This website is operated by Contracts Advance Limited.
- the personal information we collect about you
- what we do with your information, and
- who your information might be shared with.
Who we are
Contracts Advance Limited (‘we’ or ‘us’) are a ‘data controller’ for the purposes of the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679 and any subsequent UK data protection legislation and we are responsible for, and control the processing of, your personal information.
- Our prospective customers and recipients of our marketing communications;
- Our customers and users;
- Visitors to our website;
- Our suppliers, service providers, agents, and subcontractors; and
- any individuals whose data we receive from any of the above for the purposes of operating our business and providing our products and services.
If you are unsure how this policy applies to you, please contact us (see ‘How to contact us’ below) and we will be happy to help.
What information do we collect and process?
Personal information provided by you
During the course of accessing our website, using our products and services, contacting us, providing services to us, or otherwise dealing with us, you may provide us with a range of personal data which we will use in the course of our business. This personal information may include:
- Your name or another unique identifier;
- Your address;
- Your contact details (which may include your landline telephone number, mobile number, and/or email address);
- Payment or other financial details (e.g. payment card information, bank information);
- Professional information (e.g. job title and/or type, professional qualifications, industry); and
- Other related information provided to us.
Information we collect automatically
Our website and services may collect certain information about you automatically (such as your IP address, geographical location, browser type and version, operating system).
Personal information provided by third parties
Occasionally we may receive information about you from other sources (such as our suppliers, customers, or group companies), which we will add to the information we already hold about you in order to help us operate our business effectively.
For example, we use a live messaging tool, Intercom. Intercom allows us to engage with visitors of our website and when customers use our product. The information that you provide to Intercom via the live messaging tool is passed to us to help us provide a better service and keep a log of your communications through the live messaging tool. Intercom may also collect information when you interact with other content on third-party sites or platforms, such as social networking sites. Further details on how they do this can be found here: https://www.intercom.com/terms-and-policies#privacy
You can also book appointments through our live messaging tool. This function is provided by Calendly. Further details of how they use your data as a “Calendly Invitee” can be found here: https://calendly.com/pages/privacy
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- transfer the personal data and give consent on his/her behalf to the processing of his/her personal data;
- receive on his/her behalf any data protection notices;
- give consent to the transfer of his/her personal data abroad; and
- give consent to the processing of his/her sensitive personal data (if applicable).
How we use your data and our legal basis for processing your data
We may process your data for a variety of reasons, including because:
- we are legally obliged to e.g. to confirm your identity;
- the processing is necessary for the performance of the contract with you to provide our Services; or
- it is in our legitimate business interests to do so.
In some instances, we will rely on your consent to process personal data and where we do this, it will be flagged to you at the time.
Our main processing activities for personal data, and the legal basis on which we perform those activities are:
1. Prospective customers/marketing recipients:
We will process your personal data in order to:
- engage with a visitor of the website e.g. information provided through our live messaging tool (Intercom – https://www.intercom.com/). This allows us to respond to your questions and queries.
- contact you in relation to our products and services (for example, where you have opted-in to receiving our newsletter) and keep a record of our communications (e.g. sales telephone calls, quotations and offers).
Our legal basis for doing so will either be:
- consent, which you will have given when you provided the personal data to us (e.g. upon registration) or one of our suppliers. You can withdraw this consent at any time by following the instructions in our communications or by contacting us; or
- our legitimate interests, which allows us to market our products and services to individuals provided there is a business case for doing so and our interests do not override the rights of the individuals in question. If you wish to object to direct marketing, you may do so by contacting us.
We will process your personal data in order to provide our products/services to you and to provide you with information and updates regarding the same. Our legal basis for doing so is that the processing is necessary for the performance of a contract. We will also keep a record of your data and use it for related purposes, including account management, customer support, and audit purposes, on the basis that we have a legitimate interest in doing so.
We may also contact you in relation to our products and services e.g. upcoming webinars. Our legal basis for doing so will be the same as for prospective customers – consent or legitimate interests as set out above.
3. Suppliers, service providers etc.:
We will process your personal data in order to receive goods and/or services from you (or the business you represent) and to manage our relationship, including making payments to you, dealing with accounts issues, placing orders etc. Our legal basis for doing so is that the processing is necessary for the performance of a contract.
Other processing activities
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of training, fraud prevention, and/or quality assurance. We may also retain copies of communications and details provided to us by you, for example support requests, account queries, complaints, for internal account management and auditing purposes. This is done on the basis of legitimate interests.
We may do a credit check on you:
- so that we can make credit decisions about you and members of your household/business; and
- to prevent and detect fraud and money laundering.
Our search will be recorded on the files of the credit reference agency.
We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked.
Other credit businesses may use your information to:
- make credit decisions about you and the people with whom you are financially associated
- trace debtors, and
- prevent and detect fraud and money laundering.
If you provide false or inaccurate information to us and we suspect fraud, we will record this.
Storage of your information and who your information might be shared with
We store your personal data on a cloud based CRM system provided by a third party supplier, Salesforce.
Personal data is also stored on the CA web application. All traffic (transferral of files) between the CA application and your web browser is encrypted using HTTPS and SSL connections. All company profiles are password protected.
Any transfer of your data will be subject to a European Commission approved contract that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
We may disclose your personal data to:
- other companies within our group to the extent that there is a legitimate interest in doing so to support our business aims;
- our agents and service providers, to the extent that they require access to the data in order to provide goods/services to us, in which case they will be bound by a contract requiring them to process personal data in accordance with the requirements prescribed by data protection law;
- law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
- a third party purchaser if we sell our business, in which case, customer and user information will be a transferred asset.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and user name that are unique to you;
- we store your personal data on secure servers; and
- payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology).
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).
What can I do to keep my information safe?
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Transfers of your information to outside of the EEA
We may need to transfer your personal data outside the European Economic Area (e.g. our CRM system). We will only do this if appropriate safeguards are place in accordance with data protection legislation.
How long do we keep your personal information?
We keep your personal information for as long as we need to for the purposes for which it was collected or (if longer) for any period for which we are required to keep personal information to comply with our legal and regulatory requirements.
What rights do you have?
You are responsible for ensuring that information you provide to us is accurate, complete and up-to-date. You can review and change your information by contacting us.
You have a number of rights in relation to your personal data, these include the right to:
- find out how we process your data;
- request that your personal data is corrected if you believe it is incorrect or inaccurate;
- obtain restriction on our, or object to, processing of your personal data;
- if we are relying on consent, you can withdraw your consent to our processing of your personal data (including any direct marketing);
- if we are relying on legitimate interests for direct marketing, you can object to receiving such direct marketing;
- obtain a copy of the personal data we process concerning you. We will take steps to verify your identity before responding to your request. Once we have verified your identity we will respond as soon as possible and in any event within one month.
- lodge a complaint with the UK supervisory body, the Information Commissioner’s Office (the ICO) here https://ico.org.uk/. If you have a concern or complaint about the way we handle your data, we ask that you contact us in the first instance to allow us to investigate and resolve the matter as appropriate.
If you would like to exercise any of your rights or find out more, please contact us (contact details below). We are required to confirm your identity before we are able to assist with a request so you may be asked to provide photographic identification, such as a copy of your driving licence or passport, and proof of address (i.e. utility bill not older than three months).