Privacy Notice

Privacy Notice

This privacy notice explains how Compliance and Privacy Solutions Ltd. (CaPS Ltd.), a company registered in England number 11234093 (also known as CaPS Privacy, CaPS Compliance and CaPS Training) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing. This is not a contractual document for your agreement, it is simply information that we must and want to share with you.


Data controller

Compliance and Privacy Solutions Ltd. is as a Data Controller as defined by the UK General Data Protection Regulation and the Data Protection Act 2018. We make decisions about what and how personal data is collected, how it is used and with whom it is shared with. We can be contacted at or by telephone on 0330 2020 601. You can write to us at Freedom Works, Spectrum House, Beehive Ring Road, Gatwick, West Sussex, RH6 0LG


The purpose for processing your data and our basis for doing so.

We process personal data for the purpose of providing our compliance and training services to you and for marketing purposes. We obtain your data in different ways, such as at network meetings, through referrals and if you contact us directly. Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose.

We will collect and process personal data, such as name and contact details if you are a prospective client and continue to do so when you agree to use our services. We do this under the basis of a legitimate interest, which is Article 6.1.f of the UK GDPR. Our legitimate interest is to grow our business and provide our services to more clients.

If you do not provide the limited personal data we require, we will not be able to provide you with our services.

We sometimes conduct marketing activity and if you are part of a legal entity, such as a limited company, then we will do that under a legitimate interest basis which is Article 6.1.f of the UK GPDR.

To send emails directly to individuals or sole traders, we need to ensure we have your consent so that we comply with the Privacy and Electronic Communications Regulations 2003. There is an exception to that if we have already recorded your data as part of a provision of services to you (or had some detailed discussions about it).

If you have provided us consent for processing your data for marketing purposes, you can withdraw that consent at any time by contacting us using the above details.

We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required, and you are unable to give that information yourself. This is in accordance with Article 6.1.d UK GDPR.


Recipients of your data

As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:

  • It is possible, that we might be obliged to disclose personal information in response to a court order or other lawful obligation. Our lawful basis for this is Article 6.1.c -legal obligation.
  • Our external accountants will have some limited access to your personal data through the preparation of our accounts. Our lawful basis for this is Article 6.1.f – Legitimate Interest; we have a legitimate interest in having our accounts correctly managed and filed.
  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Our lawful basis for this is Article 6.1.f – Legitimate Interest; we have a legitimate interest to pursue money owed to us

Data processed by third parties on our behalf.

We use the services of other organisations in the processing your data. We use external accountants, cloud based email and document storage, video conference platforms, project management and communication platforms and our website processes limited personal data such as through our contact form. We use a cloud based customer relationship management platform to store contact data. Also, we may share your personal information with printing and mailing companies, as well as email service providers and other delivery companies. We embed links to Facebook into our website. If you use these links, you will receive targeted advertising when visiting this platform.
Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled securely in accordance with the UK GPDR.


Transferring your data outside of the UK

A small amount of personal data is used on our project management board and this data is stored in the US. The transfer of this data is covered using standard contractual clauses. All other data is stored in the UK or EU.


Retention policy

Personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes. We will retain your data for periods we are obliged to do so for legal requirements. Financial data and client data will be held for typically 7 years following end of any commercial agreement. Personal data used for training purposes will be retained for 2 years.


Your rights

The UK GDPR provide rights to you as the data subject and the relevant ones are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office A full and detailed explanation of all rights can be found at

  • The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy notice sets out that information
  • Right of Access – you have the right to know what personal information is held, by whom and why and to receive copies of your data.
  • The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
  • Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
  • Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
  • Right to Object – You have the right to object to profiling and direct marketing

You have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office

Changes to our privacy policy

We keep our privacy policy under review, and we will place any updates on our website. This privacy policy was last updated in June 2022