Capium and GDPR

Our Commitment to Data Privacy

Capium is fully committed to respecting the privacy of you our customer. The personal data you share with us is given on trust and is a privilege we take seriously. As such we are committed to compliance with the General Data Protection Regulation (GDPR), which comes into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years, and we have been working hard to ensure that we are evolving with these developments.

What We Are Doing

At Capium we have made GDPR a priority, which is why we have devoted significant resources toward our efforts to comply with GDPR. We appreciate that our customers also have requirements under GDPR that are directly impacted by their use of Capium, and as such we support you in helping to fulfil your obligations under GDPR.

In order to assist you and to help demonstrate our compliance with GDPR we wanted to outline some of the key areas we have been working on and the policies and processes we have put in place to achieve GDPR compliance, which includes:

Completing a GDPR Audit

  • In 2018 we completed a company-wide internal audit of Capium Limited to identify and map out the personal data we hold and to allow us to identify any areas where we would have to work on to achieve GDPR compliance. The GDPR audit was supported with a roadmap for compliance. Appointing a DPO
  • We take this responsibility seriously and as such we appointed a qualified lawyer and experienced Data Protection Officer, Michael Blakeley, who has more than 14 years of legal and compliance experience to help us look after your data. He can be contacted on Michael.blakeley@capium.com and is available to assist you with any questions you may have. Updated Privacy & Cookie Policy
  • GDPR compliant Cookie and Privacy Policies, which explain how we use your data and what rights you have under the new regulation, can be found here: Privacy Policy https://www.capium.com/privacy-policy/ and Cookie Policy https://www.capium.com/cookie-policy/ Document Retention Policy
  • Our document retention policy ensures that we keep the documents necessary to fulfil our obligations under HRMC and other regulatory bodies, but also ensuring that we are not keeping your data for longer than is necessary. Ensure any international transfers are done in the right way
  • Where we are transferring data outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR. This includes any personal data which is transferred to our group company Capium in India (see further our Privacy Policy https://www.capium.com/privacy-policy/),whose security we have reviewed and put the necessary international transfer agreement and model clauses to comply with GDPR. Other measures in place to keep your data secure
  • We have committed to ensuring that we have the security and privacy measures required to fulfil our obligations under GDPR, and most importantly to keep your data safe. This includes assessing our current security measures to ensure we are meeting industry best practice.
  • As part of our security provisions we have put in place a Data Breach Policy. We hope we never have to use it, but in case of such a scenario, rest assured that we have a policy which sets out how we will deal with any potential breach of security or data loss, so that it is handled in the most effective manner. This includes procedures on notifying the regulators of personal data breaches on our systems and promptly communicating any such breaches to you where you are affected The right policies and training in place
  • We are committed to ensuring our staff both in the UK and India that have access and process our customer’s personal data have appropriate training and are bound to maintain both the confidentiality and security of that data. Ensuring third parties who we work with are also GDPR compliant
  • Holding any sub-processors that handle our customers’ personal data to the applicable data management, security and privacy standards required under GDPR.

GDPR FAQ

Who is the Data Controller?

Capium Limited in the UK is the data controller, which is the company who you share your data with. We are registered in the UK with the ICO, our registration number is ZA070927and you can find our registration here.

Do we process personal data of our customers?

Yes, we process customer personal data which you provide Capium in order to allow us to provide our software and support services to you including specified purposes as described in our Privacy Policy (https://www.capium.com/privacy-policy/ ) and Terms of Service (https://www.capium.com/terms-of-service/).

Where do we send customer data?

Our goal is to provide you our customers with secure, valuable and reliable service. As a provider of a software platform and accountancy solution we seek to give you both a great service and good value.

As part of our service Capium requires that data be transferred to our group company in India. In addition, our employees and contractors may from time to time either when travelling access to data stored in the EU from a non-EU country for technical and support related reasons. In all cases where data is transferred outside of the E.U., Capium commits to ensuring such transfers are compliant with applicable data transfer laws, including GDPR.

What do you do if you think there has been a data breach?

As discussed above Capium has put in place a Data Breach Policy which sets out how we will deal with such a scenario internally. However, we also need your help. In the event that you suspect that there has been a data breach or an unauthorised access to your personal data then you should let us know immediately. Please contact our support services immediately at support@capium.com

Who do we contact if we have any questions?

Capium is 100% committed to customer success and the protection of customer data. We hope that the above information helps demonstrate our resolve in this area. However, if you have any questions or require any further information then please do not hesitate to contact us or visit our website where relevant policies are kept.

Download Our Latest White Paper On MTD

  • Using MTD to be a connected firm
  • 5 key takeaways to be MTD ready
  • Key deadlines you need to know
  • Download Free Whitepaper

LIKE WHAT YOU SEE? GET IN TOUCH

Get Started - It's Free