This Privacy Notice explains how we at Compliance Management Services Ltd (CMS) use the personal information which we collect about you when you deal with us.
What information do we collect about you?
We collect and hold personal information about you, including your name, email address(es) and telephone number(s) when:
- you or your firm makes an enquiry with us, or asks us to provide a quotation for consultancy services; and/or
- your firm becomes a CMS consultancy client; and/or
- you subscribe to our newsletter service.
As well as collecting personal information from you directly, we may also obtain it from the firm which employs you or from publicly available data sources.
Please note that if you do not give us certain personal information, or ask us to delete any of the personal information which we already hold, we may not be able to continue supplying you with some or all of our services.
How will we use the information about you?
We will only use the personal information we collect to provide the service(s) which you or your firm asks us to provide.
Will we share your information with anybody else?
We may share your personal data with other parties in order to provide service(s) to you, in particular providers of IT and system-administration services, subcontractors and our professional advisers. However, these parties are only permitted to use your personal data for the purposes we specify. We also require them to respect the security of your personal data and to treat it in accordance with the law.
On what legal bases do we process your information?
In the vast majority of cases, the processing we undertake is necessary to fulfil the contract your firm has taken out with us, or a contract your firm is contemplating taking out with us.
In some instances, the processing will be necessary for us to pursue a legitimate interest, in particular where we wish to provide you with information that may interest you, or to give you details of other services which may be of benefit to you.
In a small number of instances, it will be necessary for us to obtain your prior consent before we process your data for a specific purpose.
If you do not wish to receive information or details of our other services, you can ask us to remove your name from the appropriate mailing list by using the ‘How to contact us’ details below, or by using the ‘unsubscribe’ feature in our email communications.
We do not use any automated decision-making processes when providing any of our services.
Transferring your data outside Europe
As part of our service provision, some of the data which you give to us may be transferred to countries outside the European Economic Area (EEA).
Whenever we transfer your personal data to countries outside the EEA, we will ensure that at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries which have been deemed by the European Commission to provide an adequate level of protection for personal data; or
- Where we use certain service providers, we may use specific codes of conduct, contracts or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States of America (US), we may transfer data to them if they are part of the EU-US Privacy Shield, which requires them to provide similar protection to personal data shared between the European Union (EU) and US.
Please contact us using the ‘How to contact us’ details below if you would like further information on the specific safeguard we use when transferring your personal data outside the EEA.
Your legal rights
You have rights under data protection law in relation to your personal data. Depending on circumstances, these may include the right to:
- Request access to the personal data we hold
- Request correction of the personal data we hold
- Request deletion of the personal data we hold
- Object to processing of the personal data we hold
- Request restriction of processing the personal data we hold
- Request transfer of the personal data we hold to another organisation
- Right to withdraw consent (where we rely on consent for processing)
Should you wish to exercise any of these rights, please contact us as shown below in ‘How to contact us’.
We will endeavour to respond to access requests within one month but if you have a particularly complex request, or make a number of requests, it may take us longer. If this is the case, we will let you know how long we think it will take and keep you updated.
We do not make a charge for responding to any request which results from you exercising your legal rights.
We will only keep your personal data for as long as it is necessary to fulfil the purpose(s) for which we collected it. Our retention periods are determined by the nature and sensitivity of the personal data held, the potential for harm caused by its unauthorised use or disclosure and whether it is possible for us to achieve our objectives in another way.
Unless we tell you other otherwise, we will keep records of your personal data for no more than:
- Six years from the date that your consultancy contract with us comes to an end
- One year from the date we provide you with a quotation for consultancy services which you do not take up
Changes to Privacy Notices
We keep our Privacy Notices under regular review and we will contact you using the contact details that we hold to tell you about any changes. This Privacy Notice was last updated on 23 May 2018.
You have a right to lodge a complaint about the way we handle, or have handled, your personal information with the Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority. The ICO can be contacted in a number of ways:
- By telephone on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- By live chat https://ico.org.uk/global/contact-us/live-chat
- By email email@example.com
- By post to Wycliffe House, Water Lane, Wilmslow SK9 5AF
However, before contacting the ICO, we would be grateful if you would get in touch with us first, using the ‘How to contact us’ details below, so we can attempt to resolve the issue.
How to contact us
Please contact us if you have any questions about our Privacy Notice, the information we hold about you or any other data protection issue:
- By email: firstname.lastname@example.org
- Or write to The Managing Director, Compliance Management Services Ltd, 103-105 Brighton Road, Coulsdon CR5 2NG