Login | 01293 279 770

Prepared by Derek Mann RISC, MSyI(Dip), CMgr FCMI
March 2018
Privacy Policy

Compliance and Privacy Solutions Ltd (CaPS Ltd) provides consultancy and support services for small, medium and large sized businesses in relation to data privacy and compliance with regulatory frameworks.  This privacy policy explains in a clear and succinct way, how we use any personal information we collect about you, either through using our website, or in any other way, verbally or in writing.

  • Data controller and data protection officer
  • Basis for collecting your data (Lawful processing)
  • Legitimate Interests
  • Sensitive Information
  • Categories of Personal Data
  • Cookies
  • Recipients of data
  • Data transfers
  • Retention policy
  • Your Rights as a data subject
  • Automated decision making

Data controller and data protection officer

CaPS Ltd an organisation is a data controller and specifically, Mr. Derek Mann a company director, is CaPS Ltd nominated Data Controller. Mr. Mann can be contacted by email at derek.mann@caps-ltd.co.uk or telephone number +44 (0)1293 279 770.

On what basis do we collect and process your data? (known as lawful processing)

We collect information about you our clients or prospective clients in order to process your order, manage your account and if you agree by consenting at point of collection, to email you about other products and services. We also collect information when you voluntarily complete customer surveys and provide feedback. Our data is processed in the UK. The lawful basis on which we process your data is in the legitimate interests of CaPS Ltd. In identifying this lawful basis, we have conducted a ‘Legitimate Interest Assessment’ in order to be satisfied that the interests of CaPS Ltd do not override with your own legitimate rights and freedoms.

We also collect personal data during our associate engagement process which is used for the purpose of pre-engagement checks, ongoing engagement, and providing remuneration. This personal information is held and processed both on our internal IT and accounting system. Once again, we have identified the lawful basis as in the legitimate interest of CaPS Ltd.

The personal data we collect is provided as a contractual requirement. The possible consequences of not providing the required data, are that we may not be able to either offer associate engagement or engage commercially in the provision of data privacy and compliance consultancy services.

Legitimate Interests - Associates

In relation to the legitimate interests that determine our lawful processing, CaPS Ltd undertakes the processing of PII in relation to associates to ensure suitability for engagement and to discharge any statutory responsibilities in relation to HMRC requirements.

Both CaPS Ltd and the associate consultant benefit from this processing activity as it provides safeguards for CaPS Ltd and facilitates employment for the Data Subject.  If processing this data were not permitted, then the company could not operate and provide goods and services as well as not being able to offer employment opportunities. The data collected will not be used for any unlawful or unethical purpose.

Legitimate Interests - Clients

The processing of client data is undertaken in order to engage commercially and offer the most appropriate data privacy and compliance related service and products. In addition, we maintain an oversight of our clients to continue our support. CaPS Ltd and the client benefit from this processing activity as it provides opportunities to establish and sustain commercial relationships and to provide the most focused advice for the benefit of the client. If processing this data were not permitted, then the company could not operate and provide services.

CaPS Ltd has conducted a Legitimate Interest Assessment and conclude that there is a justifiable necessity to process personal data under this purpose and that the balance of rights of the Data Subject and CaPS Ltd has been reviewed. In our opinion, CaPS Ltd’s interests do not override that of the data subjects.

Sensitive Information

CaPS Ltd does not process sensitive data .

Categories of Data

CaPS Ltd processes non-sensitive data. We process: Name, Address, Telephone numbers, email address, bank account details.


Our website does not use 1st party or 3rd party cookies, we do not collect data from you during your interaction with our website.

Data recipients

Any personal data we collect, hold and process is retained within our own company servers based in the UK and on our accounts platform, Inuit Quickbooks. Inuit reside their data centres in the USA and are bound by the USA Privacy Shield Framework and are GDPR compliant. Access to data is restricted to those who have a legitimate reason to retrieve it, e.g. company directors and account managers.

Data transfers

Personal Data is transferred to the USA by our data processors through their cloud service provision. This complies with the GDPR international transfers requirements.

Retention policy

The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted as soon as practicable after termination of a commercial contract between us and in any case within 3 months. If you have consented to recieve markering information from us, we will retain your contact details for as long as the consent lasts.

Personal data collected and processed for Finance purposes will be held for the maximum time as determined by any legal requirement.

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. CaPS Ltd is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk.  A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/

  • The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
  • Right of Access – you have the right to know what personal information is held, by whom and why. You can send a Subject Access Request to see what personal information and any supplementary information relating to you is held by us. We will provide you with the information we hold within one month of your request, unless the provision of that information is particularly complex. In which case, we may extend the deadline by a further two months. This information will be provided free of charge unless you require multiple copies of the same information, in these circumstances, we retain the right to charge a reasonable administrative fee.
  • The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified. We will respond to your request for rectification within one month, unless the request is complex or multiple.
  • Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations, these include:
    • Where personal data is no longer necessary regarding the purpose for which it was originally collected
    • When you withdraw consent
    • When you oppose the processing and there is no superseding legitimate interest for continuing the processing
    • If the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)
    • If the personal data must be removed in order to comply with a legal obligation
    • If the personal data is processed in relation to the offer of information/ society services to a child.
  • Right to Restrict Processing –  If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified. The restriction of processing can occur for other reasons too, such as if you require us to retain your data in the advent of a legal claim.
  • Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  • You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk

Automated decision making

CaPS Ltd does not conduct any profiling or automated decision making.

Other websites

Our website contains links to other websites. This privacy policy only applies to CaPS Ltd’s website, so if you follow a link to another website, you should read their own privacy policy.

Changes to our privacy policy

We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in March 2018

How To Contact Us

You can write to CaPS Ltd at this address:
CaPS Ltd
2 Ferndown, Horley, Surrey, RH6 8ED

You can telephone CaPS Ltd on this number:
+44 (0)1293 279 770
You Can email CaPS Ltd by using This Link