to prevent fraud. To communicate and personalise communications with you regarding information, products and services that you request from us.

What is our legal basis for processing information about you?

To enable us to pursue our legitimate interests to: understand how our site is used; improve user experience of our site; maintain the security of our computer site; and protect our rights.

Customers/suppliers of our customers or suppliers

What information will we collect about you?

Name, email address and phone number. Employment organisation and address.

How will we collect information about you?

Collected directly from you by email, face-to-face or by telephone when you contact us with an enquiry or ask for information. 

Why are we processing information about you?

To perform essential business operations. To provide and improve our services. To provide support, including dealing with enquiries, correspondence and complaints. To protect the security of our website and products, and to prevent fraud. To process orders placed with us. To complete any transactions or provide any products and/or services ordered by our customers. To communicate and personalise communications with you regarding information about products or services that you request from us, and for sales and contracting purposes. 

What is our legal basis for processing information about you?

To enable us to pursue our legitimate interests to: deliver services or products that our customers request; improve our services; maintain the security of our computer systems; protect our rights; and maintain a business relationship with our customers.

What information will we collect about you?

Device and usage data including IP addresses and device identifiers. Device event information including crash logs, hardware settings, browser type and browser language. Location information.

How will we collect information about you?

Automatically collected and stored in our server logs when you interact with our website and/or our products. Collected from IP address, GPS and other sensors.

Why are we processing information about you?

To improve user experience of our website, for example to offer you tailored content. To protect the security of our website and products, and to prevent fraud. To communicate and personalise communications with you regarding information, products and services that you request from us.

What is our legal basis for processing information about you?

To enable us to pursue our legitimate interests to: understand how our site is used; improve user experience of our site; maintain the security of our computer site; and protect our rights.

Visitors to our websites (https://generalsystem.com/ and https://excession.co/) and other people who contact or interact with us

What information will we collect about you?

Name, address, email address and phone number. Employment address. Username, password and security information. Feedback, questions and other information you provide when you contact us (e.g. for customer support).

How will we collect information about you?

Collected when you sign up for an account with us, contact our customer services team or make an enquiry about our products and services. Collected directly from you through our website, by email, face-to-face or by telephone when you contact us with an enquiry or ask for information. 

Why are we processing information about you?

To perform essential business operations. To provide and improve our services. To provide customer support, including dealing with enquiries, correspondence and complaints, and to manage your account with us. To protect the security of our website and products, and to prevent fraud. To communicate and personalise communications with you regarding information about products and services that you request from us. To improve your experience of our website, for example to offer you tailored content. To protect the security of our website and products, and to prevent fraud. To communicate and personalise communications with you regarding information, products and services that you request from us. 

What is our legal basis for processing information about you?

To enable us to pursue our legitimate interests to: improve our services; provide information on our products and services; maintain the security of our computer systems; and protect our rights.

What information will we collect about you?

Device and usage data including IP addresses and device identifiers. Device event information including crash logs, hardware settings, browser type and browser language. Location information.

How will we collect information about you?

Automatically collected and stored in our server logs when you interact with our website and/or our products. Collected from IP address, GPS and other sensors.

Why are we processing information about you?

To improve your experience of our website, for example to offer you tailored content. To protect the security of our website and products, and to prevent fraud To communicate and personalise communications with you regarding information, products and services that you request from us.

What is our legal basis for processing information about you?

To enable us to pursue our legitimate interests to: understand how our site is used; improve user experience of our site; maintain the security of our computer systems; and protect our rights.

Our shareholders

What information will we collect about you?

Name, address, email address and phone number. Nationality, date of birth and gender. Shareholder information such as details of shareholding and shareholder reference number. Bank details Copies of ID such as passport, driving licence and utility bills.

How will we collect information about you?

Collected when we request this information from you by email, face-to-face or by telephone. 

Why are we processing information about you?

To notify you of financial results and other shareholder communications. To include you on our register of shareholders and to maintain it. To make dividend payments. To carry out background checks and anti-money laundering checks. To enable investors to identify shareholders. 

What is our legal basis for processing information about you?

To allow us to perform our contract with you. To enable us to pursue our legitimate interests: to produce and maintain shareholder records, announcements and communications; to review and respond to your enquiries and complaints; and for record-keepin g purposes. To comply with our legal obligations as a UK limited company.

Visitors to our premises, relatives and emergency contacts of our employees,employment referees and witnesses of legal documentation

What information will we collect about you?

Visitors: name, email address, employment organisation and address, your role, phone number.

How will we collect information about you?

Collected directly from you on entry to our premises or via the Business Cube. Collected when a meeting is arranged. Collected when you give us business cards and other contact information. Collected from you face-to-face or when you communicate with us.

Why are we processing information about you?

To record visitors to our premises. To provide visitors with entrance to and a security pass for the building. To diarise and confirm meetings.

What is our legal basis for processing information about you?

To comply with a legal obligation to maintain the security/safety of you, our staff and others at our premises. If you fail to provide your personal data on visiting our premises, this may result in you not being permitted entry. To enable us to pursue our legitimate interests to: protect the wellbeing and welfare of our staff; establish and/or maintain a business relationship with you or your employer; and provide information on products or services that may be of value to your business.

What information will we collect about you?

Witnesses: name, address, occupation.

How will we collect information about you?

Collected directly from you if you witness a signature on a contract.

Why are we processing information about you?

To ensure the validity of legal documentation.

What is our legal basis for processing information about you?

To enable us to pursue our legitimate interests to perform contracts with our customers and other third parties.

What information will we collect about you?

Emergency contacts: name, relationship to employee, contact phone number.

How will we collect information about you?

In-case-of-emergency contact details are collected from our employees.

Why are we processing information about you?

To communicate with you in the event of an incident concerning an employee who has elected you as next-of-kin or in-case-of-emergenc y contact.

What is our legal basis for processing information about you?

To comply with a legal obligation to maintain the security/safety of our staff and others at our premises To enable us to pursue our legitimate interests to protect the wellbeing and welfare of our staff.

What information will we collect about you?

Employment references: name, contact number, email address, organisation and job title, opinion about potential employee.

How will we collect information about you?

Employment reference contact details are collected from our prospective employees.

Why are we processing information about you?

To communicate with you regarding requests for information from you. To gather employment references as part of our hiring process.

What is our legal basis for processing information about you?

To enable us to pursue our legitimate interests to carry out background checks on potential employees.

More about the information we collect and why

We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data without consent (as set out in the sections above), this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used.

Where consent is required for our use of your personal data, we will ask you to positively opt-in and you may withdraw your consent at any time.

If you have any questions or require any further information regarding our use of your personal data, please contact our Data Protection Officer at dpo@excession.co.

2. CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

3. SHARING YOUR INFORMATION

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. You acknowledge that we may share your personal data with your consent or as necessary with selected third party service providers that support us in the performance of the activities set out in the sections above. 
  2. We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or otherwise to comply with the law. 
  3. We require all our third party service providers and other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.

Why might you share my personal data with third parties?

 We may share your personal data with third parties where required by law or it is necessary in order to provide you with our services or information you have requested, or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers, or to operate and maintain the security of our computer systems.

Which third party service providers process my personal data?

The following third party service providers process personal data about you for the following purposes:

Our customers/prospective customers and their employees/representatives 

We use Twilio and SendGrid, which are cloud communications platforms, to send communications to our customers by text message and email. You can access their privacy policy here: https://www.twilio.com/legal/privacy. 

We use Google Cloud Messaging to send push mobile notifications to send data or information to mobile devices. You can access their privacy policy here: https://policies.google.com/privacy 

We use AWS servers (London region for customers in UK and North Virginia for US customers). More information on AWS’s GDPR compliance can be found here: https://aws.amazon.com/compliance/gdpr-center/

We use Workbooks for our CRM system. You can access their privacy policy here: https://www.workbooks.com/legal/.

 We use Deskpro to provide customer support. You can access their privacy policy here: https://www.deskpro.com/legal/privacy/

We also use Google Workspace to store customer documents, and you can access their privacy policy here: https://policies.google.com/privacy?hl=en-US#intro

We also use Microsoft 365 to store customer documents, and you can access their privacy policy here: https://privacy.microsoft.com/en-gb/privacystatement

Our shareholders 

We use CreditSafe to carry out background checks and investigate the creditworthiness of our shareholders; they may be provided with your name, address, date of birth, nationality, passport or driving licence number to do this. You can access their privacy policy here: https://www.creditsafe.com/gb/en/legal/privacy-policy.html. 

We use Inform Direct, which is a company secretarial solution, and we provide them with details of shareholders to assist with company secretarial compliance, such as name and address. You can access their privacy policy here: https://www.informdirect.co.uk/privacy-policy/

We provide information to HMRC to comply with our legal obligations as a UK Limited company and in respect of EIS applications. We may provide HMRC with your name and address for these purposes. You can access their privacy policy here: https://www.gov.uk/government/publications/data-protection-act-dpa-information-hm-reve nue-and-customs-hold-about-you/data-protection-act-dpa-information-hm-revenue-and-c ustoms-hold-about-you

We use Google Workspace, to store shareholder documents. You can access their privacy policy here: https://policies.google.com/privacy?hl=en-US#intro. 

Relatives and emergency contacts of our employees, visitors to our premises, employment referees and witnesses of legal documentation

As our offices are located in a Business Cube building, Business Cube collects records of entrances and exits of visitors to the building and office floors. You can access their privacy policy here: https://www.businesscube.co.uk/privacy-and-cookies-policy.

We use Google Calendar to diarise visitor appointments. You can access their privacy policy here: https://policies.google.com/privacy?hl=en-US#intro. 

We use Google Drive to store signed documents and emergency contact information. You can access their privacy policy here: https://policies.google.com/privacy?hl=en-US#intro.

We use DocuSign to facilitate the electronic signature of legal documentation and store signed contracts. Their privacy policy can be accessed here: https://www.docusign.co.uk/company/privacy-policy.

Our employees may provide their emergency contact information via Slack or our HR system, People HR. Their privacy information is available, respectively, here: https://slack.com/intl/en-gb/trust/privacy/privacy-policy?geocode=en-gb and here: https://www.peoplehr.com/gdpr.html

Employees/ representatives of our suppliers

We use Google Drive to store supplier data. The Google Drive privacy policy can be found here: https://policies.google.com/privacy?hl=en-US#intro.

We use Workbooks for our CRM system. You can access their privacy policy here: https://www.workbooks.com/legal/

4. STORING YOUR INFORMATION

1. We will store and process the personal data that we hold about you within the United Kingdom/European Economic Area, unless you are an employee or representative of a US customer, supplier or prospective customer, when we may store and process your personal data in the US. 

2. Some of our third party service providers listed above are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK. 

3. Whenever we transfer your personal data out of the UK and EEA, we ensure it will have a similar degree of protection as it has in the UK, [by using special contracts approved by the European Commission and the Information Commissioner's Office. For further details, see European Commission: Model contracts for the transfer of personal data to third countries. 

4. We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations.

5. KEEPING YOUR INFORMATION SECURE

  1. All information that you provide to us is stored on secure servers. We have put in place appropriate measures to protect the security of your information. 
  2. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure. 
  3. You are responsible for keeping confidential any passwords that you have to access our services. Please do not share your password(s) with anyone else. If you lose control of your password, you may lose control over your personal data. If your password has been compromised for any reason, please let us know immediately by contacting us at: info@excession.co.

Our customers/prospective customers or their employees/representatives

Business cards received from business contacts are stored in the personal, combination-locked set of desk drawers of the person receiving them. Our representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers. All other data is stored electronically, in access and permission-restricted folders containing the data, such as in G Suite.

Specifically, customer data in Excession’s platform is stored in access and permission-restricted, firewalled accounts, logically separated according to each Organisation.

Each customer has a separate database in the CRM and we use strong encryption for any data transfers of customer data and use extensive RBAC as well as the principle of ‘least privilege’ to ensure data separation. The CRM system we use is ISO27001 accredited. We use password vaults to securely share passwords internally. Data is encrypted at rest.

Customer/suppliers of customers/suppliers

Data is stored in a separate part of the CRM for your company and in separate, access-restricted folders in Google Drive. Business cards received from business contacts are stored in the personal, combination-locked set of desk drawers of the person receiving them. Our representatives may record data in personal notebooks, which are

stored in their personal, combination-locked set of desk drawers.

Visitors to our websites (https://generalsystem.com/ and https://excession.co/) and other people who contact or interact with us

We store the personal data that you provide us with on our secure servers. Business cards received from business contacts are stored in the personal, combination-locked set of desk drawers of the person receiving them. Our

representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers. All other data is stored electronically, in access and permission-restricted folders containing the data, such as in G Suite.

Our shareholders

Business cards received from business contacts are stored in their personal, combination-locked set of desk drawers. Our representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers. Hard copies of shareholder agreements are stored in a locked filing cabinet. All other data is stored electronically, with specific access and rights permissions to the folders containing the data.

Relatives and emergency contacts of our employees, visitors to our premises,  employment referees, witnesses of legal documentation and individuals otherwise interacting with us

Our employees/representatives retain data of visitors in their individual Google Calendar diaries.

When a document is witnessed, the witness’ details are stored within the document in a specific folder on Google Drive or on DocuSign.

Details of emergency contacts are stored electronically in a specific folder on Google

Drive, with specific access and rights permissions to the folders containing the data.

Details of referees are retained on our secure email servers.

Employees/ representatives of our suppliers

Suppliers’ data is stored within their own ‘umbrella’ of their company within the CRM and in separate, access-restricted folders in G-Drive.

Business cards received from business contacts are stored in personal, combination-locked set of desk drawers. Our representatives may record data in personal notebooks, which are stored in their personal, combination-locked set of desk drawers.

6. YOUR RIGHTS

1. You have the right under data protection laws to access information held about you, subject to certain conditions, and to request its rectification or deletion.

2. If you would like to access, update or amend the information which we hold about you, or would like us to stop using your personal data, please contact info@excession.co.

Your rights in connection with your personal data

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. This right is subject to a number of exemptions, which allow information to be withheld in certain circumstances. For

example, where compliance would involve disclosing: information relating to another individual; data which consists of information that is subject to legal professional privilege; negotiations or confidential references.

By law, you have the right to:

  • Request correction or erasure of your personal data (unless we have the legal right to retain it). You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation that makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party. Change your data processing preferences at any time. If you have changed your mind, you can update your account settings by signing in to your account on the website or by contacting us by email at info@excession.co.

You should be aware that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the website, you may not be able to use the website as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.

If you want to exercise any of the above rights, please contact us by emailing us at info@excession.co.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where we are relying on your consent as the legal basis to process your personal data or a particular purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer at dpo@excession.co. Once we know that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

7. CHANGES TO THIS PRIVACY POLICY

We keep our privacy policy under regular review and will post any updates on this webpage. This privacy policy was last updated in June 2022.

8. HOW TO CONTACT US AND COMPLAINTS

1. If you have any questions about this privacy policy or how we handle your personal data, please contact our Data Protection Officer at dpo@excession.co.

2. If for any reason you are not happy with the way that we have handled your personal data, please contact us using the email address set out above. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office at: https://ico.org.uk/global/contact-us/ but we would appreciate the opportunity to address your concern first, so please contact us as above.

General System
Privacy Policy
|
terms of service
|
Carbon Reduction Plan
|
human trafficking statement
support.generalsystem.com
© Year General System
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept