This privacy notice explains how Compliance and Privacy Solutions Ltd. (CaPS Ltd.), a company registered in England number 11234093 (trading as CaPS Privacy and CaPS Compliance) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
Compliance and Privacy Solutions Ltd. Is designated as a Data Controller as defined by the General Data Protection Regulation and the Data Protection Act 2018. We make decisions about what data is collected and how it is used and with whom it is shared with. We can be contacted at email@example.com or by telephone on 0330 2020 601.
We process personal data for the purpose of providing our services to you (including online training) and for marketing purposes. Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose.
We will collect and process personal data where it is in the legitimate interest of CaPS Ltd. to do so. Specifically, we use legitimate interest in relation to our clients and to identify prospective clients and if engaged, we continue to process personal data to manage our commercial relationship. This will include but not limited to the continued processing (retention) of records of our transactions and interactions. We will also conduct our B2B marketing activities under a Legitimate Interest basis.
CaPS Ltd. has conducted a Legitimate Interest Assessment and concludes that there is a justifiable necessity to process personal data under this purpose. In our assessment, CaPS Ltd.’s interests do not override that of the data subjects. The data collected will not be used for any unlawful or unethical purpose.
We also conduct business to consumer (B2C) direct marketing in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. For us to comply with the PECR and the General Data Protection Regulation, we collect the consent of data subjects (sole traders, individual subscribers, and other partnerships). In providing us with consent to receive direct electronic marketing, you will have the ability to object and opt out of further marketing at any time.
We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required, and you are unable to give that information yourself.
We process the following data from our clients and prospective clients:
Data Recipients and Data Transfers
We do not sell any of your personal data to any third party. CaPS Ltd. does share personal data with service providers such as trusted associates who support the delivery of our services. We use 3rd party project management and information sharing platforms such as Trello and Slack. Whilst we store your data in UK accredited data centres, these 3rd parties transfer your data to accredited data centres in the USA. This movement of personal data from the UK to the USA in these circumstances is legitimised using Standard Contractual Clauses.
Also, we may share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.
Any financial transactions conducted through ‘point of sale’ are handled by our card payment service provider, Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments, and dealing with complaints and queries relating to such payments and refunds.
We may disclose your personal data with law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We embed links to Facebook into our website. If you use these links, you will receive targeted advertising when visiting this platform.
CaPS Ltd. does not process special category data as defined by Article 9 of the GDPR.
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes. We will retain your data for periods we are obliged to do so for legal requirements. Financial data and client data will be held for typically 7 years following end of any commercial agreement.
Data storage and security
We store data within our own physical network and on cloud software services. We take care to ensure that data held locally is backed up to avoid accidental loss. Security of data is also provided by the accreditations of our cloud host this includes data backup regimes. Our computer terminals have industry standard firewalls, antivirus and anti-malware installed and updated. We have a process in place to mitigate the impact of any data breach that should occur.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. CaPS Ltd. is committed to upholding those rights and those applicable to the personal information we collect, and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
You have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
CaPS Ltd. does not conduct automated decision making.
Third party websites
How to contact us
You can write to us at this address:
Compliance and Privacy Solutions Ltd.
Floor 2, South Wing, The Office
CBQ, Manor Royal West Sussex, RH10 9AD
Or, email firstname.lastname@example.org