Complete Licensing Limited needs to collect your data that you share with us, in order to conduct our normal business activities, including providing services to you. We take data security very seriously and this policy sets out how and why we use your data, when and to who we disclose it and how we protect it.
We may amend this policy from time to time. An up to date version of the policy will at all times be maintained and available on our website at www.completelicensing.uk.
Complete Licensing Limited is registered with the Information Commissioner, Registration Number: ZA764285
Complete Licensing Limited as Data Controller
We control the ways your personal data is collected and the purposes for which your personal data is used by Complete Licensing Limited. Complete Licensing Limited is the “controller” for the purposes of (i) the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (ii) the Data Protection Act 2018; and (iii) any other applicable laws and regulations relating to the processing of your personal data and privacy.
Legal basis for processing your personal information
How we use your personal data will depend on whether you are a client, a representative of a client, a business contact, someone whose personal data we necessarily process as part of our provision of professional services, or otherwise. We may process your personal data for the following purposes:
(a) providing a proposal to you or your organisation in relation to the professional services we offer and for client engagement purposes (including the carrying out of background checks);
(b) providing professional services to you and / or our clients;
(c) managing our relationship with you and / or our clients (including billing and financial management), for record-keeping purposes and more generally for the proper operation of Complete Licensing;
(d) dealing with any complaints or feedback you may have;
(e) monitoring and improving the performance and effectiveness of our services, including by training our staff;
(f) seeking advice on our rights and obligations, such as where we require our own legal advice, and to exercise and defend our legal rights;
(g) compliance with our legal and regulatory obligations, such as anti-money laundering laws (which may include the carrying out of background checks and retention of a record of such checks), data protection laws and tax reporting requirements, and / or to assist with investigations by police and / or other competent authorities (where such investigation complies with relevant law) and to comply with Court orders;
(h) safeguarding the security of our systems and communications; and / or
(i) for security purposes generally and to ensure the safety of our employees and visitors; and / or
(j) any other purpose for which you provide us with your personal data;
We may process your personal data for any of the purposes set out above where one (or more) of the following lawful processing grounds applies:
(a) the processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract with you;
(b) the processing is necessary for us to comply with our legal obligations;
(c) the processing is necessary for our legitimate interests (including the operation of Complete Licensing Limited and the provisions of professional services) or those of any client or relevant third party, unless those legitimate interests are overridden by your interests or fundamental rights or freedoms; and / or
(d) you have consented to the processing in question.
Where we process sensitive personal data, other lawful processing grounds may apply, such as that the processing is necessary for the establishment, exercise or defence of legal claims (for example to protect and / or defend our property or rights, or those of our clients) or for reasons of substantial public interest; or where you have given us your explicit consent.
Who we share your information with.
We shall not disclose any confidential information which we obtain to any other person or party except as is reasonable and necessary for the purpose of carrying out your instructions. We may also, from time to time, store data, including confidential information, on servers controlled by third party providers whose software or systems we use to provide, or decide to evaluate for the purposes of providing, our services (including e-disclosure, data retrieval and forensic investigations). In each such case we will ensure an appropriate confidentiality agreement is in place and/or where reasonably practicable any such data will be anonymised:
(a) as required by law including, without limitation, in response to any requests for information under freedom of information or environmental legislation; and /or
(b) as required by any regulatory, governmental or other authority to which we are subject or submit. In this regard we, and randomly selected client matters, are annually inspected for compliance purposes by regulated third parties and by our auditors.
You may opt-out of receiving our newsletter at any time, by clicking the unsubscribe link, in which case your details will then be permanently removed. If you have any problems with this process please email us at firstname.lastname@example.org.
We use Mailchimp to manage our email marketing campaigns. Mailchimp uses tiny invisible images called ‘pixels’ that are contained within emails to enable us to see:
- whether you opened an email
- where in the world the device used to open the email was located (based on your device’s IP address)
- whether you shared the email on any social media platforms
- whether you marked the email as spam
- your overall level of engagement with our email marketing campaigns
We don’t use this information any purposes except if it appears that you’re not opening our emails
We collect some information when you visit the Website but this does not allow us to identify you personally. The information we collect includes the type of browser visitors use, time and date of visits, which pages are most viewed, and which other websites and search engines direct visitors to the Complete Licensing website. This enables us to evaluate the Website and work to improve it.
Complete Licensing has specifically configured Matomo to respect your privacy by anonymising the IP addresses of visitors to our site and by respecting any ‘Do Not Track’ settings that you may have selected within your web browsers.
We do not link any of this anonymous data with any personal information that you may provide to us.
Cookies are samll pices of data sent from a website and stored on your compter by your web browser while you are browsing the website.
Financial Data – Processing of your personal Data by Third Party Payment Providers
When you make a payment, Stripe may asks for your name, address, phone, email address, and credit or debit card information. This information is used to process your payment and to verify credit or debit card data.
Your credit or debit card details will only be retained by Stripe. These details are not retained by Complete Licensing, although in the case of a suspected fraudulent transaction, card details may be disclosed to us for the sole purpose of performing further checks.
How long we keep your information
We will retain your information and information within your client files for the duration of your matter(s) plus 7 years, unless there is a reasonable, identifiable reason for us to retain it for a longer period. Such reasons including but not limited to, any obligation placed on Complete Licencing Limited by any Act of Parliament, Secondary Legislation, Local Regulation or Byelaw.
Where your data is processed and stored
Your personal data may be transferred outside the UK while being processed by Complete Licensing Limited.
All servers used in connection with the provisioning of emails are located in Switzerland. Email data is ALWAYS stored in encrypted format on our servers. Offline backups may be stored periodically, but these are also encrypted. Our email service provider does not possess the ability to access any encrypted message content on either the production servers or in the backups.
How we protect your information
We are committed to doing all that we can to keep your information secure. We set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you.
We take information security very seriously and have implemented several technical and organisational measures to protect the information and personal data we hold. These include:
- Email: We use Proton Mail for the provision of our email service, all internal emails are there for end-to-end encrypted however external emails are not, we can enable email encryption on request. You can view the security features of Proton Mail by clicking here. We use software to protect against malware and phishing attacks (and you should too!)
- Communications tools: For internal company communications we use Signal Messenger as it is end-to-end encrypted. However, we tend to use whatever communications tools are preferred by our clients. Phone calls made to or from our mobiles are not encrypted (and if you dial into any conference call which uses encryption, your connection won’t be encrypted).
- Cloud services: All cloud services that we use, including, our document management system, and accounts platform, are hosted on secure infrastructure which uses encryption in transit and, in most cases, encryption at rest
- Training: All our staff are trained on data protection and good information security practices
You have the right to change your mind at any time and ask for your information to be deleted by contacting the data controller, though we may need to refuse your request if we have a lawful reason to.
You’ve got several important rights in relation to the personal data we hold about you. The most relevant are:
- Access: You’ve the right to request access to and be provided with a copy of the personal data held about you together with certain information about the processing of such personal data to check that we’re holding it lawfully and processing it fairly
- Correction: You’ve the right to ask us to correct any inaccurate or incomplete personal data held about you
- Deletion: You’ve the right to ask us to delete or remove any personal data held about you where there’s no good reason for us to continue holding it or where you’ve exercised your right to object
- Restriction: You’ve the right to ask us to restrict how we hold your personal data, for example, to confirm its accuracy or our reasons for holding it
- Objection: You’ve the right to object to our holding of any personal data about you which is based on our legitimate interests or those of a third party based on your circumstances. You also have the right to object to our holding your personal data for direct marketing purposes
Some of the above rights only apply in certain circumstances and may be subject to certain exemptions.
You’ll not have to pay any fee to exercise any of the above rights, though we may charge a reasonable fee or refuse to comply with your request where permitted to do so by law. Where this is the case, we’ll let you know. To protect the confidentiality of your personal data we may ask you to verify your identity before fulfilling any request in relation to your personal data.
You’ve the right to complain if you’re not happy with how we have collected or used your personal data. We would hope to resolve any issues informally but, if we can’t, you also have the right to raise a complaint with the Information Commissioner’s Office (ICO).
Questions and complaints
The contact details for the data controller are: email@example.com
The contact details for the data controller’s Data Protection Officer are: firstname.lastname@example.org
If you consider that your personal information has been misused or mishandled, you can make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or on 0303 123 1113, or email@example.com. Any complaint to the Information Commissioner won’t affect your right to seek redress through the courts.
This policy comes into effect on Wednesday, 6th January 2021.