Capium and GDPR
Our Commitment to Data Privacy
Capium is fully committed to respecting the privacy of you our customer. The personal data you share with us is given on trust and is a privilege we take seriously. As such we are committed to compliance with the General Data Protection Regulation (GDPR), which comes into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years, and we have been working hard to ensure that we are evolving with these developments.
What We Are Doing
At Capium we have made GDPR a priority, which is why we have devoted significant resources toward our efforts to comply with GDPR. We appreciate that our customers also have requirements under GDPR that are directly impacted by their use of Capium, and as such we support you in helping to fulfil your obligations under GDPR.
In order to assist you and to help demonstrate our compliance with GDPR we wanted to outline some of the key areas we have been working on and the policies and processes we have put in place to achieve GDPR compliance, which includes:
Completing a GDPR Audit
- In 2018 we completed a company-wide internal audit of Capium Limited to identify and map out the personal data we hold and to allow us to identify any areas where we would have to work on to achieve GDPR compliance. The GDPR audit was supported with a roadmap for compliance. Appointing a DPO
- Our document retention policy ensures that we keep the documents necessary to fulfil our obligations under HRMC and other regulatory bodies, but also ensuring that we are not keeping your data for longer than is necessary. Ensure any international transfers are done in the right way
- We have committed to ensuring that we have the security and privacy measures required to fulfil our obligations under GDPR, and most importantly to keep your data safe. This includes assessing our current security measures to ensure we are meeting industry best practice.
- As part of our security provisions we have put in place a Data Breach Policy. We hope we never have to use it, but in case of such a scenario, rest assured that we have a policy which sets out how we will deal with any potential breach of security or data loss, so that it is handled in the most effective manner. This includes procedures on notifying the regulators of personal data breaches on our systems and promptly communicating any such breaches to you where you are affected The right policies and training in place
- We are committed to ensuring our staff both in the UK and India that have access and process our customer’s personal data have appropriate training and are bound to maintain both the confidentiality and security of that data. Ensuring third parties who we work with are also GDPR compliant
- Holding any sub-processors that handle our customers’ personal data to the applicable data management, security and privacy standards required under GDPR.
Who is the Data Controller?
Capium Limited in the UK is the data controller, which is the company who you share your data with. We are registered in the UK with the ICO, our registration number is ZA070927and you can find our registration here.
Do we process personal data of our customers?
Where do we send customer data?
Our goal is to provide you our customers with secure, valuable and reliable service. As a provider of a software platform and accountancy solution we seek to give you both a great service and good value.
As part of our service Capium requires that data be transferred to our group company in India. In addition, our employees and contractors may from time to time either when travelling access to data stored in the EU from a non-EU country for technical and support related reasons. In all cases where data is transferred outside of the E.U., Capium commits to ensuring such transfers are compliant with applicable data transfer laws, including GDPR.
What do you do if you think there has been a data breach?
As discussed above Capium has put in place a Data Breach Policy which sets out how we will deal with such a scenario internally. However, we also need your help. In the event that you suspect that there has been a data breach or an unauthorised access to your personal data then you should let us know immediately. Please contact our support services immediately at email@example.com
Who do we contact if we have any questions?
Capium is 100% committed to customer success and the protection of customer data. We hope that the above information helps demonstrate our resolve in this area. However, if you have any questions or require any further information then please do not hesitate to contact us or visit our website where relevant policies are kept.