Privacy policy

1. Who we are.

We are Compass Plus (Great Britain) Limited (company number 5591482) and Compass Plus GB Online Limited (company number 13623665) both of 9 The Triangle, NG2 Business Park, Nottingham, NG2 1AE, United Kingdom (“we”, “our”, “us” or “Compass Plus Technologies”).

2. What is this Privacy Notice?

This Privacy Notice explains how we process Personal Data of individuals who are:

• users of our website and/or electronic device applications;
• customers/perspective customers and/or their representatives;
• partners and/or their representatives;
• suppliers (subcontractors) and/or their representatives;
• our (or our associated companies’) employees, ex-employees or applicants (of Compass Plus Technologies)

(“you”, “your”)

3. What information may we hold / process that will relate to you?

We will collect Personal Data from:

• you;
• affiliated companies;
• our partners, customers, perspective customers, employees, ex-employees and applicants.
• third party databases and/or agencies for the know your customer and due diligence purposes.

The categories of “Personal Data” about you, we will process are:

• name and address (postcode);
• date of birth;
• email;
• telephone numbers;
• gender;
• next of kin details and/or dependants
• occupation & employment status;
• employer name and contact details/business address;
• identification documents;
• photographs;
• payment card and account data;
• transaction history;
• dietary requirements.
• Medical conditions (in respect of employees)

4. Why we process your Personal Data.

We are a provider of:

• a website, available for visitors
• an application to electronic devices for participants of events/conferences
• processing and payment services;
• retail banking and electronic payments software and related services.
• licensed software products and related professional Services: inclusive of software development, testing, project implementation, management, support and consulting.

5. The processing we carry out.

The types of processing we carry out are:

• CCTV data including from video recordings and still pictures which feature your face, car registration and other visual information about you if you are in the field of vision of any of our CCTV cameras;
• storage;
• processing on behalf of our customers to enable various types of electronic payments, card issuance, merchant and ATM acquiring and related services;
• processing to facilitate customer support and project delivery;
• transfer of Personal Data into and out of the United Kingdom;
• transfer of Personal Data to and from third parties who perform the processing listed above on our behalf.
• transaction processing and related services
• processing to facilitate access to our website;
• processing to enable organisation of eventsv(including conferences) and use of applications in respect of such events

6. The legal basis for processing your Personal Data.

In order to process your Personal Data, when acting as a data controller, we must have a lawful basis.  We rely on the following legal bases to process Personal Data:

• Article 6(1)(a) GDPR - Consent: We may process your Personal Data for the purposes of marketing our services. In order to process your Personal Data for such marketing purposes we will obtain your consent to do so in advance. We will not process your Personal Data for the purposes of marketing the services of third parties.
• Article 6(1)(b) - Necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (this includes employment contracts).
• Article 6(1) (c) - Processing is necessary for compliance with a legal obligation to which we are subject. We have contractual and statutory obligations to pass Personal Data to third parties for, for example, taxation purposes. It is also required to comply with legislation which requires the collection and sharing of Personal Data, such as elements of employment law, disability and equal opportunities monitoring.
• Article 6(1)(d) Processing is necessary to protect your vital interests. This will only be used in an emergency situation.
• Article (6)(f) - Processing is necessary for the purposes of the legitimate interests pursued by the data controller. This basis is applicable to us in respect of our dealing with e.g., individuals working for or acting on behalf of customers, perspective customers, supplies or partners, and participants of events & conferences.    

7. Sharing your Personal Data.

In general, your Personal Data will be kept confidential. However, to fulfil (i) our legal obligations or (ii) contractual obligations to provide you, your employer or your service provider with the products and/or services listed in Section 4 above, we may disclose your Personal Data to the following parties (whether within or outside your country of residence):

• Compass Plus Technologies’ subsidiaries and/or strategic partners that are under a duty of confidentiality to us and have contractually agreed to keep your Personal Data confidential;
• agents, contractors, suppliers or third party service providers under contract who provide business operations support such as credit reference and fraud prevention, collection activities, compliance and technology services. Our service agreements dictate that these service providers only use your data in connection with the services they perform for us and not for their own benefit, however, please note, that your Personal Data may then be used by the third party in accordance their own privacy policy as an independent data controller (for example, to contact you pursuant to your interactions with them);
• other event/conference participants and third party suppliers in respect of such events/conferences;
• the police; security forces; any law enforcement agencies, competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory bodies, self-regulated authorities or schemes; or organisations or other authorities in the following circumstances:
• we are compelled to do so by a body referred to above, law or a court order;
• we need to do so to comply with credit card association and/or payment scheme rules;
• we are cooperating with a law enforcement investigation;
• we believe that the disclosure of Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to enforce, act in compliance of, or investigate violations of, any standard Compass Plus Technologies’ contract, agreement and/or terms of business;
• businesses or entities that we plan to merge with or be acquired by (should such a merger occur, we will require that the new merged entity follow this Privacy Notice with respect to your Personal Data); and
• other third parties with your express consent or direction to do so.

8. Transferring your personal information internationally.

The Personal Data that we collect from you will be transferred to, and stored on, our servers in the United Kingdom and/or at a destination in the Russian Federation and/or may be transferred and/or stored to other places at third party sites outside United Kingdom including the US and/or Canada. It may also be processed by employees or contractors operating outside the United Kingdom who work for us or for one of our affiliates, partners or suppliers. These employees or contractors may be engaged in the provision of various support services to you.

If we transfer your Personal Data to other countries, we will protect the Personal Data as described in this Privacy Notice and will comply with all applicable legal requirements to provide adequate protection for the transfer of Personal Data to countries outside the United Kingdom.

If you are located within the United Kingdom, we will only transfer your Personal Data if:

• the country to which the Personal Data will be transferred has been granted a European Commission adequacy decision;
• the recipient of the Personal Data is located in the US and has self-certified their adherence to the Data Protection Framework Principles; or
• we have put in place appropriate safeguards in respect of the transfer, for example, we have entered into EU standard contractual / model clauses with the recipient (importer), or the recipient is a party to binding corporate rules.

We will take all reasonable steps necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Notice. We will not sell your Personal Data.

If you wish to know more about the safeguards that we have put in place in respect of the transfer or processing of Personal Data, please contact us by using the details set out in the "Contact us" section below.

9. Storage of your data.

We will not store your Personal Data any longer than we need to store it.

In respect of contractual relationships with customers, prospective customers, partners or suppliers we will store your Personal Data for the duration of your, your employer’s or your service provider’s contractual relationship with us and for a further period of time so long at it constitutes a legitimate reason for us to do so or we are required to do so by law or our regulators.  

10. Your data rights.

You have the following rights in relation to your Personal Data:

• the right to be informed about how your Personal Data is being used;
• the right to access the Personal Data we hold about you;
• the right to request the correction of inaccurate Personal Data we hold about you;
• the right to request the erasure of your Personal Data in certain circumstances;
• the right to restrict processing of your Personal Data where certain requirements are met;
• the right to object to the processing of your Personal Data;
• the right to request that we transfer elements of your Personal Data either to you or another service provider; and
• the right to object to certain automated decision-making processes using your Personal Data.

You should note that some of these rights may not always apply as they have specific requirements and exemptions which apply to them, which may mean that they do not apply to Personal Data recorded and processed by us.  

To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contact us" section below.

11. Complaining to the ICO.

You have the right to contact the ICO to complain about our processing of your Personal Data.

The ICO can be contacted by:

• live chat (Monday to Friday, 9am to 5pm): http://ico.org.uk/global/contact-us/live-chat
• email: casework@ico.org.uk
• form: https://ico.org.uk/media/report-a-concern/forms/1523/information-handling-form.pdf
• phone: 0303 123 1113 (calls from within the UK) or +44 1625 545 745 (calls from outside the UK)
• post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK.

More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/

12. Automated processing.

We do not envisage that any decisions will be taken using automated means.

13. Changes to this Privacy Notice.

We reserve the right to update this Privacy Notice at any time.

14. Contact us.

Please direct all questions, requests and complaints you might have about privacy and Personal Data protection to our Compliance Officer.

By post – Compliance Officer, Compass Plus (Great Britain) Limited, 9 The Triangle, NG2 Business Park, Nottingham, NG2 1AE

By email – compliance@compassplustechnologies.com