Privacy Policy

Keeping things private

This is the Privacy Notice for Purple Square Consulting Ltd, T/A Purple Square CX. The purpose of this notice is to inform you about how and why your personal data is used so that we are as transparent as we possibly can, and to ensure that you are aware of your rights under UK data protection legislation (UK GDPR, Data Protection Act 2018).

Data Controller

Purple Square Consulting Ltd, T/A Purple Square CX is a company registered with Companies House under registration 07586167 and with the ICO under registration ZA339565. We are a data controller for the personal data we collect from you. We have appointed Mrs Melanie Addison as our designated data protection lead.

Our postal address is The Beehive, Beehive Ring Road, London Gatwick Airport, West Sussex, RH6 0PA. You can contact us at melanie.addison@purplesquarecx.com or on 01293 804 739.

Our Data Protection Officer can be contacted at dataprotection@caps-ltd.co.uk

The purpose for processing your data and our basis for doing so

We process personal data so we can provide commercial services to clients and engage with prospective clients and partners. We also process personal data for the purposes of marketing our activities.

In processing your data, we must establish our legal basis for doing so and the legal basis can be different depending on circumstances in which we process it. References to the basis of processing e.g.,”(Article. 6.1.f)” are a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question.

If you are a client, we will hold the following information about you:

Your full name.
Your preferred name.
Your correspondence address.
Your email address.
Your contact telephone number(s).
Your gender.
Your signature.

We process this information so we can provide you with our consultancy and support services, invoice you and maintain our communication with you. Our legal basis for doing this is Article 6.1.b – performance of a contract, this is necessary to deliver the service to you.

Where we require your data in the pursuance of a contract, if you fail to provide that data, we will not be able to provide you with our services or enter into a commercial agreement.

If you are a prospective customer we have engaged with, we will hold the following information about you:

Your full name.
Your email address.
Your contact telephone number(s).
Social media URL.

We will process this information so we can communicate with you and send you marketing material and updates on our services. We are a business to business (B2B) organisation and conduct B2B marketing as a legitimate interest activity. We do not require your consent, but you have the right to object to receiving marketing material. If you exercise this right by using the ‘Unsubscribe’ function on our emails, we will cease the transmission of marketing emails. The lawful basis for processing your data for this activity is Article 6.1.f Legitimate Interest, as we have a legitimate interest in growing our business.

Recipients of your data

As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:

If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Lawful basis Article 6.1.f, we have a legitimate interest to pursue money owed to us.
It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. Lawful basis is Article 6.1.c Legal Obligation.
At time to time, we may engage the services of a third party to generate marketing leads on our behalf. Lawful basis is Article 6.1.f Legitimate Interest.

As we conduct B2B marketing, we do not require consent, however, as a data subject receiving these communications via email, you have the right to object to receiving marketing material and will have the option to opt out on every marketing email you receive. Our commitment is to cease the transmission of marketing emails to any data subject who opts out with immediate effect.

Data processed by third parties on our behalf

We use the services of other organisations in the processing your data. We use cloud-based platforms for accounting, email / document storage, video conferencing purposes, support desk function, project management, client relationship management and IT support. A list of those data processors is available on request.

Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled in accordance with the UK GPDR.

Transferring your data outside of the UK

Your data will be transferred out of the UK as some of our cloud-based platforms store and process data in their centres in the EEA and the USA. Transfers to the EEA are permitted by the UK government and a reciprocal agreement is in place. Data that is transferred to the USA is conducted through data processing agreements with EU approved Standard Contractual Clauses as required by Article 46 UK GDPR.

Retention periods

We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose. For example, we will keep your data for all of the time you are a client and for 7 years following. This is to comply with HMRC audit requirements.

If you are a prospective customer, we will keep your information for 2 years from last meaningful contact unless you have asked us to stop contacting you. If this is the case, we will remove you from the mailing list but will keep the minimum of data to ensure you are not added back into it.

Security

The UK GDPR requires us to implement technical and organisational measures to protect your data. This means our IT systems are encrypted and protected by anti-virus and anti-malware software. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website.

Your rights

The UK GDPR provides you with several rights in relation to the data of your we process. The rights relevant to our activities are:

You have the right to get access to and copies of your personal data.
You can in certain circumstances, restrict our processing of your data and request us to erase it (although we may have to retain some for legal reasons).
You can ask us to rectify any inaccurate information we may be holding.

If you want to exercise any of these rights, contact us on the above email address.

You also have the right to lodge a complaint about our processing with a supervisory authority — the UK’s Information Commissioner’s Office.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

Changes to our privacy policy

We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in May 2021.

How to contact us

You can write to us at this address:
Purple Square Consulting Ltd, T/A Purple Square CX
The Beehive, Beehive Ring Road
Gatwick,
RH6 0PA,
United Kingdom

You can email us by using this link:
privacy@purplesquarecx.com