We are aware of our obligations under the General Data Protection Regulation (GDPR) and are committed to processing your personal data securely and transparently.
This privacy notice sets out, in line with GDPR, the types of data that we collect and hold. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
This notice applies to our current customers and suppliers, our former customers and supplier and our prospective customers and suppliers.
Our separate privacy notice for job applicants will be issued to anyone applying for a job with us or a copy can be obtained from Sarah Edwards (SubjectAccess@capitalnetworks.co.uk)
The Company is a data controller, meaning that it determines the processes to be used when using personal data.
Our contact details are as follows: Capital Network Solutions, Cardiff House, Cardiff Road, Barry, Vale of Glamorgan, CF63 2AW, 0345 305 4118.
In relation to personal data, we will:
We hold and process the personal details, including their name, address, email address and phone numbers of:
Personal data is kept within the Company’s IT systems.
The law on data protection allows us to process your data for certain reasons only:
All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above to process your data.
For example, we need to collect and process the personal data of customers and suppliers in order to perform the contract that we are party to with them.
We also collect data so that we can carry out activities which are in the legitimate interests of the Company. We have set these out below:
Special categories of data are data relating to:
We know that we must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:
We will not process special category data relating to our customers or suppliers (including former customers and suppliers and prospective customers and suppliers).
One of the reasons for processing your data is to allow us to carry out our duties in line with the contract that exists between us. If you do not provide us with the data needed to do this, we may be unable to perform those duties.
Your data may be shared with colleagues within the Company where it is necessary for them to undertake their duties.
We may share your data with:
We may also share your data for other reasons to comply with a legal obligation upon us.
Some of the systems we use in the provision of services to you require that data is transferred outside of the European Economic Area, in such cases we only do so to countries where adequate data protection agreements and schemes are in place, in compliance with GDPR.
We are aware of the requirement to ensure data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
In line with data protection principles, we only keep your data for as long as we need it for. Retention periods can vary depending on why we need your data, as set out in our Data Retention Schedule which is available from Sarah Edwards (SubjectAccess@capitalnetworks.co.uk).
We do not make decisions on the basis of automated decision making (e.g. where a decision is taken using an electronic system without human involvement).
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact Sarah Edwards (SubjectAccess@capitalnetworks.co.uk).
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.
The Company’s Data Protection Officer is Sarah Edwards (SubjectAccess@capitalnetworks.co.uk).