Privacy Notice – May 2018

Introduction

We are The Compliance Facility Limited (trading as The Compliance Foundation) a company registered in England and Wales under company number 09763121 and with a registered office at The Old Casino, 28 Fourth Avenue, Hove, East Sussex, BN23 2PJ.

We are a data controller for the purposes of the General Data Protection Regulation 2016/679 (GDPR) and current UK Data Protection laws. Our ICO registration number is ZA194326.

The Compliance Facility Limited (trading as The Compliance Foundation) takes your privacy and the security of your personal information very seriously and as data controllers (together referred to as “we” or us”) are committed to protecting and respecting your privacy.

This Privacy Notice is designed to meet the requirements of the GDPR.

This notice (together with our Statutory disclosures and any other documents referred to on it) (“Privacy Notice”) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our approach and practices regarding your personal data and how we will treat it.

Information that you give, and we collect

  • Information you give us: You may give us information about you by filling in forms on our sites, by corresponding with us by phone, e-mail, by purchasing products or services from us or otherwise. This includes information you provide when you register to use our sites, subscribe to our service, participate in discussion boards or other social media functions on or via our sites, and when you report a problem with our sites. The information you give us may include your name, address, e-mail address and telephone number, financial and credit card information, personal description and photograph.
  • Information we collect about You: With regard to each of your visits to our sites we may automatically collect the following information:
    • Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
    • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse- overs), and methods used to browse away from the page and any phone number used to call our customer service number.
  • Information we receive from other sources. We may receive information about you if you use any other websites we operate or other services we provide. However, currently we do not operate other websites. We also work closely with third parties (including, for example, business partners, sub-contractors in technical services, advertising networks, analytics providers, search information providers) and may receive information about you from them.
  • Your data will only be used for the purpose it is collected by us and it will not be sold, distributed or leased to any third parties.

This information (that is given/collected) will allow us to:

  • Carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us;
  • Notify you about changes to our service;
  • Ensure that content from our sites is presented in the most effective manner for you and for your computer or other systems;
  • Administer our sites and for internal operations, including troubleshooting, data, analysis, testing, research, statistical and survey purposes;
  • Allow you to participate in interactive features of our service, when you choose to do so;
  • Help us keep our sites safe and secure;
  • Where appropriate, combine information collected from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Things we don’t do:

  • We don’t maintain, purchase or contribute to marketing lists
  • Marketing, other than through the maintenance of this website, periodic Twitter and other social media comment
  • Undertake profiling
  • Automated decision making.

Cookies

We use cookies to distinguish you from other users of our sites. A cookie is a small file which helps us to analyse web traffic and allows us to respond to you as an individual, tailoring our operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

A cookie does not give us access to your computer or the data stored on it. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy on our website.

Where we store and process your data

The nature of the work we do means that we tend to collect, process and pass on personal data in the course of the assignments that we work on, the provision of the products we offer, the contacts we receive or make in the course of our business and the corporate, financial, tax and legal administration of our business.

We aren’t in the business, except in exceptional circumstances, of taking or working with data dumps or databases. We may sometimes work for clients using data they give us access to but within their security protocols such as the use of Sharepoint and other systems where our access will depend on the nature and duration of the engagement.

The data we control is held via providers such as Google, Apple and PayPal on an encrypted basis and the hardware and systems we use are password and security controlled. Where we are working with, or on behalf of clients, we will comply with their relevant security protocols.

You can find more details on Google’s, Apple’s and Paypal’s approaches at:

https://policies.google.com/privacy/update

https://www.apple.com/privacy/approach-to-privacy/

https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev

We work predominantly within the EEA. However, the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). In this event we will ensure extra protection is in place and only transfer data to countries with adequate Data Protection arrangements, for example through the Privacy Shield.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.

If at any time we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, then you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

We only retain your data for so long as it is required in the course of the work we undertake, the performance of our legal obligations which may extend long after our particular contact or engagement has ended and to comply with any relevant, tax, legal or regulatory requirements. Where it is feasible and appropriate, we will anonymise data.

Our records are predominantly electronic and minimally hard copy. Our policy is to delete information when it is no longer required or necessary to carry out our obligations.

Sharing your data

We do not routinely share data. We do not contribute to or take marketing lists.

We may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
  • Business partners, suppliers, sub-contractors and contacts at your request, or with your agreement, where – for example – it facilitates the provision of services.
  • Our accountants and auditors and any authorities, such as HMRC, with whose requirements we must comply and in relation to which we must administer our business.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our sites.

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If The Compliance Facility Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements.
  • To protect the rights, property, or safety of The Compliance Facility Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud and other financial crime protection and credit risk reduction.

Accessing your data

You have the following rights under current Data Protection rules:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling (which we do not undertake).

You can exercise any of the above rights, including submitting an access request (Subject Access Request or SAR) by contacting us at info@thecompliancefoundation.com free of charge.

Your right to lodge a complaint with the ICO

If you feel that we have not handled information relating to you properly, or if you have contacted us about how we use that information and are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner’s Office.

By phone:  0303 123 1113.

Online:  https://ico.org.uk/concerns/

Updates to this Privacy Notice

We reserve the right to revise or supplement this Privacy Notice from time to time. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Privacy Notice and so you are aware of what information we collect, how we use it and under what circumstances we disclose it. You can determine when this Privacy Notice was last revised by checking the heading of this Privacy Notice.

Contact

If you have any queries, please contact us at info@thecompliancefoundation.com .