Document Version & History
Version 1.1 – Dated 09.02.2021 until superseded.
Data Protection Officer & Privacy Contact
David Wylie: dpo@complianceclarity.co.uk
- ICO Registration No: ZA 504689
Purpose
This document sets out the way Compliance Clarity Ltd ( Data Controller) and any 3rd parties we engage with (Data Processors) will collect, process and handle your Personal Data and your rights in that relationship as Data Subjects.
Basis in Law
This Policy is written to align with the General Data Protection Regulation (GDPR) Legislation, enacted in April 2016 for EU Member states, and enacted as Data Protection Act (DPA) 2018.
Principles
We will adhere to the following principles of the GDPR with respect to this Policy and our behaviours in which we are guardians, not owners, of your personal data. These are:
• Lawfulness, Fairness & Transparency
• Purpose Limitation
• Data minimisation & Proportionality
• Data Quality & Accuracy
• Storage Limitation
• Integrity & Confidentiality
• Accountability
Direct / Active Personal Data Collection
Information Provision by you directly, by being aware of the act of doing so, that contains Personal Data.
We will, where possible BEFORE we collect your data, always notify you of:
• the Data Protection Officer (DPO) of Compliance Clarity Ltd and ICO registration details.
• the Purpose of Data Collection and Processing.
• the Legal Basis of Data Collection and Processing.
• the intention to transfer (or not) of Personal Data to a 3rd party or organisation.
• the intention to transfer (or not) of Personal Data to a 3rd country and the legal basis of that.
• the duration / time we will store your information.
• your rights as a Data Subject in terms of your personal data:
Right of Access
Right to Object
Right to Portability
Right of Restriction
Right to Erasure
Right to be Forgotten
Passive / Indirect Personal Data Collection
Information Provision by you, indirectly collected by not necessarily being aware of the act of doing so, that contains your Personal Data.
We will, where possible before we collect your data or within 1 month, always notify you of:
• the Source of the Personal Data collected.
• the Data Protection Officer (DPO) of Compliance Clarity Ltd and ICO registration details.
• the Purpose of Data Collection and Processing.
• the Legal Basis of Data Collection and Processing.
• the intention to transfer (or not) of Personal Data to a 3rd party or organisation.
• the intention to transfer (or not) of Personal Data to a 3rd country and the legal basis of that.
• the duration / time we will store your information.
• your rights as a Data Subject in terms of:
Right of Access
Right to Object
Right to Portability
Right of Restriction
Right to Erasure
Right to be Forgotten
3rd Party Indirectly Acquired Personal Data Collection
Information Provision to us about you indirectly collected whereby you are not aware of the act of doing so, that contains your Personal Data.
We will, as soon as possible and within 1 month, always notify you of:
• the Source of the Personal Data collected.
• the Data Protection Officer (DPO) of Compliance Clarity Ltd and ICO registration details
• the Purpose of Data Collection and Processing.
• the Legal Basis of Data Collection and Processing.
• the intention to transfer (or not) of Personal Data to a 3rd party or organisation.
• the intention to transfer (or not) of Personal Data to a 3rd country and the legal basis of that.
• the duration / time we will store your information.
• your rights as a Data Subject in terms of:
Right of Access
Right to Object
Right to Portability
Right of Restriction
Right to Erasure
Right to be Forgotten
Terms
| Term | Definition |
| Compliance Clarity Ltd | ‘us’ ‘the company’ ‘Data Controller’ |
| 3rd Party | ‘Data Processor’ / ‘Contracted Entity’ / ‘Indirect Source’ |
| Privacy Policy | This document and its contents |
| Personal Data | Any information relating to and identified or identifiable natural person |
| Data Collection | Method of Personal Data acquired by the Data Controller about the Data Subject. |
| Data Processing | Method by which Personal Data may be manipulated. |
| Data Subject | The natural person for which personal data applies to and is processed |
| Data Controller | The legal entity or person that makes decisions on collecting and processing personal data. ‘Compliance Clarity Ltd’ |
| Data Processor | The legal entity or person that processes personal data on behalf of the data controller. ‘3rd Party’ ‘Contracted Entity’ |
| 3rd Party Indirectly Acquired Personal Data Collection | Information Provision to us about you indirectly collected whereby you are not aware of the act of doing so, that contains your Personal Data.
e.g Bought in marketing details |
| Passive / Indirect Personal Data Collection | Information Provision by you indirectly collected by not necessarily being aware of the act of doing so, that contains your Personal Data.
e.g Cookies via our website |
| Direct / Active Personal Data Collection | Information Provision by you directly by being aware of the act of doing so, that contains your Personal Data.
e.g Contact Us website form |
Compliance Clarity Ltd 