Information of the company that manages the services.
The services within this website are provided by COMPLIANCE CONSULTANT a trading name of UK Compliance Consultant Limited. (hereinafter referred to as “COMPLIANCE CONSULTANT”), a UK company with registered address at 31 Woodside, Gosport, Hants; registered at Companies House with the number 14805896. We are also registered with the Information Commissioners Office with the number ZB536520
ACCESS AND USE OF THE SERVICES
1.1. Access to the Services
1.1.1. These general terms and conditions of use (“General Terms and Conditions of Use”) shall govern the use of the website https://www.complianceconsultant.org which belongs to COMPLIANCE CONSULTANT. The purpose is to provide information about the activity of the Company and enable the use of the services offered by COMPLIANCE CONSULTANT (“Service” or “Services”), through the creation and submission of different types of online documents or forms and, where appropriate, the subsequent storage of the content of the same.
1.2. Agreement to the General Terms and Conditions of Use and, where appropriate, the Specific Conditions.
1.2.1. By accessing the Services, you, the User, agree to these General Terms and Conditions of Use so please read them carefully before using them. If you do not agree to these General Terms and Conditions of Use, please do not use the Services of COMPLIANCE CONSULTANT or its contents.
1.2.2. Some of the above-mentioned Services may be subject to specific conditions established at any time. From now on, such conditions, or any other specific conditions for the services offered on the Websites at any time, shall be referred to as “Specific Conditions”.
1.2.3. In addition, COMPLIANCE CONSULTANT informs the users of the Services that these General Terms and Conditions of Use and the Specific Conditions to the Service can be modified or amended at any time, including registering an account. Therefore, COMPLIANCE CONSULTANT will provide the User with reasonable prior written notice of any change. If the User does not want to agree to any changes made, the User should stop using that Service and unregister/unsubscribe, because by continuing to use the Services the User indicate their agreement to be bound by the updated terms.
1.3. Services Use. Legal age
1.3.1. The User declares that he or she is at least eighteen (18) years of age and has sufficient capacity to be bound by these General Terms and Conditions of Use and the Specific Conditions when appropriate. The User also commits to use the Services and the information contained therein properly, and to comply with any given applicable regulation.
YOUR PRIVACY IS IMPORTANT TO US
4. RIGHTS TO ACCESS, RECTIFICATION OR ERASURE, RESTRICTION AND OBJECTION, OF PROCESSING
4.1. You have the right to access, rectification, opposition, erasure (“right to be forgotten”), and right to restriction of processing of your personal data by directing any such requests to COMPLIANCE CONSULTANT. In order to make things easier for you, and without prejudice to the legal requirements COMPLIANCE CONSULTANT must comply with under the laws, COMPLIANCE CONSULTANT allows you to exercise the above-mentioned rights by sending a request through the contact form on the “Contact” page or at https://www.complianceconsultant.org/contact-us/.
5. PERSONAL INFORMATION ABOUT USERS AND RESPONDENTS
COMPLIANCE CONSULTANT is used by “Users” and by “Respondents”. The information we receive from Users and Respondents and how we handle it differs, as set out below.
5.1. COMPLIANCE CONSULTANT USERS
As a User, we collect information relating to you and your use of our Services from a variety of sources:
(i) Information we collect directly from the User
- a) Registration information: information you provide to us when you register for an account.
- b) “My Account” settings: you can view and edit various preferences and personal details on “My Account” settings. For example, your default language, registered email, non-transactional communication preferences and Account name.
- c) COMPLIANCE CONSULTANT data: We store your transactional data (questions and responses) only. We do not store any sensitive data, i.e., payment details, as these are handled by third party payment facilities, i.e., PayPal, Worldpay etc.
- d) Other data you want to share: We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial or plaudit.
(ii) Information we collect about the User indirectly or passively when interacting with us
- a) Usage data: COMPLIANCE CONSULTANT collects usage data about Users whenever they interact with our services, including information they have elected to make publicly available.
- b) Device and application data: COMPLIANCE CONSULTANT collects data from the device and application the User uses to access our services, such as the IP address and browser type. We may also infer the geographic location based on the User IP address.
- c) Referral data: if the User arrives at a COMPLIANCE CONSULTANT website from an external source (such as a link on another website or in an email), we record information about the source that referred the User to us.
- d) Information from third parties: COMPLIANCE CONSULTANT may collect User personal information or data from third parties if the User gives permission to those third parties to share such information with others or the data is extracted from publicly accessible sources.
For example, COMPLIANCE CONSULTANT may share minimal service data with a select third-party for data enrichment purposes, provided that User has given prior permission to those third parties to share such information with other parties (i.e. COMPLIANCE CONSULTANT may share Users’ email addresses with a third party to obtain some information like company name etc) or it comes from publicly accessible sources like social media profiles, industry registers or membership sites etc. Enriching data allows us to analyse a deeper subset of data from which we may present personalised content. Prior to sharing data with any data enrichment vendor, COMPLIANCE CONSULTANT signs the corresponding Data Protection Agreement with the vendor to ensure that the data is adequately protected, that it has been lawfully obtained by vendors enabling COMPLIANCE CONSULTANT to use such data in connection with the services we provide, and to ensure vendors adopt adequate security controls.
5.2 COMPLIANCE CONSULTANT RESPONDENTS
As a Respondent, when you respond to Compliance Consultant, we collect information relating to you and your use of our services and may enhance this from a variety of publicly available sources:
(i) Information we collect directly from the Respondent
We collect and store the responses from you as “Respondents”. The Compliance Consultant is responsible for that data and manages it as the Data Controller.
When responding to a request you may provide personal information or data. Please note that COMPLIANCE CONSULTANT is responsible for the content of that data under law and will take adequate protection measures to ensure its security.
- a) Usage data: on behalf of COMPLIANCE CONSULTANT Users, Compliance Consultant collects usage data about Respondents whenever they interact with our services.
- b) Device and application data: on behalf of COMPLIANCE CONSULTANT Users, we collect data from the device and form the Respondent uses to access our services, such as, among other, the IP address, browser type and operating system. We may also infer the geographic location based on the Respondent IP address.
- c) Referral data: on behalf of COMPLIANCE CONSULTANT Users, we record information about the source that referred the Respondent to a contact/signup form (i.e. a link on a website or in an email).
- e) Email address: COMPLIANCE CONSULTANT records the email address if the User/Respondent provides it to us in order to send notification emails.
(ii) COMPLIANCE CONSULTANT’s obligations as data processor when processing data on behalf of Users.
When COMPLIANCE CONSULTANT is processing data provided by a User, we (or a company we employ as a subcontractor) are acting as the Data Processor of such data (hereinafter, we shall be referred to as the “Data Controller” and “Data Processor” accordingly).
For the processing of data, the Data Processor undertakes to fulfil the following obligations:
- a) To treat the personal data only to carry out the provision of the contracted services, in accordance with the instructions given in writing, at any time, by the Data Controller (unless there is a legal rule that requires complementary processing, in such a case, the Data Processor will inform the Data Controller of that legal requirement prior to the processing, unless the Law prohibits it on public interest grounds).
- b) To maintain the duty of secrecy with respect to the personal data to which the Data Processor has access, even after the termination of the contractual relationship, and to ensure that their employees have committed in writing to maintain the confidentiality of the personal data processed.
- c) To ensure, taking into account the available technology, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, that they will apply adequate technical and organizational measures to ensure a level of security appropriate to the risk, including, where appropriate, among other things:
-The pseudonymisation and encryption of personal data;
-The ability of ensuring the continued confidentiality, integrity, availability and resilience of the systems and services;
-The ability of restoring the availability and access to personal data quickly in the event of a physical or technical incident;
-A process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures in order to ensure the safety of the processing.
When evaluating the adequacy of the security level, special account shall be taken of the risks presented by the data processing, in particular as a consequence of the destruction, loss or accidental or unlawful alteration of the personal data transmitted, stored or otherwise processed, or the communication or unauthorised access to such data.
In the event that the implementation of specific and concrete security measures is needed, those measures will be added to this Agreement by means of an Annex.
- d) To keep under their control and custody the personal data to which they have access in relation with the provision of the Service, and to not disclose them, neither transfer or otherwise communicate them, not even for their preservation, to persons unrelated with the provision of the Service covered by this Agreement.
However, the Data Controller may authorise, expressly and in writing, the Data Processor to use another data processor (hereinafter, the “Subcontractor”), whose identification data (full company name and fiscal identification number) and subcontracted services must be communicated to the Data Controller, prior to the provision of the service, at least with one (1) month in advance. The Data Processor will also inform the Data Controller of any change envisaged in the incorporation or substitution of the Subcontractors, giving thus to the Data Controller the opportunity to object such changes.
In case of making use of the power recognised in the previous paragraph, the Data Processor is obliged to transfer and communicate to the Subcontractor the whole obligations that for the Data Processor derive from this Agreement and, in particular, the provision of enough guarantees that he will apply appropriate technical and organizational measures, so that the processing complies with the applicable regulations.
In any case, access to the data made by natural persons who render their services to the Data Processor, acting within the organisational framework of the latter by virtue of a commercial and non-labour relationship, is authorised. In addition, access to the data is granted to companies and professionals that the Data Processor has hired in their internal organisational framework in order to provide general or maintenance services (computer services, consulting, audits, etc.), as long as such tasks have not been arranged by the Data Processor with the purpose of subcontracting with a third party all or part of the Services provided to the Data Controller.
- e) To delete or return to the Data Controller, at their choice, all personal data to which they have had access in order to provide the Service. Likewise, the Data Processor undertakes to delete the existing copies, unless there is a legal rule that requires the preservation of the personal data. However, employees and other personnel working for the Data Processor are entitled to access Users and Respondents data as required to carry out their obligations under the terms of their contract.
- f) To notify the Data Controller, without undue delay, of any personal data security breaches of which he is aware, giving support to the Data Controller in the notification to the Information Commissioners Office (ICO) or other competent Control Authority and, if applicable, to the interested parties of the security breaches that occur, as well as to provide support, when necessary, in the carrying-out of privacy impact assessments and in the prior consultation to the ICO, where appropriate, as well as to assist the Data Controller so they can fulfil the obligation of responding the requests to exercise certain rights.
- g) To bring, in writing, a record of all categories of processing activities performed on behalf of the Data Controller.
- h) To cooperate with the ICO or with other Control Authority, at its request, in the fulfilment of its power.
- i) To make available to the Data Controller the whole information necessary to demonstrate the fulfilment of the obligations established under this Agreement, as well as to allow and contribute to the performance of audits, including inspections, by the Data Controller or by a third party authorised by them.
If the Data Processor or any of his Subcontractors violates this Agreement or any regulation when determining the purposes and means of the processing, they shall be held responsible for such processing. Furthermore, if such Subcontractors are based in countries which do not have a legislation on data protection which is equivalent to the EU legislation (“Third Countries”), Data Processor shall establish all safeguards required by the EU legislation in order to comply with all obligations arising from transfers of data to Third Countries, and shall promptly inform Data Controller about such safeguards if so requested.
6. PURPOSES AND LEGITIMATE BASIS OF THE USE AND SHARING INFORMATION
PURPOSES OF PROCESSING
6.2. We also use your information to review, investigate and analyze how to improve the services provided. We may also collect and analyze your data to monitor, maintain and improve our services and features.
6.3. We may internally perform statistical and other analysis on information we collect (technical and meta data) to analyze and measure user behavior and trends, to understand how people use our services, in order to. Improve and optimise our performance of such services, and to monitor, troubleshoot and improve our services, including to help us evaluate or devise new features.
6.4. We may use your information for internal purposes designed to keep our services secure and operational, such as testing purposes, troubleshooting, to prevent abusive activity (i.e. fraud, spam, phishing activities), and for service improvement, research and development purposes.
6.5. We’ll be sending you COMPLIANCE CONSULTANT product intro, tips and inspirational use cases and user stories by any means, including email and similar means of electronic communication like personalised advertisements as part of providing relevant content helpful to use our services effectively. In order to customise such information and commercial communications as much as possible, COMPLIANCE CONSULTANT may use statistical techniques that allow the creation of user profiles and data segmentation.
6.7. Your data is not disclosed to any third party except (i) for providing the services you requested and for which COMPLIANCE CONSULTANT collaborates with third parties, (ii) when we have your permission, (iii) when it is required by a competent authority in the exercise of its duties (for example in order to investigate, prevent or take action regarding illegal activities) or (iv) as otherwise required by law.
7. LEGITIMATE BASIS OF PROCESSING
COMPLIANCE CONSULTANT use of your data for the purposes described above is based on the following legitimate basis:
7.1 Users’ Data
If you are a User, we are entitled to use your data in order to fulfil our contractual obligations with you and, if you are acting on behalf of a legal person, we have a legitimate interest to use your data in order to maintain the relation with your company as a Compliance Consultant client.
In addition, we are entitled by law to use your data for direct marketing purposes, in order to send you commercial communications related with COMPLIANCE CONSULTANT products or services which are similar to the Services, since legislation on data privacy recognises direct marketing to clients as a legitimate interest of use of personal data, and legislation on information society services expressly allows COMPLIANCE CONSULTANT to send you commercial communications by electronic means, provided that they are related with products or services which are similar to the Services. In any case, you are entitled to ask us, now or at any moment, not to send you any commercial communications. If you don’t want us to send you commercial communications, you can do it, now or at any moment, by opting out of the consent or deleting your account settings page Additionally, all commercial communications you might receive in the future, will include an easy and free-of-charge way (opt out) for you to ask us not to receive further commercial communications.
7.2 Respondents’ Data
If you provided additional information, we are processing your data as Data Processor and will only do so within the legal basis for which it is provided and delete it when it is not needed further.
8.1 A cookie is a small string of information that the website you visit transfers to your computer for identification purposes. Cookies can be used to follow your activity throughout the Compliance Consultant Service and that information helps us to understand your preferences and improve your experience.
9. CANCELING YOUR ACCOUNT, OPTING OUT OF EMAIL, AND MODIFYING PERSONAL INFORMATION
9.1 You may cancel your account and you may opt out of receiving any emails from COMPLIANCE CONSULTANT at any time by opting out/unsubscribing from commercial email communications. Deleting your account will cause all the data in the account to be permanently deleted from our systems within a reasonable time period, as permitted by law and will disable your access to any other services that may require a COMPLIANCE CONSULTANT account. We will respond to any such request, and any appropriate request to access, correct, update or delete your personal information within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfil requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).
9.2 You may modify your personal information by logging in and visiting your settings at “My Account” page.
9.3 We encourage you promptly to update your personal information when it changes. Information concerning your past behaviour with the service may be retained by COMPLIANCE CONSULTANT as long as necessary for the purposes set out below.
10. RETENTION OF YOUR INFORMATION
10.1. We retain information for active COMPLIANCE CONSULTANT Account as long as it is necessary and relevant for our operations. In addition, we may retain information from closed accounts to comply with the law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce the COMPLIANCE CONSULTANT Terms of Service and take other actions permitted by law.
11. HOW TO CONTACT US
Send a request via https://www.complianceconsultant.org/contact-us/ and complete the contact form.
If you consider that any use of your data might breach any of your rights, you can lodge a complaint at any time by opening a support ticket from our Help centre or, alternatively, by filing a complaint before the ICO at ICO.org.uk .