This Privacy Notice was last modified on 1st September 2023. It will be reviewed every 12 months.
Generis Enterprise Technology Limited (referred to as “Generis”, “GETL”, “We, “Our” or “Us”) is committed to protecting the privacy and security of your personal data. We have developed this privacy notice to inform you of the data we collect, what we do with your data, what we do to keep it secure as well as the Rights you have over your personal data.
Throughout this notice we refer to data protection legislation which includes (but is not limited to) the UK GDPR, EU GDPR, and e-Privacy legislation such as the EU e-Privacy Directive and the UK Privacy Electronic Communication Regulation 2003 (“PECR”). This also includes any data protection laws that are updated or newly enforced from time to time.
This website privacy notice applies to all Generis websites:
Our main office is based in the United Kingdom (“UK”) and below are our contact details:
Post: Generis Enterprise Technology Limited, 239 Kensington High Street, London W8 6SN, United Kingdom. Email:[email protected]
Our UK office is registered with the Information Commissioners Office (the ICO) with registration number ZA824292.
We have a dedicated data protection team who can also be contacted via [email protected] who can help with data protection matters.
We have appointed an external data protection officer (DPO) and their details are as follows:
Leylands Business Park
Email: [email protected]
Phone: +44 (0)333 050 0111
Generis is both a data controller and a data processor and this notice sets out how we act as both roles.
This Privacy Notice explains what personal data Generis collects as a data controller in each of these cases, how we process your personal data and your rights.
If Generis processes data about you because it has been provided or collected by us on behalf of a Generis customer, we are acting as a data processor and this privacy notice does not apply. You should review the privacy notice of the Generis customer that collected your personal data and added it to our content and information management platform.
Who are we?
Who are we?
Generis is a leader in content and information management systems, specializing in proven solutions for regulated industries. CARA, the Company’s flagship product, is a leading content and information management platform providing ECM and EIM solutions.
The lawful bases we rely on as a data controller are detailed below with brief examples of when they may apply:
– Consent; to opt into marketing communications
– Contractual obligation; to enter contractual arrangements with customers.
– Vital interests; to know of any medical conditions to a visitor/guest to any one of our offices or events
– Legal obligation; for tax purposes
– Legitimate interests; to help answer any questions or concerns that may be sent to us from individuals who we may have no prior existing relationship with
How We Collect and Use Personal Data
Due to the different services we offer and our business activities, we collect personal data through different means such as:
When you visit our website.
When you send us an enquiry.
When you contact us via telephone, email or letter.
When you enter into contracts of service us.
When you sign up to receive newsletters and/or other promotional communications from us.
When you register for a Generis organised conference.
Through marketing lead generation sources.
When you contact or interact with us on social media.
To process payments and other financial activities.
To monitor website usage.
To seek your views or comments on the services we provide.
To notify you of changes to our services.
To handle an enquiry or complaint you have made.
Personal Data Processed
Depending on the service or business activity we may process the following types of personal data:
Recruitments and Criminal Data Processing
We have a separate recruitment privacy notice on our website which details how we process personal data in line with our recruitment activities. We advertise roles which may also require the need for background checks, which can involve criminal conviction data. This should not deter anyone from applying for any job roles with us as we review any criminal conviction data on a case-by-case basis.
Generis does not have official authority to conduct these checks and so we will utilise appropriate third parties who have official authority to conduct these checks on our behalf.
For more information to this you can contact us using our details above and view our Job Applicant Privacy Notice on our website.
Our services are not designed for children of any age. If we do become aware of any children’s data being processed, we will take all reasonable steps and efforts to remove their data where identified.
We do not sell, rent, or lease data pertaining to our customers or clients (including prospective’s) at any time.
Due to the nature of our business, there may be times we are required to share data with other departments or members of our organisation. Examples of this can include (but not limited to):
Please note there may also be instances where we may need to share data with a competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.
International Data Transfers
Due to the global nature of our organisation, there may be instances where we may need to transfer and share your data with other Generis employees or other organisations (e.g. vendors, service suppliers and sub processors, law enforcement bodies etc.) who are in the European Economic Area (The EU member states, Norway, Iceland, and Liechtenstein), in an adequate listed country or in other third countries who may not have robust or similar data protection laws to the UK/EEA. If we need to transfer your information globally where required, we will take steps to ensure that appropriate safeguards are taken. This includes
Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
Your Personal Data is only processed in a country which the UK Secretary of State or the European Commission has confirmed has an adequate level of protection (an adequacy decision); or
We enter into Standard Contractual Clauses (“SCCs”) with the receiving organisations and adopt supplementary measures, where necessary. (A copy of the SCCs can be found here Standard Contractual Clauses (SCCs)) .
We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).
We would like to send you marketing news and updates regarding our company, products and services should you like to receive them. You can always change your preferences (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You can opt out by contacting us directly using our details mentioned above.
This website contains links to other websites, which are clearly marked as such. Please note that we have no control over external websites and are not responsible for the protection and privacy of any information which you may provide to them. Please refer to a website’s privacy notice when using it.
We do not carry out any automated decision-making within our organisation. If this was to change, we will be sure to update this notice and provide details to when this would apply.
We regularly review our data retention practices ensuring we only retain personal data for as long as necessary in line with our data processing activities. We have created data retention policies and accompanying data retention schedules to help document relevant retention periods.
As a data controller we will retain personal data for as long as necessary in line with various requirements, such as, best practice recommendations (e.g. supervisory authority recommendations), relevant guidelines (e.g. employment guidance’s) or for as long as mandated under specific legislation (e.g. tax laws). We will also determine appropriate retention periods based on our legitimate interests where identified.
What Happens If Our Business Changes Hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will be permitted to use that data only for the purposes for which it was originally collected by us.
We are ISO 27001 certified, and copies of our certification is available upon request using our details above.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
If we become aware of any loss, misuse, alteration of personal data we will work closely with our security response and management team, DPO and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies to investigate, mitigate and report (when needed to relevant parties) such instances.
Data Protection Rights
You have certain rights in relation to the processing of your Personal Data, including to:
Right to be informed
You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
Right of access (commonly known as a “Subject Access Request”)
You have the right to receive a copy of the Personal Data we hold about you.
Right to rectification
You have the right to have any incomplete or inaccurate information we hold about you corrected.
Right to erasure (commonly known as the right to be forgotten)
You have the right to ask us to delete your Personal Data.
Right to object to processing
You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
Right to restrict processing
You have the right to restrict our use of your Personal Data.
Right to portability
You have the right to ask us to transfer your Personal Data to another party.
Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
Right to withdraw consent
If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
Right to lodge a complaint
You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data.
The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:
Contact us | ICO
Or by telephone on 0303 123 1113
How to exercise your rights
You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, you may contact us using the details set out above. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.
Review and Updates
We will review this notice and make changes to it from time to time. We will notify of the changes where required by applicable law to do so. We recommend that you check this notice from time to time to see where changes have been made.