Client Privacy Notice
In the course of providing our service, we process Personal Data on your behalf. This Privacy Notice sets out the basis on which we process that data.
What Data do we Process?
Using the language of the GDPR, you are the Data Controller and we are your Data Processors. Details of the data we process, and how we process that data can be found in our Data Protection Policy, which is on our Web Site [https://www.thecashroom.co.uk/faqs/].
In brief we process information you provide us on your clients, directors and employees, including their name, address and details of the financial transactions we perform on your behalf.
Why is it being Processed?
We process data we obtain from you on 2 bases
On your instructions as your Data Processor.
The data we process as your Data Processor is processed on your instructions, as part of our contract for services with you.
In pursuit of our Legitimate Interest in promoting our service, and providing general information to existing client and their employees.
On occasion we use the data we have on your partners and employees to send them information about additional services we provide, or about articles posted on our blog we think they may find interesting. We do this because we consider we have a legitimate interest in doing so. That interest is in providing relevant information on topics of interest to the legal profession generally, and in promoting our services to existing clients.
You have an absolute right to request that we do not use your data for this purpose.
Who processes it?
The Cashroom Limited is your Data Processor. The data is processed by our employees. We carry out background checks on all our employees. All our employees sign confidentiality agreements and are trained in the application of our Data Protection Policy.
In so far as possible, access to Personal Data is restricted only to those employees who require access for the purposes for processing set out below.
We have appointed a Data Protection Administrator who should be your first port of call on all matters to do with this notice, and our Data Protection Policy. You can contact the DPA at DataProtection@thecashroom.co.uk.
How is it collected?
We only use data given to us by you. We do not collect data about you, your client or your employees independently.
How will it be used?
How we use and protect your data is set out in detail in our Data Protection Policy that you can find here [The Cashroom Limited Data Protection Policy]. In general terms the data is only used for the purposes set out above, access to the data is restricted to only those of our staff who serve those purposes, and your data is deleted (or returned to you) as soon as regulatory obligations allow.
Who do we share it with?
To allow us to deliver our service we share your data with a small number of suppliers. The suppliers with whom we share your data are listed in our Data Protection Policy. In accordance with the GDPR we only appointed Data Processors who have provided sufficient guarantees that the requirements of the GDPR will be met and the rights of data subjects protected.
Under the GDPR we are obliged to include certain obligations in our contract. The revised terms set out our rights and obligations and will form part of our contract from the 25th of May 2018 onward.
Your Rights and the Rights of Data Subjects
For the data you send us, as your Data Processor, we are under an obligation to assist you in
- Meeting your Article 32 obligation to keep personal data secure
- Meeting your Article 32 obligation to notify personal data breaches to your supervisory authority
- Meeting your Article 32 obligation to notify data subjects when there has been a personal Data breach
- Meeting your Article 35 obligations to carry out data protection impact assessments.
- Meeting your Chapter III obligations to Data Subjects
These obligations are set out in the revised terms and conditions, and our procedures for ensuring compliance are detailed in our Data Protection Policy.
Your Right to Complain
If you have a concern, that we can not resolve, we are registered with the Information Commission, and you are entitled to lodge a complaint with the ICO if you feel your rights have been breached.