Privacy Notice
This privacy notice explains, how CaPS Ltd. uses the personal information we collect from Data Subjects, either through using our website or in any other way, electronically, verbally or in writing.
Topics:
• Data controller
• Basis for collecting your data (Lawful processing)
• Marketing
• Recipients of data and data transfers
• Sensitive Information
• Categories and type of Personal Data collected
• Cookies
• Retention policy
• Your Rights as a data subject
• Automated decision making

Data controller
CaPS Ltd. is a data controller as defined by the General Data Protection Regulations. CaPS Ltd. has designated Mr. Derek Mann as the Data Controller and can be contacted by email at derek.mann@caps-ltd.co.uk or telephone number +44 (0)1293 279770.

On what basis do we collect and process your data? (known as lawful processing)
We conduct data processing for the purpose of conducting our business, which includes developing and growing our business, delivering consultancy services, engaging associate contractors. Data Privacy law defines the basis by which we can lawfully collect and process personal data. For our data processing purposes, we have determined the following:

Legitimate Interest.
We will collect and process personal data where it is in the legitimate interest of CaPS Ltd. to do so. Specifically, we use legitimate interest in relation to our clients and in order to identify prospective clients and if engaged, we continue to process personal data to manage our commercial relationship. This will include but not limited to the continued processing (retention) of records of our transactions and interactions. CaPS Ltd has conducted a Legitimate Interest Assessment and conclude that there is a justifiable necessity to process personal data under this purpose and that the balance of rights of the Data Subject and CaPS Ltd has been reviewed. In our opinion, CaPS Ltd.’s interests do not override that of the data subjects. The data collected will not be used for any unlawful or unethical purpose.

In pursuance of a Contract.
We will collect personal data when engaging with individuals to enter into a contract, such as a consultant service contract. We will continue to process that data for the duration and often subsequently after the contract expires or is terminated.

Marketing
CaPS Ltd. undertakes marketing activities in order to inform current and potential customers of the latest services we offer as well as updates to guidance and legislation The purpose of this marketing is to grow our business.

Business to Business – We conduct business to business (B2B) direct marketing in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. In order for us to comply with the PECR and the General Data Protection Regulations we have conducted a Legitimate Interest Assessment (LIA) to ensure our marketing activities do not put at risk, the rights and freedoms of data subjects. This LIA will be reviewed regularly as we undertake marketing campaigns.

As we conduct B2B marketing, we do not require consent, however, as a data subject receiving these communications via email, you have the right to object to receiving marketing material and will have the option to opt out on every marketing email you receive.

Business to Consumer – We also conduct business to customer (B2C) direct marketing in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. In order for us to comply with the PECR and the General Data Protection Regulations we collect the consent of data subjects (sole traders, individual subscribers and other partnerships). In providing us with consent to receive direct electronic marketing, you will have the ability to object and opt out of further marketing at any time.

Data recipients and data transfers
We do not sell any of your personal data to any third party – including your name, address, email address or credit card information. CaPS Ltd. share personal data with service providers such as accountants and insurance brokers.

Also, we may share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.

Any financial transactions conducted through point of sale are handled by our card payment service provider, Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

We may disclose your personal data with law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Data is transferred within the EEA and the USA via our accountancy (Quickbooks) cloud platforms. The USA’s ‘Privacy Shield’ data protection framework has been approved by the EU data protection working party to process EU citizen personal data.

Sensitive information
CaPS Ltd. does not process sensitive data as defined by Article 9 of the GDPR.

Categories and types of data we collect
CaPS Ltd. processes non-sensitive data. For our associates we process:

• Name
• Address
• Phone number
• Email Address
• Date of Birth
• CV
• References
• Passport
• Signature
• Driving Licence
• Disciplinary
• Bank account
• Accreditation/ Certificates
• Photograph
• Name of emergency contact
• Phone number of emergency contact
• Relationship of emergency contact

We process the following data of our clients:

• Contact Name
• Address
• Phone number
• Email address

We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or other any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.

The data we collect from our data subjects is obtained directly from the data subject themselves or is obtained from sources such as social media platforms. Please see our Cookie Policy for information on the data collected by our website.

Cookies from our website
To make our website work properly, we sometimes place small data files called cookies onto your device.

What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?
A number of our pages use cookies to remember:
• your display preferences, such as contrast colour settings or font size
• if you have already replied to a survey pop-up that asks you if the content was helpful or not (so you won’t be asked again)
• if you have agreed (or not) to our use of cookies on this site
• analytical purposes

The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.

How to control cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Cookies we use are:
_gid Tracking Google Analytics used to store and update a unique value for each page visited.
_ga Tracking Used to calculate visitor, session and campaign data for the sites analytics reports. By default, it is set to expire after 2 years
_gat
Tracking Used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.

Retention policy
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC rules. Outside of that CaPS Ltd. has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes. Financial data and associate data will be held for typically 7 years.

Data storage and security
We store data within our own physical network. We take care to ensure that data held locally is backed up to avoid accidental loss. Security of data is also provided by the accreditations of our cloud host this includes data backup regimes. Our computer terminals have industry standard firewalls, antivirus and anti-malware installed and updated. We have a process in place to mitigate the impact of any data breach that should occur.

Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. CaPS Ltd. is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
• The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
• Right of Access – you have the right to know what personal information is held, by whom and why.
• The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
• Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
• Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
• Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
• Right to Object – You have the right to object to profiling and direct marketing
• You also have rights in relation to automated decision making.

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk

Automated decision making
CaPS Ltd. does not conduct automated decision making.

Third party websites
Our website may contain links to other websites. This privacy policy only applies to CaPS Ltd., so if you follow a link to another website, you should read that organisations own privacy policy.

Changes to our privacy policy
We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in June 2018

How to contact us
You can write to us at this address:
CaPS Ltd.
2 Ferndown, Horley, Surrey, RH6 8ED

Or, email dpo@caps-ltd.co.uk

×