Skip to content

Privacy Notice & Cookies Policy

At Exactive, we are committed to maintaining the trust and confidence of our visitors to our website and subscribers to our newsletter. Here you’ll find information on how we treat data that we collect from visitors to our website, or when someone requests a call back, or requests a consultation.

Newsletter or Event Sign Up

As part of the registration process for our e-newsletter or events, we collect personal information. We use that information for a few reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We will also use this to contact you on the lead up to any event you may have signed up for or to keep you updated on future events or product changes we may have. We don’t rent or trade email lists with other organisations and businesses.

We use a third party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp privacy notice.

We use a third party provided, EventBrite, to deliver our event sign ups. We gather statistics around sign up rates, ticket downloads and event attendance using industry standard technologies to help us monitor and improve our events ticketing process.  For more information please see EventBrite privacy notice

You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing

Links to Other Web Sites

This privacy notice does not cover the links within this site linking to other websites. Those sites are not governed by this Privacy Policy, and if you have questions about how a site uses your information, you’ll need to check that site’s privacy statement.

Six Lawful Basis for Processing Personal Data

Under the EU General Data Protection Regulation (GDPR) there are six lawful basis for processing personal data. These are detailed as follows:

  • Consent  The individual has given clear consent for you to process their personal data for a specific purpose
  • Contract – The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract
  • Legal Obligation –The processing is necessary for you to comply with the law (not including contractual obligations).
  • Vital Interests – The processing is necessary to protect someone’s life.
  • Public Task – The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law
  • Legitimate Interests – The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks).

Source:, February 2018.

The information relating to the six lawful basis for processing personal data is taken from the ICO website and the GDPR regulation documentation. Further information regarding the lawful basis for processing personal data can be found at

Legitimate Interest Assessment (LIA)

Exactive Ltd has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO. Based upon that assessment it is deemed that the rights and freedoms of the data subjects would not be overridden in our processing of the personal data and that in no way would a data subject be caused harm by Exactive Ltd processing. Based upon our segmentation by organisation and by specific job function, coupled with our processing of personal data within the context of a business environment, it is deemed that any processing of data will be limited to business matters, and therefore any risk of personal compromise is extremely unlikely. It is also deemed that direct marketing and sales is necessary in the context of following up with website visitors in order to better serve visitors and to generate business sales.

Per the ICO guidance, Exactive Ltd can confirm:

  • We have checked that legitimate interests is the most appropriate basis
  • We understand our responsibility to protect the individual’s interests
  • We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision
  • We have identified the relevant legitimate interests
  • We have checked that the processing is necessary and there is no less intrusive way to achieve the same result
  • We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests
  • We only use individuals’ data in ways they would reasonably expect
  • We are not using people’s data in ways they would find intrusive or which could cause them harm
  • We do not process the data of children
  • We have considered safeguards to reduce the impact where possible
  • We will always ensure there is an opt-out / ability to object
  • Our LIA did not identify a significant privacy impact, and therefore we do not require a DPIA
  • We keep our LIA under review every six months, and will repeat it if circumstances change
  • We include information about our legitimate interests in our privacy notice
How we Process Data

Exactive Ltd will process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) user the following guidance:

For fulfillment of contractual obligations 

Data is processed in order to provide unified communications and support services in the context of carrying out our contracts with our clients or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with our specific products (e.g. Skype for business, Microsoft Teams, Visual and Audio communication) and can include professional advice, IT management and support services, as well as carrying out transactions. You can find more specific details about the purposes of data processing in any relevant contract documents and terms and conditions.

In the context of legitimate interests

Where required, we may process your data beyond the actual fulfillment of the contract for the purposes of the legitimate interests. 

  • Reviewing and updating procedures for the purpose of direct client discussions
  • Marketing or market research, unless you have objected to the use of your data
  • Measures for business management and further development of services and products
  • Informing you about up and coming events that Exactive are involved with (at no point will we pass your details to a third party organiser)

Collection of your personal information

We will ask you when we need information that personally identifies you (personal information) or allows us to contact you. Generally, this information is requested when you are registering to download resources, join a limited-access area of our site, or sign up for an event or training. Personal information collected by Exactive Ltd often is limited to name, e-mail address, country and location based on IP address, but may include other information when needed to provide a service you have requested. Exactive Ltd uses a registration and authentication process when you contact us or sign up on our website, you will be asked to provide your e-mail address to sign you in. 

Use of your personal information

We use your personal information to:

  • Ensure our site is relevant to you
  • Allow you access to resources that you request or purchase (e.g. Training portals or white papers)
  • Alert you to product upgrades, special offers, updated information and other new services from Exactive Ltd
  • Allow you access to limited-entry areas of our site as appropriate and when applicable.
  • We use data processors to provide an external marketing resource on our behalf, including newsletter and email design, processing event registration & website maintenance. We will only provide those companies the information they need to deliver the service, and they are prohibited from using that information for any other purpose.

How we Procure Data

At Exactive Ltd we procure data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. The following are ways in which we collect and process data:

Business Data
Although business data is not relevant under GDPR, Exactive Ltd is committed to providing a transparent solution so that customers can effectively assess their own compliance. Exactive Ltd collects business data via the following methods:

  • Primary research – Exactive Ltd has a UK based in-house team who gather data relating to business from publicly available information, using search engines and other online tools to research global businesses.
  • Secondary research –Exactive Ltd has a UK based in-house team who use existing publicly available sources of data such as Companies House and the WebCheck service to enhance the business data.
  • Purchase –Exactive Ltd purchases business information from a number of selected third party data vendors who are vetted to ensure the quality and validity of the business data provided.

Personal Data
Exactive Ltd collection and processing of personal data is limited to:

  • First name
  • Last name
  • Email address
  • LinkedIN profile URL

Exactive Ltd procures this personal data in the following ways:

  • Primary research –Exactive Ltd has a UK based in-house team who gather data relating to key decision makers at organisations from publicly available sources including the website of each business.
  • Secondary research –Exactive Ltd has a UK based in-house team who use existing publicly available sources to gather the information relating to key decision makers from Register at Companies House, LinkedIn and company website pages.
  • Purchase –Exactive Ltd purchases data from selected third party data vendors with key segmentation criteria to ensure that only decision makers from registered businesses are procured. All third party data vendors have been checked for GDPR compliance and to ensure the validity and accuracy of data.
How we Ensure Data Validity and Currency

Exactive Ltd has a UK based in-house administration team who are responsible for ensuring the validity and currency of the data we store. The team systematically cleanse the data held within our cloud-based integrated business system, completing a full cleanse of both business and personal data at least once every 12 months. Any records found to be out of date are updated or purged.

The administration team use both manual methods as well as automated workflows to ensure the utmost validity and currency of data. Exactive Ltd takes data cleansing extremely seriously with data integrity specifically mentioned in our organisation’s marketing and operational strategy documents.

Data Storage and Retention

The data held within Exactive Ltd is processed and stored in the EU within secure Microsoft and/or Xero cloud-based environments.

Exactive Ltd has a continual cycle of cleansing and refreshing data, all data is verified at least once in a 12-month cycle. Any invalid records are then marked for deletion and purged.

Request to Object

Any individual who has been identified by Exactive Ltd has the right to object to receiving correspondence from Exactive. Should you wish to withdraw from Exactive Ltd processing your personal data, please make your request in writing:

By emailing:

Or by writing to:

Data Compliance, Exactive Ltd, Unit 3, Halbeath Interchange Business Park, Kingseat Rd, Dunfermline KY11 8RY

All requests will be processed within 30 days. Your details will be added to a suppression file to ensure that your details cannot be processed by Exactive Ltd in future. Please note that this applies only to the processing of your personally identifiable data, not that of the business data which does not fall under the remit of GDPR.

Request for Deletion

It is important to understand the difference between a right to object and a request for deletion. If you request deletion, we will remove any data we hold about you. If you are removed from our suppression files, there is a risk that your data may be processed again in the future if your details are re-added to our software by our data procurement team. If you do not wish for Exactive Ltd to process your personal data in the future, we would recommend you request to object rather than a request for deletion, as this will ensure that your details are always suppressed from processing.

The option, however, is yours, and in either case we will process your request within 30 days.

Please make your request in writing by emailing:

Or by writing to:

Data Compliance, Exactive Ltd, Unit 3, Halbeath Interchange Business Park, Kingseat Rd, Dunfermline KY11 8RY

Request for Data Held

You may request that we send you all of the data we hold that relates to you. Please make your request in writing;

By emailing:

Or by writing to:

Data Compliance, Exactive Ltd, Unit 3, Halbeath Interchange Business Park, Kingseat Rd, Dunfermline KY11 8RY

We will process and respond to your request within 30 days, this service will be free of charge.

This policy was last reviewed and updated on the 8th May 2018. Policies are periodically reviewed to ensure compliance with the current compliance environment.

For questions relating to this policy, please contact