Last Updated: July 2019
Fulcrum Compliance Limited (“FC”) is committed to protecting your personal data and your privacy. We endeavour to ensure that any personal data we collect about you will be held and processed strictly in accordance with the Data Protection Act 1998 (DPA) and, on and from 25 May 2018, the European General Data Protection Regulation (GDPR). The terms Personal Data, Data Controller and processing have the meanings given to them in the GDPR unless otherwise indicated.
- by you interacting with us a prospective, current or former client and in connection with ongoing services we are providing to you or your organisation;
- by you submitting information to us through our website https://www.fulcrumcompliance.com or when you subscribe to our newsletter;
Fulcrum Compliance Limited
FAO: Data Processing
your contact details, consisting of professional / work telephone / mobile number, email address and office address;
your job title;
the name of your employer.
In exceptional circumstances, we may collect your private residential address where this is the same as your business address or where your business address is not know to us.
We may in exceptional circumstances collect data about any past criminal convictions where you have disclosed this to us in the course of business.
We will neither collect not hold any other personal data relating to any of your personal financial situation, ethnicity, religion or other data that might be described as sensitive.
To provide services to you
We are unable to provide services to you unless you disclose personal data to us. That may include the services set out in our Engagement Letter with you, the provision to you of our Newsletter or our response to any enquiry you have submitted.
As such, your disclosure of personal data to us is on the legal basis of our performance of our contract with you and our legitimate interest in so doing.
To respond to requests for information from regulated bodies or government agencies
Exceptionally we may be requested or required to disclose to (for example) the Financial Conduct Authority details about you and the services we provide. As such, our disclosure of your personal data to us is on the legal basis of our performance of our compliance with a legal obligation or our legitimate interest in so doing.
To keep you informed of any activities undertaken by us which we believe may be of interest to you
This use will include sending you email and postal marketing, including a Newsletter, from time to time. Your consent will be requested when you submit your data to us on line.
For further details on the technology we use in order to analyse our website’s performance, please see our policy on cookies(item 10). We rely on your consent – this will be obtained when you click on the banner at the bottom of our website to accept certain cookies.
Our web site has security measures in place to protect against the loss, misuse and alteration of the personal information under our control. Our security measures include the use of a hardware firewall to prevent unauthorised access. You acknowledge that although we exercise adequate care and security there remains a risk that information transmitted over the Internet and stored by computer may be intercepted or accessed by an unauthorised third party.
Our data protections controls include the following processes:
- password / access controls over all firm devices to ensure that they are only accessed by FC staff;
- dedicated FC hardware to ensure that only FC staff have access to your data;
- screen savers which activate after five minutes of inactivity. These are password controlled on mobile devices;
- routine and periodic back-ups to on-line suppliers (see 5 below) and to external storage media. The latter are held securely off site.
FC do not as a rule produce hard copy information disclosing your personal data.
Third parties who provide services on our behalf. For example, we use MailChimp to provide marketing automation services and IDrive for periodic and routine back-up. We have taken steps to ensure that all such entities keep your data confidential and secure and only use it for the purposes that we have specified and have informed you of. Our service providers are subject to data processing agreements that are, or are in the process of being updated to become, compliant with the requirements set out in the GDPR. Further details regarding any third parties who are located outside the EEA are set out in paragraph 7 below.
In relation to any other third parties, we will only disclose your information in the following circumstances:
- where you have given your consent;
- where we are required to do so by law or enforceable request by a regulatory body;
- where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
- if we sell our company, go out of business, or merge with another company.
- Right to request access – you may obtain confirmation from us as to whether or not your data is being processed and, where that is the case, access to your data.
- Right to rectification and erasure – you have the right to obtain rectification of inaccurate personal data we hold concerning you and to obtain the erasure of your data without undue delay in certain circumstances.
- Right to restriction of processing or to object to processing – you may require us to restrict the processing we carry out on your data in certain circumstances or to object to us processing your data.
- Right to data portability – you have the right to receive your data in a structured, commonly used and machine-readable format.
- Right to withdraw consent – where you have provided your consent to us processing your data, you have the right to withdraw your consent at any time. This can be done by contacting us at the above address at any time or by clicking the “unsubscribe” link on any marketing communications you receive from us.
- Right to lodge a complaint – you may lodge a complaint with the Information Commissioner’s Office.
For further information on your rights, please see the Information Commissioner’s website here.
- A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
- Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
- Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
- to help us to analyse the use and performance of our website and services (cookies used for this purpose are: Google Analytics
Cookies used by our service providers
- We use Google Analytics to analyse the use of our website.
- Google Analytics gathers information about website use by means of cookies.
- The information gathered relating to our website is used to create reports about the use of our website.
- Google Analytics uses the following cookies:
- _utma This randomly generated number is used to determine unique visitors to our site. It expires after 2 years.
- _utmb. This randomly generated number works with _utmc to calculate the average length of time users spend on our site. It expires after 30 minutes.
- _utmc This randomly generated number works with _utmb to calculate when you close your browser. It expires when you close your browser.
- _utmz This is a randomly generated number and information about how the site was reached (e.g. direct or via a link, organic search or paid search). It expires after 6 months.
- For our newsletter subscribers, we use Mailchimp. The cookies used are strictly necessary to provide you with services available. Mailchimp uses the the following cookies:
- _new-status-app_session JSESSIONID
- Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
- https://support.google.com/chrome/answer/95647?hl=en (Chrome);
- https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
- http://www.opera.com/help/tutorials/security/cookies/ (Opera);
- https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
- https://support.apple.com/kb/PH21411 (Safari); and
- https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
- Blocking all cookies will have a negative impact upon the usability of many websites.
- If you block cookies, you will not be able to use all the features on our website.
There is no statutory or contractual requirement for you to provide your data to us and you are not obliged to do so. Please note, however, that we may not be able to provide you with the services you have requested if you do not provide your contact details. As set out in our cookies policy, our website may not be able to function fully if you do not agree to certain cookies being set on your computer.
We do not undertake automated decision-making or profiling on your data.