This privacy notice explains how Compliance and Privacy Solutions Ltd. (CaPS Ltd.), a company registered in England number 11234093 (also known as CaPS Privacy, CaPS Compliance and CaPS Training) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing. This is not a contractual document for your agreement, it is simply information that we must and want to share with you.
Compliance and Privacy Solutions Ltd. is as a Data Controller as defined by the UK General Data Protection Regulation and the Data Protection Act 2018. We make decisions about what and how personal data is collected, how it is used and with whom it is shared with. We can be contacted at firstname.lastname@example.org or by telephone on 0330 2020 601. You can write to us at Freedom Works, Spectrum House, Beehive Ring Road, Gatwick, West Sussex, RH6 0LG
We process personal data for the purpose of providing our compliance and training services to you and for marketing purposes. We obtain your data in different ways, such as at network meetings, through referrals and if you contact us directly. Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose.
We will collect and process personal data, such as name and contact details if you are a prospective client and continue to do so when you agree to use our services. We do this under the basis of a legitimate interest, which is Article 6.1.f of the UK GDPR. Our legitimate interest is to grow our business and provide our services to more clients.
If you do not provide the limited personal data we require, we will not be able to provide you with our services.
We sometimes conduct marketing activity and if you are part of a legal entity, such as a limited company, then we will do that under a legitimate interest basis which is Article 6.1.f of the UK GPDR.
To send emails directly to individuals or sole traders, we need to ensure we have your consent so that we comply with the Privacy and Electronic Communications Regulations 2003. There is an exception to that if we have already recorded your data as part of a provision of services to you (or had some detailed discussions about it).
If you have provided us consent for processing your data for marketing purposes, you can withdraw that consent at any time by contacting us using the above details.
We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required, and you are unable to give that information yourself. This is in accordance with Article 6.1.d UK GDPR.
As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:
We use the services of other organisations in the processing your data. We use external accountants, cloud based email and document storage, video conference platforms, project management and communication platforms and our website processes limited personal data such as through our contact form. We use a cloud based customer relationship management platform to store contact data. Also, we may share your personal information with printing and mailing companies, as well as email service providers and other delivery companies. We embed links to Facebook into our website. If you use these links, you will receive targeted advertising when visiting this platform.
Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled securely in accordance with the UK GPDR.
A small amount of personal data is used on our project management board and this data is stored in the US. The transfer of this data is covered using standard contractual clauses. All other data is stored in the UK or EU.
Personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes. We will retain your data for periods we are obliged to do so for legal requirements. Financial data and client data will be held for typically 7 years following end of any commercial agreement. Personal data used for training purposes will be retained for 2 years.
The UK GDPR provide rights to you as the data subject and the relevant ones are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
You have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk