Privacy Policy

At Corporate Data Management we recognise our responsibilities to protect the privacy of all visitors to this website, our customers, prospects and employees.

This policy explains how we control, process, handle and protect Personal Information through the business and while you use this website. If you do not agree with our policy you may wish to cease using this website and/or refrain from submitting your personal data to us.

Please read this policy carefully and contact us if you have any questions about our privacy practices.

Who are Corporate Data Management?

Corporate Data Management is a trading name for Corporate Data Management Ltd. - Registered in England & Wales – Companies House Registration Number 03989242 - Registered Office: Minafon, Brynrefail, Caernarfon, Gwynedd, LL55 3NR, United Kingdom.

We are registered with the Information Commissioner’s Office (ICO) as a Data Controller on the Data Protection Register (DPR) – DPR Registration Number ZA558438.

We have also requested the opportunity to sign up to the ICO’s “Your Data Matters” campaign, which aims to increase the public’s trust and confidence in how data is used.

What information do we collect?

When you contact us you may provide us with information about you and your company, such as names, titles, email addresses, postal addresses and telephone numbers - collectively ‘Personal Information’. We do not collect any Personal Information through your use of this website unless you provide it voluntarily (for example, by sending us a message).

Use of cookies and Google Analytics

We do not currently use cookies or Google Analytics on this website.

What information do we not collect?

We do not collect information that falls into the following categories:

  • From users under 16 years of age. We do not provide services which are aimed at users under 16 years of age. Therefore, if you are below this age, please get a parent’s or guardian’s permission before using this website or contacting us.
  • Special Category data and Criminal Offence data - both of which are given additional protections under the General Data Protection Regulation.

How do we use Personal Information?

We use Personal Information in the following ways:

  • Personalisation of business correspondence.
  • Providing services to customers.
  • Recruiting and employing staff.
  • Fulfilling legal obligations: to prevent fraud and to comply with UK and European law regarding business record keeping and audit requirements.

What legal basis do we have for processing Personal Information?

The General Data Protection Regulation defines six possible reasons for the legitimate processing of personal data:

  • Consent
  • Contract
  • Legitimate Interests
  • Legal Obligations
  • Vital Interests
  • Public Tasks

We process personal data for all of these reasons except Vital Interests and Public Tasks. More specifically…

Consent - when you contact us about business services or opportunities you provide us with your consent to process Personal Information about you. We continue to process your information on this basis until you withdraw your consent by contacting us, or until it is reasonable to assume that your consent no longer exists.

Contract - when you purchase services from us, or otherwise agree to our terms & conditions, a contract is formed between you and us. In order to provide you with and charge you for those services, and also verify your identity for security purposes, we must process the Personal Information which you give us. We shall continue to process this information until the contract between us either expires, or is terminated by either party under the terms of the contract.

Legitimate Interests - we may process Personal Information on the basis that there is a legitimate interest, either to you or to us, in doing so. However, we would only do this after careful consideration and having concluded that:

  • You would consider it reasonable for us to do so.
  • The same objective could not be achieved by other means.
  • Failing to process the information might be to your detriment.

The reasons for processing your information on this basis include (but are not limited to):

  • Keeping records for the proper and necessary administration of our business.
  • Responding to unsolicited communication from you to which we believe you would expect a response.
  • Protecting and asserting the legal rights of any party.
  • Managing business risk.
  • Protecting your interests where we believe we have a duty to do so.

Legal Obligations - we may process Personal Information in order to comply with statutory obligations. For example, we may be required to give this information to legal authorities if they request it with the proper authorisation, such as a search warrant or court order.

Where do we store and process Personal Information?

We store and process all Personal Information within the United Kingdom.

How do we secure Personal Information?

We use industry best practices to protect Personal Information against accidental loss and unauthorised access, disclosure or destruction. These practices include:

  • Limiting access to Personal Information to only those employees who need it to perform their duties.
  • Training staff in information security issues, and contractually requiring them to ensure that Personal Information is protected appropriately.
  • Managing third party risks, through use of contracts and security reviews.
  • Performing privacy impact assessments.
  • Having business continuity and disaster recovery plans in place.

How long do we keep Personal Information for?

We will keep your Personal Information for as long as it is needed for the purposes set out in this policy and/or for the period of time that the law requires us to keep business records – currently 6 years.

How do we dispose of Personal Information?

All Personal Information is deleted once it is no longer required. All hard drives and other storage devices are securely wiped and physically destroyed before being disposed of.

Your rights regarding Personal Information

Under the General Data Protection Regulation your rights are as follows:

  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • The right not to be subject to automated decision-making, including profiling.

You can read more about your rights in detail here.

Please note:

  • We require proof of identity before being able to respond to a Personal Information request, and we will respond within one calendar month – as specified in the General Data Protection Regulation.
  • We may be unable to comply with some requests for deletion if they conflict with statutory obligations to retain business and accounting records.
  • We do not make use of any automated decision-making or profiling.

If you have concerns about how we have dealt with your Personal Information request, please contact us so that we can endeavour to address those concerns to your satisfaction.

Also, you have the right to complain to the Information Commissioner’s Office if you are not satisfied with our handling of your Personal Information.

Links to third party websites and content

This policy applies only to Corporate Data Management, and we have no control over the privacy policies which apply to third party websites and content (which this website provides links to). You are, therefore, advised to check the privacy policy of the relevant third party before you submit any Personal Information to them.

Changes to this privacy policy

Any changes we make this privacy policy will be documented on this page and, if deemed appropriate, communicated to you directly via email. Please re-visit this page from time to time to make yourself aware of any updates.