Personal data and privacy are of utmost importance to us. We therefore maintain this Privacy Policy covering how we collect, use, transfer, and store personal data to afford a level of transparency so that you are informed and can manage your interaction with us.
By visiting our website or subscribing to receive communications from us, you are accepting the terms of this Privacy Policy. You are therefore encouraged to read this Policy before using or submitting information to us.
If anything is unclear, or if you have any questions relating to how we handle your personal data, please contact us by email: ga@eximiacomms.co.uk
We reserve the right to make changes to our Privacy Policy, so the information below may change from time-to-time. Last updated: 20/07/2020.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The prgaocessing of personal data is governed by the General Data Protection Regulation (the ‘GDPR’).
Who are we?
The Governance Academy is a partnership between Eximia Limited (‘Eximia’) and Round Governance Services Limited (‘RGS’). Eximia and RGS are both registered with the Information Commissioner as Data Controllers.
How do we process your personal data?
Eximia and RGS comply with their obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
What data do we collect and process as a data controller?
We collect, use, transfer, and store personal data for:
(1) Marketing purposes
Our marketing activities are business-to-business contacts and do not involve consumers, so the typical personal data we handle is: name, work email address, work telephone number, job title, employer name, LinkedIn profile URL (the information you might provide to us on a business card, at an industry event, or can be found online such as on LinkedIn). This information will be held:
In our email client (Mailchimp – https://mailchimp.com/legal/privacy)
Our activity is likely to consist of: Emails, direct mail, workshops and events, LinkedIn InMails and LinkedIn advertising.
Legal basis for processing: Legitimate business interests and explicit consent
We have considered the impact of using such information, and limit our use to only what is strictly proportionate, has a minimal privacy impact, and what a business contact would not be surprised or likely to object to.
We may also send email newsletters to those who subscribe to receive updates through our website. Legal basis for processing: Consent
If you complete our contact form, we will use this to respond to you. We will then store this information in our email client, which allows us to keep track of when we have communicated to ensure we are proportionate, relevant and not excessive in any future communications.
If you happen to receive any of our marketing communications, you may unsubscribe by clicking on the ‘unsubscribe’ link located on the bottom of our marketing emails, or by contacting us.
(2) To service client contracts
To communicate with clients and satisfy contractual commitments and services, we typically handle personal data such as: name, email address, telephone number, job title, employer name. This information will be held:
In emails (hosted by Google – https://policies.google.com/privacy?hl=en)
Accounting software (Xero – https://www.xero.com/uk/about/terms/privacy)
Our accountant and HMRC – Information in our accounting records will be shared with HMRC, the courts and our accountants as necessary to meet our legal obligations.
Where the above providers transfer personal data outside of the EEA, they only transfers to countries that have been identified as providing adequate protection or by entering into agreements using the EU Model Clauses.
Legal basis for processing: Legitimate business interests
(3) Legal requirement
We may share personal data to law enforemnet agencies if requested and we are required to do so by law.
What is the legal basis for processing your personal data?
Explicit consent of the data subject so that we can keep you informed about news, events, activities and services provided by us. Also, legitimate business interests, where only the company email address is relied upon, the communication is relevant and not excessive – in this instance, a clear unsubscribe option is always available.
Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with third parties with your consent or in order to facilitate our service to you via our chosen service providers.
Our service providers may perform service on our behalf, perform service-related tasks or assist us in analysing how our service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
How long do we keep your personal data?
The amount of time we hold your data varies according to the purpose we have for using it. However, we will not hold data for any longer than is necessary for the purposes we collected it. You can contact us for more details about specific retention periods.
Our website
Our website is an advertisement for our services. To improve our user experience, we collect some data derived from information about your activities on our website provided to us by Google Analytics. The insights provided by Google Analytics help us to better understand who our users are, where they come from, and their behaviours. We do collect cookies as a result of this – details of which can be found in our Cookie Policy.
Our emails
The information contained in our emails is confidential and may be subject to legal privilege. If you are not the intended recipient, you must not use, copy, distribute or disclose the email or any part of its contents or take any action in reliance on it. If you have received our email in error, please email the sender. All reasonable precautions have been taken to ensure no viruses are present in our emails, but we cannot guarantee this. The Governance Academy cannot accept responsibility for loss or damage arising from the use of our emails or attachments and recommend that you subject these to your virus checking procedures prior to use.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
Further processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Privacy Policies
To access the Privacy Policy of Eximia, click here.
To access the Privacy Policy of RGS, click here.
Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact Kerry Round by email at info@roundgovernance.co.uk
You can find out more information about data protection via the Information Commissioner's Office website: https://ico.org.uk/ and you can find their contact details here: https://ico.org.uk/global/contact-us/
Terms of use
Please see our Terms of use.
Use of cookies
Please see our Cookie policy.