Our site is owned and operated by Comply Express Unipessoal Lda (shortened name Comply Express Lda), a limited company registered in Portugal under company number 516233483, whose registered address is StartUp Madeira, Campus da Penteada, 9020-105 Funchal, Portugal. Comply Express Lda is a wholly owned subsidiary of Comply Express Ltd, Coalport House, Stafford Court, Stafford Park 1, Telford, Shropshire TF3 3BD, UK.
Comply Express Lda VAT number is 516233483.
Under data protection laws, you have rights in relation to your Personal Data that include:
Please note that we may ask you to verify your identity before responding to such requests.
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above, please email us at ’firstname.lastname@example.org’.
We collect and log your IP address, the time and duration of your visit, the time and duration of the pages on our website that you view and information about your computer system, such as your browser type and operating system.
We collect anonymous usage information on visitors to our website through the use of Google Analytics. Google Analytics employ tracking cookies to gather anonymous browser, operating system, geographic and website navigation information.
Personal information is not collected as part of your web visit but may be tied to other information which we do collect from you. We collect the following pieces of information upon request:
All Personal Data is processed and stored securely for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the General Data Protection Regulation (’GDPR’) at all times.
Our use of your Personal Data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your Personal Data (e.g. by subscribing to emails), or because it is in our legitimate interests. Specifically, we may use your data for the following purposes:
With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone, text message and post with information, news and offers on our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so, for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible, for example, because your personal information has been stored in backup archives, then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Comply Express Ltd & Comply Express Lda are committed to protecting your information. To do so, we employ a variety of security technologies and measures designed to protect information from unauthorised access, use or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, please bear in mind that the Internet cannot be guaranteed to be 100% secure.
If you want to know what Personal Data we have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a ’subject access request’.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 1.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 14 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
We may employ third party companies and individuals to facilitate our website, to provide the service on our behalf, to perform website related services or to assist us in analysing how our website is used.
We compile statistics about the use of our website including data on traffic, usage patterns and other information. This data is anonymised and does not include personally identifiable data. We may share this derived information with affiliates.
We may be required to share data with law enforcement.
9.1. Google Analytics
This website uses Google Analytics to monitor and analyse the use of our website.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our website. This data may be shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
For more information on the privacy practices of Google, please visit their Privacy & Terms web page at: https://policies.google.com/privacy
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.
It is not our policy to deal with individuals under 18 years of age. We do not knowingly collect personally identifiable information of Children under the age of 18. If you are a parent or guardian and you believe that your Child/Children may have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verfication of parental consent, we will take appropriate steps to remove that information from our records.
The General Data Protection Regulation (’GDPR’) imposes mandatory contractual obligations on the relationship between Data Controller and Data Processor. These are required to be incorporated into any contract between these parties for the contract and the processing to be and remain GDPR compliant.
This Addendum will be contractually applicable to the provision of your services and incorporates the required GDPR provisions, it takes priority over your existing agreements with us.
This Addendum also applies to how we use your Personal Data while you remain a customer and includes details about the data we store and the steps we take in securing the information.
As the Data Controller for data you provide us with, you shall:
We may sub-contract our duties or obligations arising under this Addendum without the prior written consent of the Data Controller. Details regarding any (if any) sub-contracting relationships will be supplied to the Data Controller as reasonably required.
As the Data Processor of data you provide us with, we shall:
Regarding transfers of Personal Data to a third party or an international organisation, such shall only be undertaken on the instruction of the Data Controller, save where the Data Processor is required to do so by law, in which case, the Data Processor shall inform the Data Controller of that legal requirement before processing,unless that law prohibits such information on important grounds of public interest.
Our use of your Personal Data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your Personal Data (e.g. by subscribing to emails), or because it is in our legitimate interests.
All Personal Data is processed and stored with reasonable securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times.
We may have to share your Personal Data with the parties set out below:
We require all third parties to whom we transfer your data to respect the security of your Personal Data and to treat it in accordance with the law. We only allow such third parties to process your Personal Data for specified purposes and in accordance with our instructions.
Some or all of your data may be stored outside of the European Economic Area (”the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). You are deemed to accept and agree to this by using our site and submitting information to us. If we do store data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK under the GDPR legislation
Personal Data means any information capable of identifying an individual. It does not include anonymised data.
With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone and post with information, news and offers on our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by emailing us at ’email@example.com’ at any time.
If you opt out of receiving marketing communications this opt-out does not apply to Personal Data provided as a result of other transactions, such as purchases etc.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure and the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes, the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances, we may anonymise your Personal Data for research or statistical purposes, in which case, we may use this information indefinitely without further notice to you.
Notwithstanding any other provision of this Addendum, the Parties warrant that, upon receipt of Personal Data, each shall duly observe all its obligations as a Data Controller and/or Data Processor under the Data Protection Act (“DPA”) and the GDPR, which arise in connection with the Processing and the performance of its respective rights and obligations under this Addendum.
The provisions of this Addendum are expressly agreed by the Parties to survive any termination of this addendum, howsoever arising. This Addendum shall be governed by the laws of Wales and the parties hereby submit to the exclusive jurisdiction of the English Courts.