Maintaining your privacy is really important to us. You entrust us with sensitive information, and we take that responsibility seriously. We will not disclose your personal details to any third parties unless it is necessary or where we are legally obliged to do so.
It is likely we will need to update our Policy from time to time. This version is dated May 2018.
Controller and Processor
Compliancy Services Ltd is an award winning financial services compliance consultancy for firms that are regulated by the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA). We are registered with the Information Commissioner’s Office under registration number Z8799216.
For simplicity throughout this notice, ‘we’ and ‘us’ means Compliancy Services Ltd and its brands.
The legal bases we rely on
The law on data protection sets out a number of different reasons for collecting and processing your personal data, including:
- Consent: In specific situations, we collect and process your data with your consent. For example, when you tick a box to receive email newsletters.
- Contractual obligations: In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you instruct us to manage your FCA authorisation application then we will collect the necessary information to provide the service.
- Legitimate interests: in specific situations, we require your data to pursue our legitimate business interests in a way which might reasonably be expected as part of running our business. We make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
If you have any concerns about this processing, you have the right to object to processing that is based on our legitimate interests. You can do that by contacting us using one of the options in the ‘How To Contact Us’ section.
How we collect your personal data
Under GDPR personal information is defined as “any information relating to an identified or identifiable natural person”. Personal data, or personal information means any information about an individual, from which that person can be identified. We collect personal data, or personal information, directly from you, for example when you:
- Visit any of our websites, and complete a form;
- Contact us by any means to enquire about us, our services etc.
- Engage with one of our marketing emails or on social media.
- Engage us to provide services;
- Subscribe to our services;
- Access one of our client portals, for example Compliancy.Guru.
Other data controllers (including our clients) may also provide your personal data to us.
We may, also, obtain information about you from publicly available sources and collect website usage information using cookies (see “Cookies” section below).
The personal data we collect
The different types of personal data we may collect about you could include:
- Identity Data: includes your title, full name and maiden name if applicable, date of birth, sex, marital status, passport, driving licence data or other identity card;
- Contact Data: includes email address, telephone numbers and home address;
- Financial Data: includes bank account details and related information;
- Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us;
- Usage Data: includes information about how you use our website, products and services;
- Recruitment Data.
How information is used
We may use your information in the following ways:
- To provide FCA and PRA compliance advice and to answer your specific questions;
- Carry out our obligations arising from any contracts entered into by you and us;
- To fulfil our legal and regulatory obligations;
- Seek your views or comments on the services we provide;
- Notify you of changes to our services;
- Send you communications which you have requested and that may be of interest;
- Process a job application;
- For marketing purposes and based on ‘Legitimate Interests’. You are free to opt out of at any time;
- For other legitimate business purposes.
If you wish to change how we use your data, you’ll find details in the ‘Your Rights’ section below. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
Retention period for using your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements. To determine the appropriate retention period for personal data, we consider:
- the amount, nature, and sensitivity of the data;
- the potential risk of harm from unauthorised use or disclosure of the data;
- the purposes for which we process the data; and
- the applicable legal requirements.
Personal data will generally not be held for more than seven years after the end of the relationship/appointment, unless otherwise prescribed by law or regulation.
How we share your information
We do not sell or distribute your personal data for commercial gain. We may process your personal data without your knowledge where this is required or permitted by law.
We may have to share your personal data with
- Trusted third party service providers;
- Our auditors, insurers or regulatory bodies;
- Our clients’ funders;
- Our mutual clients, whom you have given permission for us to share your data with;
- Third parties to whom we may sell or merge our businesses or assets.
All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We work closely with them to ensure that your privacy is respected at all times. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
Where your data may be processed
Sometimes we will need to share your personal data with firms that provide support services to Compliancy Services and who are outside the European Economic Area (EEA). Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
You can set your browser not to accept cookies and the websites below, tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result. For further information about cookies visit www.aboutcookies.org or www.allaboutcookies.org.
Links to other websites
Whenever we process data we will ensure that we always keep your personal data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, by contacting us using one of the options in the “How To Contact Us” section. Please bear in mind that if you object this may affect our ability to carry out tasks for your benefit.
We want to make sure that your personal information is accurate and up to date. You have the right to request a copy of the information that we hold about you. You may ask us to correct or remove information you think is inaccurate.
If you would like a copy of some or all your personal information, please contact us using one of the options in the “How To Contact Us” section. If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Policies and procedures are in place to safeguard it from loss, misuse and improper disclosure. We, also, have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Any information submitted using website forms is encrypted and protected with 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear at the top of web browsers such as Microsoft Internet Explorer.
How to contact us
Compliancy Services Ltd
69 Hermitage Road