fbpx
info@compliancechain.com

Compliance Chain Privacy Policy

General information 

Compliance Chain Limited is committed to keeping your personal information secure. This Privacy Policy tells you what to expect us to do with your personal information when you make contact with us or use one of our services.

We keep our Privacy Policy under regular review to make sure it is up to date and accurate.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during our relationship with you.

Important information about who we are: 

Compliance Chain Limited is part of The Black Capital Group (also referred to as “Compliance Chain”, “we”, “us” or “our” in this Privacy Policy). The Black Capital Group is the controller for the personal information we process, unless otherwise stated, and is responsible for your personal information. 

You can contact us at: 

Postal address:  

3rd Floor, The Plaza Building, 100 Old Hall Street, Liverpool, L3 9QJ

Email: info@compliancechain.co.uk 

Chain Compliance is registered with the ICO, our registration number is ZB523927.  

 

Compliance with the data protection legislation.

All your personal information will be held and used in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and any other legislation relating to the protection of personal information (data protection laws).

We only use your personal information to provide the services you have requested from us. The information you provide will also help us direct your enquiries.

 

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or policies. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.

 

Personal information that we collect from you. 

Personal information or personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Most of the personal information we process is provided to us directly by you for the purpose of providing you with our services. We collect and process your personal information through your use of this website, including any data you may provide through this website when you purchase a product, service or membership.

Personal information we may collect, use, store and transfer about you which we have grouped together, are as follows:

  • Identity Data includes first name, last name, username or similar identifier, title.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and / or payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. 
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.  
  • Usage Data includes information about how you use our website, products and services. 
  • Marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Some personal information is required to set up your Compliance Chain account including your name, contact details, and email address. We may also need to collect some limited employment details for registration purposes. 

Your personal information can be managed via our secure Compliance Chain account.  You can always review and update your information by accessing your account. 

Health and other special categories of personal information

To the extent that information we collect is health data or another type of special category personal information subject to data protection laws, we ask for your explicit consent to process this data. 

Children’s personal information 

This website is not intended for children, and we do not knowingly collect data relating to children. 

We do not provide services directly to children or proactively collect their personal information.

 

How We Use the Information We Collect

The law on data protection sets out a number of different reasons for which a company may collect and process your personal information.

We will only use your personal information when the law allows us to do so. 

We collect personal information about our clients, customers, suppliers, subcontractors, business partners or joint venture partners in order to manage your membership, and any orders or services purchased. We also use personal information to report on tenders and projects.

Most commonly we will use your personal information in the following circumstances:

Where you have consented before the processing.

Where we need to perform a contract, we are about to enter or have entered with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal or regulatory obligation

In certain circumstances, we need your personal information to comply with our contractual obligations or to pursue our legitimate interests in a way which might be reasonably expected as part of our running our business. For example, in order to deliver the services to you, we need to use the information you provide us to enable us to provide those services and / or goods ordered, to manage your membership and your Compliance Chain account. 

Whenever you have given us your consent to use your personal information, you have the right to change your mind at any time and withdraw that consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

We strive to provide you with choices regarding certain personal information uses, particularly around marketing and advertising. 

If you have given your consent to receive marketing emails you can withdraw this at any time, or if we are relying on our legitimate interests to send you marketing you can object. In either case, just let us know. If you have received a direct marketing email from us and no longer wish to do so, the easiest way to let us know is to click on the unsubscribe link at the bottom of our marketing emails.

 

Payment card information: 

We may process your personal information to process any payments made for the provision of services. The information may include information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code.

Any payment transactions carried out by us, or our chosen third-party provider of payment processing services will be kept secure and encrypted where possible.

 

Information from third parties 

We work closely with third parties (including business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics and search information providers) and may receive personal information about you from them. Such data obtained from third parties will be kept in accordance this Privacy Policy, and with any additional restrictions imposed by the third party that shared your personal information.

 

If you fail to provide personal information 

Where we need to collect personal information by law, legitimate interest or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

 

Cookies 

When you visit our website, we may collect certain information by automated means, such as using cookies. 

A cookie is a piece of data stored locally on your computer containing information about your activities on the Internet. Each website can send its own cookie to your web browser if your browser’s preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. 

We use the following types of cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, or make use of services.

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

These are the cookies we use and why:

Cookies We Use

Why We Use Them

Google Analytics

To improve performance of our website and ensure that content remains relevant and interesting to our audience.

Hotjar

To ensure that content remains interesting to our audience.

If you use your browser settings to block all cookies (including necessary cookies) you may not be able to access all or parts of our website.

Third parties may also use cookies, over which we have no control. To deactivate the use of third-party advertising cookies, you may visit the consumer page to manage the use of these types of cookies.

 

Profiling and/or Automated Decision Making

Unless otherwise agreed with you, we will not use any of your personal information for automated decision-making or profiling.

 

Information We Share

We only ever share your personal information with trusted third parties. 

We only provide third parties with the information they need to know to perform their specific services. Where personal information is shared with a managed service provider or other third-party supplier, we work closely with them to ensure that your personal information is secure and protected at all times. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. 

Our contracts with third parties make it clear that they must hold personal information securely, abide by the principles and provisions of data protection rules, and only use information as we instruct them to. In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected. If we stop using their services, any of your personal information held by them will either be deleted or rendered anonymous.

We may also disclose your personal information to comply with a regulatory or legal duty, or if it is necessary to disclose personal information in connection with an investigation of suspected or actual fraudulent activity or is based on a lawful disclosure request. We may also disclose personal information where such disclosure is necessary to protect the safety or security of any persons, and/or otherwise as permitted under applicable law.

We will never:

  • Sell your personal information to a third party.
  • Share your personal information with a third party for marketing purposes without your consent.

 

Where your personal information may be processed

Your personal information will be stored on systems with technical and organisational security measures and controls located within the UK. 

Sometimes we will need to share your personal information with third parties and suppliers outside the UK such as Europe and the USA.

If we do this, we have procedures in place to ensure your personal information receives the same protection as if it were being processed inside the UK. For example, our contracts with third parties stipulate the standards they must follow at all times.

Any transfer of your personal information will follow applicable laws and we will follow the guiding principles of this Privacy Policy.

 

How Long We Will Retain Your Personal Information

We will only retain your personal information for as long as is necessary for the purpose or purposes for which we have collected it.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

Details of retention periods for different aspects of your personal information are available upon  request. 

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

Data security 

We work hard to keep your information safe. We use a combination of technical, administrative, and physical controls to maintain the security of your personal information and protect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.  

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our services, including our platform or website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We have put in place procedures to deal with any suspected personal information data breach and will notify you and any applicable regulator when we are legally required to do so.

 

Your Rights 

You are also able to exercise your rights which include: 

 

Your Right to be Informed  

We aim to be transparent within our Privacy Policy and provide you with information about how we use your personal information.

 

Your Right to Object

In some circumstances you can stop the processing of your personal information for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal information. 

Where your details are used for marketing, you can opt out at any time. You are able to unsubscribe from marketing on each contact or you can contact us to object to any processing.

 

Your Right to Rectification 

You have the right to request the correction of your personal information when it is incorrect, out of date or incomplete. If you notify us that the personal information, we hold is complete or inaccurate we will correct or complete the information as soon as possible. 

 

Your Right to Erasure or the Right to be Forgotten

You have the right to request that your personal information be deleted; including if we no longer need it for the purpose we collected it, you withdraw your consent or you object to its processing.

Following your request, we will erase your personal information without undue delay unless the continued retention is necessary and permitted by law. If we make the personal information public, we shall take reasonable steps to inform other data controllers processing about your erasure request.

 

Your Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information. This can be done in circumstances where we need to verify the accuracy of the information, if you do not wish to have the information erased or you have objected to the processing of the information, and we are considering this request. Once the processing is restricted, we will only continue to process your personal information if you consent, or we have another legal basis for doing so.

 

Your Right to Access

You have the right to access the personal information we hold about you. Any access request will usually be free of charge and responded to within one month. We will endeavour to provide information in the format requested, but we may charge you a reasonable fee for additional copies. 

 

Your Right to Data Portability

You have the right to receive a copy of your personal information which you gave to us. The copy will be provided in a commonly used and machine-readable format.  You can also have it transmitted directly from us to another data controller, where technically possible.

 

When you request to exercise your rights

You will not have to pay a fee to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information  or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

How can we help? 

If you have any questions that haven’t been covered, or you have any concerns about our use of your personal information, you can make a complaint to us by contacting us at info@compliancechain.co.uk or by post using our postal address.

For further information on data protection please visit the Information Commissioner Office (ICO) website.

The Information Commissioner Office regulates data protection. If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113 or visit the website.

 

Request a Demo

Are you a principal contractor or client organisation looking to find out more or would like a demo?

If so, please contact us today!

Request a Demo
First
Last

Download Member Guide

Complete the fields to download our member guide.