Privacy Notice

This privacy notice explains how Compliance and Privacy Solutions Ltd. (CaPS Ltd.), a company registered in England number 11234093 (trading as CaPS Privacy and CaPS Compliance) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.

Data controller

Compliance and Privacy Solutions Ltd. Is designated as a Data Controller as defined by the General Data Protection Regulation and the Data Protection Act 2018. We make decisions about what data is collected and how it is used and with whom it is shared with. We can be contacted at dataprotection@caps-ltd.co.uk or by telephone on 0330 2020 601.

On what basis do we collect and process your data?

We process personal data for the purpose of providing our services to you (including online training) and for marketing purposes.  Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose.

Legitimate Interest.

We will collect and process personal data where it is in the legitimate interest of CaPS Ltd. to do so. Specifically, we use legitimate interest in relation to our clients and to identify prospective clients and if engaged, we continue to process personal data to manage our commercial relationship. This will include but not limited to the continued processing (retention) of records of our transactions and interactions. We will also conduct our B2B marketing activities under a Legitimate Interest basis.

CaPS Ltd. has conducted a Legitimate Interest Assessment and concludes that there is a justifiable necessity to process personal data under this purpose. In our assessment, CaPS Ltd.’s interests do not override that of the data subjects. The data collected will not be used for any unlawful or unethical purpose.

Consent

We also conduct business to consumer (B2C) direct marketing in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. For us to comply with the PECR and the General Data Protection Regulation, we collect the consent of data subjects (sole traders, individual subscribers, and other partnerships). In providing us with consent to receive direct electronic marketing, you will have the ability to object and opt out of further marketing at any time.

We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required, and you are unable to give that information yourself.

We process the following data from our clients and prospective clients:

• Contact full name
  • Business address
  • Telephone number
  • Email address

Data Recipients and Data Transfers
We do not sell any of your personal data to any third party. CaPS Ltd. does share personal data with service providers such as trusted associates who support the delivery of our services. We use 3^rd party project management and information sharing platforms such as Trello and Slack. Whilst we store your data in UK accredited data centres, these 3^rd parties transfer your data to accredited data centres in the USA. This movement of personal data from the UK to the USA in these circumstances is legitimised using Standard Contractual Clauses.

Also, we may share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.

Any financial transactions conducted through ‘point of sale’ are handled by our card payment service provider, Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments, and dealing with complaints and queries relating to such payments and refunds.

We may disclose your personal data with law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We embed links to Facebook into our website. If you use these links, you will receive targeted advertising when visiting this platform.

The data we collect from our data subjects is obtained directly from the data subject themselves or is obtained from sources such as social media platforms. Please see our Cookie Policy for information on the data collected by our website.

Sensitive Information
CaPS Ltd. does not process special category data as defined by Article 9 of the GDPR.

Retention policy
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes. We will retain your data for periods we are obliged to do so for legal requirements. Financial data and client data will be held for typically 7 years following end of any commercial agreement.

Data storage and security
We store data within our own physical network and on cloud software services. We take care to ensure that data held locally is backed up to avoid accidental loss. Security of data is also provided by the accreditations of our cloud host this includes data backup regimes. Our computer terminals have industry standard firewalls, antivirus and anti-malware installed and updated. We have a process in place to mitigate the impact of any data breach that should occur.

Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. CaPS Ltd. is committed to upholding those rights and those applicable to the personal information we collect, and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/

• The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
  • Right of Access – you have the right to know what personal information is held, by whom and why.
  • The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
  • Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
  • Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
  • Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
  • Right to Object – You have the right to object to profiling and direct marketing
  • You also have rights in relation to automated decision making.

You have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk

Automated decision making
CaPS Ltd. does not conduct automated decision making.

Third party websites
Our website may contain links to other websites. This privacy policy only applies to CaPS Ltd., so if you follow a link to another website, you should read that organisations own privacy policy.

Changes to our privacy policy
We keep our privacy policy under review, and we will place any updates on our website. This privacy policy was last updated in September 2020

How to contact us
You can write to us at this address:
Compliance and Privacy Solutions Ltd.
Floor 2, South Wing, The Office

CBQ, Manor Royal West Sussex, RH10 9AD

Or, email dataprotection@caps-ltd.co.uk