Compliance Caddy Mobile App Data and Privacy Notice

We are DG Legal Limited. Our company number is 7934502 and registered office address is at 39 The Rushes, Loughborough LE11 5BG.

The Compliance Caddy App (‘the App’) is owned and operated by DG Legal.

In accordance with the Data Protection Act 2018 and the General Data Protection Regulation as incorporated into the law of the United Kingdom by virtue of the European Union (Withdrawal) Act 2018 (UK GDPR), we are committed to ensuring that your privacy is respected and that personal data or other confidential data is protected. Unless otherwise indicated, references in this Data and Privacy Notice to the GDPR refer to the UK GDPR.

Through the Compliance Caddy software, we may collect, use and are responsible for other categories of your personal information but we hold more detailed privacy notices for that platform (set out in full within that platform). This Notice relates only to the App and explains how we collect, use, disclose, and safeguard the limited data processed when you visit or use the App.

Use of the App constitutes acceptance by you of this notice, and of the collection and processing of your personal information by us as set out below.  If you do not agree with the terms of this privacy notice, please do not access the App.

The notice does not apply to the third party online/mobile store from which you install the App.

Collection of your data

Personal Data

In this notice, personal data means information which personally identifies you such as your name and email address which you voluntarily provide to us to login and use the App or when choosing to participate in any activities related to the App such as updating your contact details, providing support and obtaining feedback.

DG Legal will link all personal data with your registered account on the Compliance Caddy.

DG Legal may establish and require from time to time additional or different means of identification and authentication for logging on to the Compliance Caddy or accessing the Compliance Caddy or for accessing certain features or designated sections within that platform.

Meta-Data

We may also collect data automatically with regard to each of your visits and use of the App. However, the app does not automatically capture or store personal information other than details of visits made including, but not limited to logs (including, where available, the IP address and location of the device connecting to the online services and other technical information and identifiers about the device and the nature of the visit) and other communication data, and the resources that you use. We may collect information about your interaction between the App and your devices including system activity and system failures.

Conditions for processing data

We are only entitled to hold and process your data where the law allows us to. The current law on data protection sets out a number of different reasons for which we may collect and process your personal data. 

These include:

Contractual obligations

The main purpose for our processing your data is subject to an agreement we have with you to provide you with access to our Compliance Caddy software. 

Legitimate Interests

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. 

We may process your personal data in order to improve our App and the Compliance Caddy software with the primary aim of providing you with a more personal and interactive experience. In particular, we may use your personal data to tailor our App and Compliance Caddy software so as to ensure it is displayed in the most effective way for the device you are using. We may also process your personal data for the purposes of making our App and Compliance Caddy software more secure, for development of additional and enhanced functions and for internal technical operations such as for testing, statistical and other administrative or compliance purposes.

If our business is subsequently sold or we merge with another entity, to ensure our business can be continued and in order that services can continue to be provided to you, we will transfer your personal data to a third party or that data will be one of the assets transferred to a purchasing entity.

How your information will be used

To the extent that any personal data may be transferred by you to DG Legal via the App and we undertake any processing of that data, we confirm that we will:

  • only use the data for the purpose(s) for which you have provided it to us and for no other purposes
  • operate in accordance with this data and privacy notice
  • keep the data securely and confidentially and in accordance with the current data protection legislation
  • notify you immediately of any data loss or other security breach so that you can decide what action to take to protect your clients’ interests
  • not pass this data to any third party or subcontractor without your prior written agreement (or unless otherwise required by law)
  • return the data to you or securely delete it on request (unless we have another lawful basis for holding it)

Who will we share your personal information with?

We do not share any information provided by you or collected about you to any third parties except where:

  • you have consented to us sharing your personal information in this way
  • we are under a legal, regulatory or professional obligation to do so (for example, we may be obliged to share information with regulatory bodies and public bodies including the Police or National Crime Agency) or in order to enforce or apply our Terms of Use (or other client terms) or to protect the rights and interests, property, or safety of our firm, our clients or others, although we would only do so in accordance with relevant data protection legislation
  • all, or substantially all the assets of our firm are merged with or acquired by a third party, or we expand or re-organise our business, in which case your personal information may form part of the transferred or merged assets or we may need to transfer your information to new entities or third parties through which our business will be carried out
  • we provide anonymous statistical information about users of our websites and related usage information to reputable third parties, including analytics and search engine providers
  • we use a third party service provider to provide services that involve data processing, for example storage and archival, auditing, professional advisory (including legal, accounting, financial and business consulting) and security services

Transfer of data outside the UK

Data on the App and the Compliance Caddy is stored and processed within the UK. Clients can access our Compliance Caddy system outside of the UK by logging in through the App. In these cases and when we are acting as a data processor, the means and purposes of processing is decided entirely by you but we will treat that personal data in accordance with this data and privacy notice and UK data privacy law.

How long will we store your Personal Data?

We only keep personal data for as long as is necessary for the purpose(s) for which it was provided. 

Information entered into the App will be kept for a maximum of 9 months after the contract for use of the Compliance Caddy software ends. For most of this time, the information will be kept in secure encrypted backups that are deleted at the end of that period.

How we protect your information

We will treat your data with the utmost care and take all appropriate steps to protect it. We have clear data protection and information security policies and procedures in place (along with Regulatory and other legal obligations to keep your data safe) and these are regularly assessed as part of our compliance processes.

We use up-to-date industry procedures to keep personal information as safe and secure as possible and to protect against loss, unauthorised disclosure or access. We protect our IT systems from Cyber Attack. All information you provide to us is stored on secure servers.

We regularly monitor our system for possible vulnerabilities and attacks and we carry out penetration testing to identify ways to further strengthen security.

Passwords

Your login details are your responsibility and you are fully accountable for the use or misuse of this data. You must maintain your login details in absolute confidence. We recommend that you change your password frequently.

Transmissions to our Website

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data during its transmission to the App or Compliance Caddy; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

What are your rights?

You have rights under the Data Protections Act 2018 and UK GDPR and these include the right to be informed what information we hold about you. In particular, you have the right to request:

  • access to the personal data we hold about you, free of charge in most cases
  • the correction of your personal data when incorrect, out of date or incomplete
  • for example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end
  • that we stop any consent-based processing of your personal data after you withdraw that consent

You have the right to request a copy of any information about you that we hold at any time, and also to have that information corrected if it is inaccurate.

If we choose not to action your request, we will explain to you the reasons for our refusal.

Contacting us

For information on how your information is used, how we maintain the security of our information, and to exercise your rights to access information we hold on you, please contact us. Similarly, if you believe that the information we hold is wrong or out of date, please let us know and we will update it. 

The person in this firm responsible for data protection is our Data Protection Officer, Melanie O’Brien and enquires and requests can be sent to her by telephone on 01509 214999 by emailing melanie@dglegal.co.uk or in writing to 39 The Rushes, Loughborough, LE11 5BG.

The Regulator

For further details about your rights as a data subject, we would invite you to visit the Information Commissioner’s Office website: http://www.ico.org.uk/

Our ICO’s registration number is: ZA400801

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns

Changes to this policy

We do not intend to process your personal information for any reason other than stated within this privacy notice. However, internet and data privacy best practice and acceptable standards are developing. We therefore reserve the right to revise this Notice at any time. If this Notice changes in any way, we will place an updated version on the App. Regularly reviewing this notice ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties. Continued instructions to us as well as continued use of the App will signify that you agree to any such changes.





Version 1.0 January 2021