This Exceed Outsourcing Privacy Policy was last updated on 27th February 2023

 

Definitions

“Exceed” means all companies within the Exceed Group.

This includes Exceed Outsourcing Limited, Exceed Umbrella Limited, Exceed PEO Limited and Exceed Business Services Limited.

Registered office address: Studio 3, Bridge Street Studios, 62 Bridge Street, Manchester, England, M3 3BW

 

Contents

  1. About this Privacy Policy
  2. Exceed Privacy Principles
  3. Collection of Personal Data
  4. The Types of Information We Collect
  5. Use and Disclosure of Personal Data
  6. Telephone Calls
  7. Security, Privacy and Integrity of Personal Data
  8. Links on our Website
  9. What is a Cookie?
  10. Access to Personally Identifiable Information
  11. Reviewing or Updating Your Personal Information
  12. Right to be Forgotten
  13. Right to Data Portability
  14. Data Location, Sub-Processors and Their Privacy Policies
  15. Software Providers, Network Providers and Consultancies
  16. Opting-Out
  17. Do Not Share
  18. Contact Us

 

1. About this Privacy Policy

Exceed is committed to keeping your information private. By ‘your information’ we mean any information about you that you or third parties provide to us.

Exceed has created this Privacy Policy (“Privacy Policy”) to:

  1. Inform you of our privacy practices, and the terms and conditions under which the data we collect from you will be used, shared, and otherwise treated.
  2. Protect the personal information we may gather from and about our customers via our website or other communication media available.

By using our websites, enquiry, applications forms or other communication media available, you consent to the collection, use and disclosure of your information, as described in this Privacy Policy.

For the avoidance of doubt our website includes our Home Page, www.exceedoutsourcing.co.uk

This Privacy Policy will advise how you can verify the accuracy of, and control certain uses of, the information you provide to us.

In addition, by accessing the Exceed website and providing personally identifiable/personal data about yourself (“Personal Information”), you agree to be bound by this Privacy Policy.

This Privacy Policy may be updated from time to time.

 

2. Exceed’s Privacy Principles

Exceed is committed to safeguarding the privacy of your information. By ‘your information’ we mean any information about you that you or third parties provide to us.

  • We will only collect and use your information where we have lawful grounds and legitimate business reasons to do so
  • We will be transparent in our dealings with you and will tell you about how we will collect and use your information
  • If we have collected your information for a particular purpose, we will not use it for anything else unless you have been informed and, where relevant, your permission obtained
  • We will not ask for more information than we need for the purposes for which we are collecting it
  • We will update our records when you inform us that your details have changed
  • We will continue to review and assess the quality of our information
  • We will implement and adhere to information retention policies relating to your information, and will ensure that your information is securely disposed of at the end of the appropriate retention period
  • We will observe the rights granted to you under applicable privacy and data protection laws, and will ensure that queries relating to privacy issues are promptly and transparently dealt with
  • We will train our staff on their privacy obligations
  • We will ensure we have appropriate physical and technological security measures to protect your information regardless of where it’s held
  • We will ensure that when we outsource any processes, the supplier has appropriate security measures in place and will contractually require them to comply with these Privacy Principles
  • We will ensure that suitable safeguards are in place before personal information is transferred to other countries

If you have questions or complaints regarding Exceed’s Privacy Policy or practices, send a request to us using one of the methods described in section 18 – Contact Us.

We will respond to you within a reasonable period unless otherwise required by law.

If you are not satisfied with our response, you can contact the Information Commissioner by visiting https://ico.org.uk.

 

3. Collection of Personal Data

Website users can access our Home Page and browse without disclosing any personal data.

During any visit to our website, the pages you see, along with something called a cookie, are downloaded to your computer. Most, if not all, websites do this, because cookies allow the website publisher to do useful things like find out whether the computer (and probably its user) has visited the site before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit.

Any information that is supplied by cookies can help us to provide you with a better service and assists us to analyse the profile of our visitors. For example: if on a previous visit you went to the ‘About Us’ page, then we might find this out from your cookie and highlight ‘About Us’ information on a second visit.

Aggregate information is passively collected by Exceed to monitor the use of our website. This does not contain any personal data, nor is it linked to personally identifiable information.

Any personal data gathered is volunteered by the data subjects if they submit a Commission Agreement, to receive any other type of incentive(s) or in connection with a lead or referral to supply information regarding the products or services we offer when requesting information regarding our products and services.

Any personal data gathered is volunteered, when you are asked to provide personal information, you may decline. If you choose not to provide the information, you may not be able to use the products or services we offer.

 

4. The Types of Information Exceed Collect

You may provide us with certain information in connection with a product or service we offer, or in your interactions with our website.

Personal data about the customers of Exceed is received if they, or their representatives, provide such information within the interactive areas of our website, or any other method of communication open to them.

Any personal data gathered via our website is volunteered by visitors to the public or interactive areas of our website. Exceed receives personal data about our website visitors if they submit an enquiry or application form online.

Other personal data gathered is volunteered by the public via telephone, email, or post, live support, or any via 3rd party channels such as website hosted advertisements, lead generations and employment agency referrals.

Where you provide information about others (for example ‘Referring a Friend’) you must ensure that you have their consent or are otherwise entitled to provide this information to us.

The personal information that Exceed may collect includes:

For consultations:

  • Contact information(such as name, telephone number and email address)

For referrals:

  • Contact information(such as name, gender, telephone number and email address)
  • Identity information(nationality, national insurance number)
  • Contract information(such as end client, job title, start date, end date, PAYE rate and limited rate)
  • Agency information(such as agency name, consultant name, contact number, and email)

For enquiries:

  • Contact information(such as name, address, telephone number and email address)
  • Identity information(such as date of birth, nationality, national insurance number)
  • Invoicing information(such contractual rate, assignment details and agency details)

For applications/sign up:

  • Personal details (such as name, title, gender, date of birth, occupation, marital status, Nationality and NI number)
  • Contact information(address, telephone number and email address)
  • Bank Details (sort code, account number, account name and bank name)
  • Other information (such as employment statement, student or postgraduate loan declaration, visa requirements, annual leave preference, right to work and identity checks)
  • Answers to Supervision, Direction or Control Questions (for construction industry contractors)

For employment:

  • Employment information(such as start date, employment income, expenses details, payment details, bank details, tax code, student loan, pension details, and entitlement to work)
  • Invoicing information(such as hours worked, contractual rate, assignment details and agency details)

For sub-contracting:

  • Sole Trader Information(such as start date, trading name, Unique Tax Reference, CIS Status and verification number, income, payment details, bank details)
  • Invoicing information(such as hours worked, contractual rate, assignment details and agency details)

For liaising with agencies:

  • Personal data about agency/end client current, past or prospective employees
  • Customer Information (such as personal data about its current, past or prospective agency or end client employees including name, address, employer, telephone number, date of birth, gender, nationality NI Number, town and country of birth and value of incentive(s)).

For general/other correspondence:

  • Employment related data such as employment income and enquiries, referrals or complaints
  • In correspondence with government institutions, recruitment agency(s), end client(s)
  • Methods can include emails, letters and telephone conversations (for more details, please see section 6 – Telephone Calls)

For marketing, competition, promotion, advertising activities, research, and development:

  • Marketing Information (such as name, address, telephone number, email address and IP address).

For processing pay:

  • Sensitive Data relating to health (including information about disabilities, and fitness to work), to enable processing of statutory pay, such as example sick pay

 

5. Use and Disclosure of Personal Data

Personal data received by Exceed is used only for the following purposes:

  1. Provide information about our products and services and/or communicate relevant information about the current product and services as necessary
  2. To administer your account and to provide the product and services you have requested from us
  3. To enforce compliance, or contractual obligations of Exceed or your employing company.
  4. To participate in and contribute to this database, as a condition of our Professional Passport Approved Provider status.
  5. To comply with any legal requirements
  6. Where you have provided consent Exceed may store, process, and use your Personal Information for marketing, promotion, advertising activities, research, and development. If you would like to opt-out of receiving marketing, promotion, advertising activities, research, and development from Exceed, please refer to section 16 – Opting Out.
  7. Where you have provided consent Exceed also reserves the right to share, transfer or otherwise disclose your Personal Information with trusted third parties that we believe may be able to provide you with valuable offers. If you would rather us not to share your Personal Information with any third party for their’ direct marketing purposes, let us know as per section 17 – Do Not Share.
  8. To transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our website.
  9. To prosecute and defend a court, arbitration, or similar legal proceeding.
  10. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  11. When we believe it is appropriate to do so to protect the rights, property, or safety of our company or other persons.

Personally identifiable information collected by Exceed is not used for purposes unrelated to the purpose for which the information was originally collected.

You may at any time tell us you:

  1. Would like to review, update your Personal Information from Exceed’s Database, as per to section 11 – Reviewing or Updating Your Personal Information.
  2. Would like to remove your Personal Information from Exceed’s Database, as per to section 12 – Right to be Forgotten.
  3. Would like to opt-out of receiving marketing emails or postal mail from Exceed, as per to section 16 – Opting Out.
  4. No longer want Exceed to share your Personal Information with third parties for such third parties own direct marketing purposes, as per section 17 – Do Not Share.

Exceed will seek written consent from data subjects prior to using their personal data in a manner which is different to that stated in our Privacy Policy when their data was received.

 

6. Telephone Calls

Telephone calls may be recorded or monitored for training, security and quality management purposes.

Recording customer conversations allows organisations to assess customer satisfaction, train and develop staff, review call quality, and have access to a verbal record of what is said in the event of a subsequent complaint.

How call recordings may be used:

  • Quality Monitoring – Written records only provide partial information. A call recording provides a more rounded view and allows us to better understand customer experience and assess the processes applied. This can help us identify any areas for improvement.
  • Training and Development – Listening to a sample number of calls, allows managers to identify training needs.
  • Gaining a better understanding of our customers – Many calls are verbally resolved without the need to complete any records. Listening to sample calls will help us better understand our customer needs.
  • Complaints and disputes – Some calls are verbally resolved. Where information is entered onto an electronic system this becomes the established record. In the event of a complaint or dispute, a call recording (if available), may provide additional information to help us investigate any allegations.

All recordings will be kept in accordance with the Data Protection Act. You can request a copy of your conversation using one of the methods described in section 18 – Contact Us.

 

7. Security, Privacy and Integrity of Personal Data

Exceed endeavours to protect the data transmitted from its website from unauthorised access or disclosure; to maintain data accuracy and completeness; and to ensure the appropriate use of information.

Security measures – including firewalls, encryption, and intrusion detection technology, back up procedures, external audits and encryption – are employed by Exceed to reduce vulnerabilities to security and privacy threats. Unique passwords and usernames are also required to log into the restricted interactive areas of our website.

Some personal data is held and processed by our Internet Service Provider. Such data is only held and processed for and on behalf of Exceed and under our instruction.

All members of staff are subject to strict confidentiality clauses in their contracts of employment. Access to personal or sensitive data is restricted to authorised employees.

Nonetheless, due to the inherent nature of the Internet, Exceed cannot guarantee the privacy of any information provided online and is not responsible for any breach of security.

 

8. Links on our Website

The website of Exceed does not enable visitors to communicate with other visitors or to post information to be publicly accessed by others.

Our website does not contain links to third party ad servers or allow them to place tracking devices on our website.

Our website may contain links to third party websites for users’ convenience and information. If a visitor clicks on these links, they will move to another website.

Exceed is not responsible for the data policies or procedures, or the content of third-party websites linked to our website.

 

9. What is a Cookie?

When you enter a website, your computer will automatically be issued with a cookie. Many sites do this whenever a user visits their site to track traffic flows.

Cookies are text files that identify your computer to our server. They do not identify the individual user, just the computer used.

Cookies only record those areas of the site that have been visited by the computer in question, and for how long.

Users can set their computers to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. If the user chooses not to receive cookies, then certain personalised services cannot then be provided to that user.

For more information, please see Exceed’s Cookie Policy.

 

10. Access to Personally Identifiable Information

Under applicable Data Protection Laws, data subjects may have the right to access the personal data held by Exceed in relation to them and to request that inaccuracies be amended or updated.

Individuals who wish to exercise such rights should contact Exceed. Any requests to access or amend personally identifiable information will be subject to rigorous ‘Know Your Client’ procedures.

These rights are known as Subject Access Requests and must be made to Exceed in writing, detailing the information that you require as per section 18 – Contact Us.

 

11. Reviewing or Updating Your Personal Information

At the start of your relationship with Exceed you will be provided with an application form which you can review, amend or update at sign up.

Any changes to Personal Information after this time must be notified in writing to Exceed at: info@exceedoutsourcing.co.uk.

Any changes may be verified by a member of the Exceed team as and when required.

 

12. Right to be Forgotten

If you would like to remove your Personal Information from our database, please contact Exceed as per section 18 – Contact Us.

Please note that your Personal Information is required to be kept by law for 7 years following the tax year end from the end of employment

 

13. Right to Data Portability

You can request your Personal Data that you have provided to be transferred to another data controller by providing the data controllers details to us as per section 18 – Contact Us.

Exceed will provide the personal data in a structured, commonly used and machine-readable form, such as CSV and will transfer using a secure method.

Please note that such requests may take up to one (1) month to fulfil.

 

14. Data Location, Sub-Processors and Privacy Policy Links

Your data is stored and processed in the UK in compliance with GDPR.

We also use data sub-processors, who may store and transfer data overseas (both within and outside the EU) as per their own Privacy Policies which are linked to below:

 

Access UK (People HR) – HR management for Exceed internal staff

Access UK – Privacy Policy

 

ANS Group – Website hosting provider for this website

ANS Group – Privacy Policy

 

Barclays – Banking Provider

Barclays – Privacy Policy

 

BrightPay – Payroll software used for outsourced payroll clients

BrightPay – Privacy Policy

 

BT (Ring Central)Cloud based telephone service

BT – Privacy Policy

 

Caunce O’Hara – Business insurance providers

Caunce O’Hara – Privacy Policy

 

DPN – Payroll software used for International outsourced payroll clients

DPN – Privacy Policy

 

Elite Group IT – IT support

Elite Group IT – Privacy Policy

 

Exclaimer – Email signatures for Exceed internal staff

Exclaimer – Privacy Policy

 

Feefo – Customer reviews platform

Feefo – Privacy Policy

 

Green Cloud – Cloud-based server/ hosted desktop providers

Green Cloud – Privacy Policy

 

HappyFox – Live chat on our website

HappyFox – Privacy Policy

 

Hootesuite – Managing social media incl customer messages

Hootesuite – Privacy Policy

 

Hurst – Auditors

Hurst – Privacy  Policy

 

Incendia Payment Solutions – Commission payments

Incendia – Privacy Policy

 

LinkedIn – Messages and comments

LinkedIn – Privacy Policy

 

Meta (inc Facebook, Messenger, Instagram, WhatsApp) – Live chat and comments

Meta – Privacy Policy

 

Microsoft – Used for file storage and email services

Microsoft – Privacy Policy

 

Modulr – Banking provider

Modulr – Privacy Policy

 

My Digital Accounts – Payroll software

My Digital Accounts – Privacy Policy

 

Park Retail (Love2Shop) – Incentives and Taxed Award Schemes

Park Retail – Privacy Policy

 

Professional Passport – Compliance and risk management accreditation

Professional Passport – Privacy Policy

 

Revolut – Banking Provider

Revolu – Privacy Policy

 

Reward Gateway – Employee/contractor recognition engagement platform (branded as ‘Contractor Rewards’)

Reward Gateway – Privacy Policy

 

SMS Magic – Used for sending SMS messages

SMS Magic – Privacy Policy

 

Text Anywhere – Used for sending SMS messages from My Digital

Text Anywhere – Privacy Policy

 

The Bean Counters – External accountants (cloud-based)

The Bean Counters

 

Xero – Accountancy software

Xero – Privacy Policy

 

Yoti – Digital right to work/ identity verification service

Yoti – Privacy Policy

 

 

15. Software Providers, Network Providers and Consultancies

Exceed uses several software providers, network providers and consultancy firms that, in instances where support is provided, may be able to access Exceed’s systems and incidentally see personal data.

 

16. Opting-Out

If you prefer not to receive marketing materials from Exceed, you can either:

  1. Unsubscribe from all Exceed marketing materials by contacting us through one of the methods described in section 18 – Contact Us.
  2. Unsubscribe from a particular Exceed marketing material by clicking the unsubscribe link relevant to that material.
  3. Update your Privacy Agreement in writing.

Please note this does not include receiving information regarding the product and services that you signed up to receive.

Please note that such requests may take up to one (1) month to become effective.

 

17. Do Not Share

If you do not wish to have Personal Information collected by Exceed shared with third party organisations for their own direct marketing or promotional purposes, you can have your name placed on a “Do Not Share” list by sending a request to us using one of the methods described in section 18 – Contact Us.

If we did not receive your “Do Not Share” request prior to having shared, transferred or otherwise disclosed your Personal Information, Exceed may not have any ability to control the use of such data by third parties (and we undertake no obligation to do so), so you agree that Exceed will have no responsibility or liability whatsoever as a result of the use of such data by such third party.

Please note that “Do Not Share” will only restrict the transfer, sale, assignment or otherwise disposal of Personal Information to third parties that are not required to undertake our duties of performing the administration services in relation to your employment. For the avoidance of doubt, this means that personal information will still be shared and used to comply with any relevant contractual, legislative and regulatory requirements. This includes to statutory bodies, recruitment companies, agencies and end clients, electronic identification checking services, and other such entities and services to enable us to perform our administration of your employment.

 

18. Contact Exceed About This Privacy Policy

If you have any concerns or comments regarding this Privacy Policy, please email, telephone, or write to Exceed at:

Email: dataprotectionofficer@exceedoutsourcing.co.uk

Telephone: 0800 612 8787

Exceed Data Protection Officer

Studio 3, Bridge Street Studios

62 Bridge Street

Manchester

M3 3BW