Privacy and Cookies
1. Introduction
DEPHER CPH CIC respects privacy and is committed to protecting your personal data.
The notice below provides you with information on how CPH CIC collects, stores and processes personal data, and your rights in regard to its usage.
It is applicable to all users of our website, our clients (current and previous), suppliers and any other party on whom we hold personal information.
• Neither our website(s) nor our business activities are intended for children, so we do not knowingly collect data from or relating to children.
It is assumed by interacting with our website(s) or conducting business with DEPHER CPH CIC that you consent to this notice.
2. Legal Entity
2.1 DEPHER CPH CIC is the Data Controller and responsible for the collection, storage and processing of your personal data (collectively referred to as CPH, “we”, “us” or “our” in this notice).
2.2
-
Full name of legal entity: DEPHER CPH CIC, t/a CPH
-
Data Processor Email: data@cphcic.co.uk
-
Telephone: 01282 420 678
2.3 If you have any questions in regard to this notice or wish to exercise your legal rights in regard to your personal information please contact our Data Processor.
2.4 You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO, www.ico.org.uk). As per guidance on the ICO’s website, we would request you contact us in the first instance using the details above to allow us to deal with your concerns.
3. Glossary and Definitions
3.1 Our website(s): in the context of this notice, this refers to any website owned and operated by CPH CIC.
3.2 Personal data / personal information: This is any information about an individual which can be used to personally identify them.
3.3 Anonymous data / aggregated data: This is any information which cannot be used to personally identify an individual. For example, we may collect data about the number of visitors to our website, this is both anonymous (it cannot be used to identify you) and aggregate (it collates anonymous data from multiple sources to create one, quantifiable, figure).
3.4 Legitimate interest: We will always consider and balance any potential impact on you (positive and negative) and your rights before we process your personal data for our legitimate interests. We will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted by law.
If you wish to discuss how we assess our legitimate interests against any potential impact on you in respect of specific activities please contact our Data Processor (details above).
3.5 Comply with a legal or regulatory obligation: Processing of your personal data for compliance with legal or regulatory obligations we are subject to. For example, HMRC requires us to keep all tax-related records for a minimum of 6 years.
3.6 References to the law, and legal & regulatory requirements: The governing law in all instances shall be that of England and Wales. Legal and regulatory requirements refers to all obligations we must comply as a limited company.
3.7 Contract: When we have a contract to provide or receive services, such a contract may be written, provided by email or verbal in nature. In all instances, all are considered legally valid.
4. Data we may collect from you
4.1 The following is the personal data we may collect, store and process:
-
Your Name
-
Your Job Title
-
Your Email Address (work or personal)
-
Your Telephone Number (mobile, work, home or other)
-
Your Address (work, home or other)
4.2 In addition to information listed in 4.1, should a contract exist between CPH and yourselves for the provision of services we may also collect, store and process the following personal data to enable us to fulfil that contract. For example, financial data including the name of your bank and its address, and your account details (sort code and account number)
4.3 In addition to information listed in 4.1 and 4.2, if you have also requested to receive marketing and communications information from CPH, we may also collect (and store) the following personal data to allow us to meet your request:
-
The information you wish to receive (for example, newsletters)
-
How you wish to receive such information (for example, via email)
4.4 In addition to information listed in 4.1, 4.2 and 4.3, should we also provide you with access to systems under our control (for example, client areas of our website(s)), then we may also collect (and store) the following personal data about you: Your user name and your password for such a system
4.5 The following are examples of the anonymous data we may collect, store and process:
-
Your Internet protocol (IP) address
-
Your browser type and version, including browser plug-in types and versions
-
Your time zone setting
-
The operating system and platform and other technology on the devices you use to access this website (whether desktop, laptop, mobile, tablet or other device able to access the Internet)
-
Your usage data – how you interact with our website(s)
In isolation, this anonymous data cannot be used to identify you.
5. How we collect data from you
These are the following methods by which we will normally collect data from you. It is not meant to be exhaustive.
5.1 Direct interactions: If you correspond with us directly – for example via telephone, email, website contact form or face to face meeting – you may provide us with personal information.
5.2 Automated technologies or interactions: As you navigate through the pages of our website(s), we may collect anonymous data about you. This information may be stored using cookies (see below).
5.3 Third party sources: We may collect personal and aggregate data about you from a number of third party sources, including but not limited to, Companies House and Google Analytics (see cookies below)
5.4 Cookies
Our website(s) use three forms of cookies:
5.4.1 Functionality cookies: these are required for the operation of the website. They record, for example, personal preferences (language etc) and remember whether you have logged in to password-protected areas of our website(s). Without them you would not be able to utilise sections of our website.
5.4.2 Analytics cookies: these are used by third party providers such as Google Analytics to track your movements through our website(s). The information they collect is anonymous. All of the following cookies are set by Google Analytics:
__utma – is set the first time you visit our website, or updated every time you visit our website. It enables Google Analytics to see if you’re a returning visitor or whether this is your first visit. It expires two years after it is first set or updated
__utmb – records what time a visitor comes to our website and expires 30 minutes after you leave
__utmc – records what time a visitor leaves our website and expires as soon as you leave.__utmt – is used to throttle request rates, ensuring that websites with high traffic don’t put Google’s servers under too much strain. It expires after 10 minutes
__utmz – tracks where you came from – a search engine query, another website, Facebook etc and what search terms or keywords you used to find the page.
None of these Google Analytics cookies can be used to identify you.
There are currently no other analytics or tracking services used – or cookies set – by our website(s). We recommend you re-visit this privacy notice or contact our Data Processor (see above) to be informed if any changes take place.
6. How we use your data
We will only use your personal data when the law allows us to.
We may use your personal data to meet contractual or legal obligations, or for other legitimate and legal reasons.
6.1 Most commonly, we will use your personal data in the following ways:
-
To perform an agreed service and meet obligations arising from this
-
To manage our relationship with you. This may include transferring personal data to thirdparties who provide us with, for example, legal, banking, insurance and accountancy servicesand/or legal or regulatory bodies such as HMRC
-
To market our services to you. This will not override your fundamental rights
-
To comply with a legal or regulatory obligation
6.2 Most commonly, we will use anonymous and aggregate data in the following ways:
-
To administer and protect our website(s)
-
In the process of collecting analytics data relating to usage of our website(s).
7. Your rights and obligations in regard to data usage
7.1 Corrections: You are obliged to inform us of any changes to your personal data which may be relevant to our relationship with you. Where possible and applicable we will provide suitable mechanisms for updating your personal data. In the absence of such mechanisms, please contact the Data Processor (details above) to advise us of any changes.
In addition, you have the right to request a correction of any incomplete or inaccurate personal data we hold about you, or to check that we are lawfully processing it.
7.2 Tailoring: Where possible and applicable, we will provide mechanisms to allow you to tailor the content of any marketing messages. We will use your personal data to record and process such tailoring.
7.3 Opting out: You can request a complete opt-out of any and all marketing messages at any time. All marketing emails will include an unsubscribe function. Additionally, you can contact the Data Processor (details above) to request such an opt-out.
Opting-out of marketing communications will not automatically erase your personal information from our systems if we require such information to provide you with a service or we have another lawful reason to keep your personal information on our systems.
7.4 Change of purpose: We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that its use for another reason remains compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you of this and provide you with a mechanism to opt-out of such usage.
7.5 Access: You may request a copy of any and all personal information we hold on you at any time by making a Data Subject Access Request via the Data Processor (details above).
7.6 Erasure: At any time you may request we permanently remove your personal data from our systems where there is no good reason for us to continue processing it. In addition, you may request removal when you have successfully exercised an objection to processing (see 7.7 below), where you can demonstrate we have processed your personal information unlawfully or where we are required to do so to comply with relevant legislation.
7.7 Object to processing: In situations where you believe your rights are being impacted by our processing of your personal data, you have the right to object to our processing of it. Objection may not automatically lead to erasure if we can demonstrate legitimate and compelling reasons to process your information in contravention of your request to cease doing so.
7.8 Suspension of processing: During the process of any requests to erase or otherwise alter the personal information we store on you, we reserve the right to:
-
Suspend use of your personal data whilst we validate any changes
-
Such validation may require us to request specific information from you to confirm your identity and ensure you have the right to access the personal information under discussion
-
Continue to hold the personal data if required to for legal or regulatory purpose
-
Additionally, you may request a suspension in the use of your data but request that we maintain the records. It is at our discretion whether the record is maintained following such a request. We will always inform you of our decision in regard to this.
7.9 Transfer of your personal data: you may request the transfer of your personal data to yourself or a third party. This personal data will be restricted to the information you provided to us which was used to provide services for you. The information will be provided in a machine- readable and structured format of our choosing.
We reserve the right to object to such a transfer if doing so would leave us in breach of lawful or regulatory obligations.
7.10 You will not have to pay a fee to access your personal data (or exercise your rights in regard to your data).
However we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively in such circumstances we may simple refuse to comply with your request.
7.11 Whenever requests are made under 7.1, 7.2, 7.3, 7.5, 7.6, 7.7 or 7.9 above we will make required amendments within one month of receiving a verified request to do so. It is likely changes will be made much quicker but should there be a delay we will contact you to advise of the delay and the reason(s) for it.
8. Disclosure, transfer and security of your personal data
From time to time we may have to disclose or transfer your personal data to a third party, either temporarily or permanently:
8.1 Temporarily: This may include transferring personal data to third parties who provide us with, for example, legal, banking, insurance and accountancy services and/or legal or regulatory bodies such as HMRC. In all instances, such third parties may not use your personal data for their own purposes but only to conduct work for us.
8.2 Permanently: Should our business be sold, transferred to or merged with another, we may transfer your personal data to systems used by the new business entity. In such instances, your personal data will be stored and processed under the same terms as it was acquired as outlined in this notice.
8.3 Access to your personal data is restricted to staff who require access to it to conduct our business. All employees, contractors, agents and third parties are aware of this data notice and are required to abide with it as condition of working with or for us.
8.4 All devices which have access to your personal data – including but not limited to desktop and laptop computers, tablets and smartphones – are protected by security protocols including passwords, passcodes and fingerprint scanners.
8.5 All of the devices outlined in 8.4 will be backed-up on a regular basis to either magnetic media or cloud-based services, or both.
8.6 Such cloud-based services may be outside of the European Economic Area (EEA), and as such you acknowledge and accept that your personal information may be stored outside of the EEA. All data on such cloud-based services will be encrypted where possible, stored securely and, to the best of our knowledge, the cloud-based service provider will be unable to gain access to your personal data.
9. Data retention and data breach
9.1 We will retain your personal data only for as long as is necessary to fulfil the purpose for which it was collected, this includes any legal or reporting requirements either in place now or which come into force during the time we are storing your data.
9.2 When determining an appropriate retention period for your personal data we consider the nature and sensitivity of the data, the potential harm of unauthorised use or breach of your personal data, the purposes for which it is stored and used, whether such purposes can be achieved through other means and all applicable legal requirements and obligations.
9.3 For example, we are required by law to maintain client records for six years after a tax period during which we worked with them. This includes but is not necessarily limited to personal data such as client name, company name, financial & banking details, and information regarding financial & other such transactions.
9.4 Should we have cause to believe there has been a data breach – either of our own records or those handled by a third party on our behalf – we will inform you as soon as is reasonably possible following confirmation of such a breach. We will also inform any applicable regulator where legally obliged to do so.
10. Third Party Links
Our website(s) may include links to third party websites or other properties, including but not limited to, browser plug-ins or web applications. CPH does not control such third party properties and has no responsibility for the privacy or data collection policies of such properties.
If you chose to leave our website(s) via these third party links we encourage you to read the privacy notice of these sites.