Capium and GDPR
Our Commitment to Data Privacy
Capium believes in and is fully committed to respecting the privacy of you our customer. The personal data you share with us is given on trust and is a privilege we take seriously. As such we are committed to compliance with the General Data Protection Regulation (GDPR), which comes into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years, and we have been working hard to ensure that we are evolving with these developments.
What We Are Doing
At Capium we have made GDPR a priority for us, which is why we have devoted significant resources toward our efforts to comply with GDPR. As such we have been working hard over the last 6months to ready ourselves for the enactment of GDPR and to ensuring your data is kept safe. We appreciate that our customers also have requirements under GDPR that are directly impacted by their use of Capium, and as such we are committed to supporting you in helping to fulfil your obligations under GDPR.
In order to assist you and to help demonstrate our compliance with GDPR we wanted to outline some of the key areas we have been working on and the policies and processes we have put in place to achieve GDPR compliance, which includes:
Completing a GDPR Audit
- Earlier this year we completed a companywide internal audit of Capium Limited to identify and map out the personal data we hold and to allow us to identify any areas where we would have to work on to achieve GDPR compliance. The GDPR audit was supported with a roadmap for compliance which we have been working through.
Appointing a DPO
- We take this responsibility seriously and as such we appointed a qualified lawyer and experienced Data Protection Officer, Michael Blakeley, who has more than a 14 years of legal and compliance experience to help us look after your data. He can be contacted on Michael.firstname.lastname@example.org is available to assist you with any questions you may have.
Putting in place a Document Retention Policy
- Putting in place a document retention policy to ensure that we keep the documents necessary to fulfil our obligations under HRMC and other regulatory bodies, but also ensuring that we are not keeping your data for longer than is necessary.
Ensuring any international transfer are done in the right way
Putting measures in place to keep your data secure
- We have committed to ensuring that we have the security and privacy measures required to fulfil our obligations under GDPR, and most importantly to keep your data safe. This includes assessing our current security measures to ensure we are meeting industry best practice.
- As part of our security provisions we have put in place a Data Breach Policy. We hope we never have to use it, but in case of such a scenario, rest assured that we have a policy which sets out how we will deal with any potential breach of security or data loss, so that it is handled in the most effective manner. This includes procedures on notifying the regulators of personal data breaches on our systems and promptly communicating any such breaches to you where you are affected
Putting the right policies and training in place
- We are committed to ensuring our staff both in the UK and India that have access and process our customer’s personal data have appropriate training and are bound to maintain both the confidentiality and security of that data.
Ensuring third parties who we work with are also GDPR compliant
- Holding any subprocessors that handle our customers’ personal data to the applicable data management, security and privacy standards required under GDPR.
Who is the Data Controller?
Capium Limited in the UK is the data controller, which is the company who you share your data with. We are registered in the UK with the ICO, our registration number is ZA070927and you can find our registration here.
Do we process personal data of our customers?
Where do we send customer data?
Our goal is to provide you our customers with secure, valuable and reliable service. As a provider of a software platform and accountancy solution we seek to give you both a great service and good value.
As part of our service Capium requires that data be transferred to our group company in India. In addition, our employees and contractors may from time to time either when travelling access to data stored in the EU from a non-EU country for technical and support related reasons. In all cases where data is transferred outside of the E.U., Capium commits to ensuring such transfers are compliant with applicable data transfer laws, including GDPR.
What do I do if think there has been a data breach?
As discussed above Capium has put in place a Data Breach Policy which sets out how we will deal with such a scenario internally. However, we also need your help. In the event that you suspect that there has been a data breach or an unauthorised access to your personal data then you should let us know immediately. Please contact our support services immediately at email@example.com
Who do we contact if we have any questions?
Capium is 100% committed to customers’ success and the protection of customer data. We hope that the above information helps demonstrate our resolve in this area. However, if you have any questions or require any further information then please do not hesitate to contact us or visit our website where relevant policies are kept.