Privacy Policy
At Surveil we respect the privacy of our staff, clients, and visitors to our website(s) and applications. This policy is concerned with how we collect information, what we do with it, and what controls you have over the information we collect.
We take our duty to process your personal data very seriously. This policy explains how we collect, manage, use, and protect your personal data.
We may change this policy from time to time to reflect the latest view of what we do with your information. Please check back frequently; you will be able to see if changes have been made by the date it was last updated.
Who Are We?
In this policy, references to Surveil, ITEXACT Limited, or to ‘we’ or ‘us’, are to ITEXACT Limited which is a company registered in England and Wales, at 2nd Floor, Woodside House, 261 Low Lane, Horsforth, Leeds, LS18 5NY, United Kingdom, Company No 6946307.
What Personal Data We Collect and How We Use It
Surveil are what is known as the ‘controller’ of the personal data you provide to us. We may collect basic personal data about you such as your name, postal address, telephone number, email address or your bank details if you are purchasing a product, service, or event registration from us.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data may include first name, last name, city you work in, country you work in, company you work for, department you work for, your given name, your job title, your office location, username or similar identifier, title
- Business Contact Data includes billing address, state, county, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or as may be configured within the Services. We use ZoomInfo and Google Analytics to gather insights on the IP addresses of those visiting the website, for the purposes of legitimate interest. No personally identifiable information is collected via ZoomInfo or Google Analytics, and only organisational domains are gathered.
- Profile Data includes your username, purchases or orders made by you, preferences, feedback and survey responses.
- Usage Data includes information about how you use the Services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses without your specific consent and under a separate agreement.
Why We Need It
We collect your personal data in connection with specific activities, such as campaign updates, newsletter requests, registration, product purchases, feedback, information you provide in public forums, at third party events or on our website(s) and social media.
The information is either needed to fulfil your request or to enable us to provide you with a more personalised service. You don’t have to disclose any of this information to browse our sites. However, if you choose to withhold requested information, we may not be able to provide you with certain services.
When Can We Use It
Any information collected by Surveil will only be processed lawfully in accordance with the UK GDPR, i.e. we will only process data based on:
- the data subject giving explicit consent to Surveil;
- it being necessary for the performance of a contract in which the client has signed up to;
- it being necessary for the purposes of the legitimate interests pursued by the controller or by a third party.)
Our Marketing
Sometimes, with your consent, we will process your personal data to provide you with information about our work or our activities that you have requested or are expecting.
On other occasions, we may process personal data when we need to do this to fulfil a contract (for example, if you have purchased a service from us) or where we are required to do this by law or other regulations.
Surveil also processes your data when it is in our legitimate interests to do this and when these interests do not override your rights. Please see the section on ‘Legitimate Interest’ for more information.
How We Obtain Your Details
We will also hold information about your details so that we can respect your preferences for being contacted by us.
We collect your personal information in several ways:
- When you provide it to us directly;
- When you provide permission to other organisations to share it with us (including social media platforms such as Facebook or Twitter);
- When we collect it as you use our website;
- When you have given it to a third-party and you have provided permission to pass your information on to us;
- Through the use of third-party software, ZoomInfo, and its associated cookies (restricted to company details);
- Through the use of third-party software, Microsoft Clarity, and its associated cookies;
- From publicly available sources (where possible) to keep your information up to date (e.g., the Post Office’s National Change of Address database).
We combine the information from these sources with the information you provide to us directly.
When providing permission for third-party organisations to share your data you should check their Privacy Policies carefully to understand fully how they will process your data.
Building Profiles of Contacts
The Company may make use of profiling and screening methods to produce relevant communications and provide a better experience for our contacts. Profiling can help us target our resources more effectively through gaining an insight into the background of our contacts and helping us to build relationships that are appropriate to their interests and requirements.
To do this we may use additional external sources of data to increase and enhance the information we hold about you. This may include obtaining details of changes of role, telephone numbers and other contact details, and consumption and demographic data generated through publicly available resources. It may include information from public registers and other publicly available sources such as Companies House, newspapers, and magazines.
If you do not wish your data to be used in any of the ways listed above or have questions about this, then please let us know, using the contact form on our ‘Contact Us’ page.
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
We set out below in a table format, a summary of all the ways we will use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
To register a new customer |
(a) Identity (b) Contact |
Performance of a contract with you |
To process and deliver an order including: |
(a) Identity |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
(a) Manage payments, fees and charges |
(b) Contact |
|
(b) Collect and recover money owed to us |
(c) Financial |
|
|
(d) Transaction |
|
(e) Marketing & Communications |
||
|
||
To manage our relationship with a customer which will include: |
(a) Identity |
(a) Performance of a contract with you |
(a) Notifying customers about changes to our terms or privacy policy |
(b) Contact |
(b) Necessary to comply with a legal obligation |
(b) Asking a customer to leave a review or take a survey |
(c) Profile |
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
|
(d) Marketing and |
|
|
Communications |
|
To enable you to partake in a prize draw, competition or complete a survey |
(a) Identity |
(a) Performance of a contract with you |
(b) Contact |
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
|
(c) Profile |
|
|
(d) Usage |
|
|
(e) Marketing and |
|
|
Communications |
|
|
To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) |
(b) Contact |
(b) Necessary to comply with a legal obligation |
|
(c) Technical |
||
To deliver relevant content and advertisements to customers and measure or understand the effectiveness of the advertising |
(a) Identity |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
(b) Contact |
||
(c) Profile |
||
(d) Usage |
||
(e) Marketing and |
||
Communications |
||
(f) Technical |
||
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
(a) Technical |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Services updated and relevant, to develop our business and to inform our marketing strategy) |
(b) Usage |
||
To make suggestions and recommendations about goods or services that may be of interest to you |
(a) Identity |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
(b) Contact |
||
(c) Technical |
||
(d) Usage |
||
(e) Profile |
||
To process employment applications. |
(a) Identity |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
(b) Contact |
||
To provide software to customers, including the Surveil suite of software and SaaS ; and professional and support services, including implementation and configuration. |
(a) Identity |
Performance of a contract with you. This is part of our Software value add features for the Customer |
(b) Contact |
||
(c) Technical |
||
(d) Usage |
||
(f) Technical |
||
To fix problems with our products, including answering support questions and resolving disputes. |
(a) Identity |
Performance of a contract with you |
(b) Contact |
||
|
(c) Profile |
|
|
(d) Usage |
|
|
(f) Technical |
We only disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations and the following:
We only disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations and the following:
- If you have agreed that we may do so
- When we use other companies to provide services on our behalf, e.g., processing, mailing or delivering orders, answering customers’ questions about products or services, sending mail and emails, customer analysis, assessment and profiling, when using auditors/advisors or processing credit/debit card payments
- To our subsidiaries or partners
- If we receive a complaint about any content you have posted or transmitted to or from one of our sites, to enforce or apply our End User License Agreements (EULA) or if we believe that we need to do so to protect and defend the rights, property or personal safety of Surveil, our websites and for other lawful purposes
- If we merge with another organisation to form a new entity, information may be transferred to the new entity
- We may disclose aggregate statistics about our site visitors, contacts, customers and sales to describe our services and operations to prospective partners, customers, advertisers and other reputable third parties and for other lawful purposes, but these statistics won’t include any personally identifying information
- If we run an event in partnership with other named organisations your details may need to be shared. We will be very clear what will happen to your data when you register
- If you have opted into training delivered by our accredited partner, Source Code Control (SCC) – you can view SCC’s privacy policy here
We will never sell or rent your personal information to other organisations.
Retaining Your Information
We hold your information for only as long as is necessary for each purpose we use it, and we will provide examples of some of our retentions in this paragraph to give you an idea of how long we hold your information for.
- With regards to ZoomInfo, consent can be withdrawn at any time
- If you are a customer or partner and we require your information to contact you about projects underway, we will need to retain your details
If you decide not to follow Surveil anymore or request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future and to ensure that we don’t accidentally duplicate information.
All the personal data we control is processed by our staff based in the UK, however for the purposes of IT hosting and maintenance your information may be situated outside of the UK and European Economic Area (EEA). These systems have policies in place to comply with the GDPR (UK and EU):
Freshworks (USA/India): Provides our CRM platform Going forward, our internal policy for IT hosting and maintenance is to ensure data is stored within the UK or the EEA, and data will only be stored outside the EEA where a requirement cannot be fulfilled within the EEA. In these cases, GDPR compliance through mechanisms such as the Data Bridge will be mandatory for the hosted solutions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You have a number of rights under data protection laws in relation to your personal data.
· Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
· Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
· Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
· Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
· You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes.
· Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
· [Withdraw consent at any time where we are relying on consent to process your personal data (see the table in section 4 for details of when we rely on your consent as the legal basis for using your data). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.]
· Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
· If you want us to establish the data’s accuracy;
· Where our use of the data is unlawful but you do not want us to erase it;
· Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
· You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you wish to talk through anything in our privacy policy, find out more about your rights or obtain a copy of the information we hold about you, please contact our team (details at the bottom of this page) who will be happy to help. If you wish to raise a complaint on how we have handled your personal data, you can contact our data protection officer who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the ICO.
Our data protection lead can be contacted at:
ITEXACT Limited trading as Surveil, St Martins House, Ockham Road South, East Horsley, KT24 6RX
Or via Email: privacy@surveil.co
Please note that emails may be monitored or recorded.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
For more information about your rights, please see ‘Your Rights’ in our Privacy Policy.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review. This version was last updated on 6 September 2024.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
Remember, you can change the way you hear from us or withdraw your permission for us to processing your personal data at any time by using the form on our Contact Us page or unsubscribing to email notification. You can read ZoomInfo’s privacy policy here.