PFP Specialists Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Terms you will find in this document:
- Personal Data: Data that is collected that can identify the natural persons, see the section personal data collection for more information
- We, Us, PFP Specialists: Refers to the entity PFP Specialists Ltd., the data controller, and data processor
- Processing: operations set on personal data, such as accepting payments from natural persons (credit card processing)
All other terms that are not used frequently will be defined as they come in the spirit of clarity.
2. Who are we
PFP Specialists Ltd. of registered address Willowbrook, Preston St. Mary, United Kingdom, is the sole company involved in this privacy notice, and we are the data controllers of all personal data mentioned in this notice.
A data controller dictates the purpose of processing and the type of personal data collected; you can find a complete explanation in section five.
3. Company and website within the Scope of the Policy
The website www.pfpspecialists.co.uk is the portal for all our services and is the primary means of data collection and data processing.
- Quantifire Web Service
4. Your Rights as a Data Subject
The GDPR affords data processing rights to the natural persons that you can find listed below:
- Right of access: you have the right to request a copy of the information we hold on you. Once we have verified your identity, we will have a copy of the data, free of charge, within the one-month grace period of a data subject access request.
However, if the request is found to be manifestly unfounded or unreasonable, we may charge a fee to cover the administrative costs.
- Right to rectification: if you believe that the personal data we hold on you is inaccurate, out-of-date, or incomplete, you can exercise your right to rectify (i.e., delete inaccurate data or complete incomplete data).
- Right to erasure (“right to be forgotten”): in cases where there are no conflicting legal basis or legitimate reasons for processing personal data, you may request that we delete all personal information we hold. We will take all the necessary steps in order to ensure deletion.
- Right to restrict processing: you have the right to request that we stop processing your data. We will still hold your personal data, and you may exercise this right as an alternative to erasure. Conditions that allow restriction are:
- Accuracy of data is being rectified or has been flagged as inaccurate
- Processing of data is unlawful
- The personal data is no longer needed except for as part of a legal process
- You have expressed a right to object in the cases of legitimate interests, and the case is being reviewed.
- Right to data portability: Data subjects may request their set of personal data to be transferred to another controller or processor. This data set is provided in a commonly used and machine-readable format.
This right may only be exercised if the original processing was by consent, the processing is by automated means, or if the processing is based on the fulfillment of a contractual obligation.
- Right to object: You have a right to object to the processing of your personal data if:
- Processing is based on legitimate interest
- Processing is for direct marketing
- Processing if for the purposes of scientific or historical research
- Processing involved automated decision making or profiling
5. Personal Data Collection
This section will outline the personal data we collect. In the following section, the lawful basis of processing, we showcase how we legally process your personal data.
Why we collect your data:
- To provide you with information that you have requested or to render services that you have requested.
- To complete commercial transactions for the purchase of our products or services and legal tax and accounting purposes
- To fulfill a contract we entered with you or an organization that you represent
- To provide access to our web portal via means of a unique login tied to your personal data
- To manage communications between you and PFP Specialists
- Security measures that you set on your account such as Two-Factor Authentication (2FA)
What kind of personal data we collect:
- Personal Contact Information
- Email Addresses
- Telephone Numbers
- Payment Information
- Tax Numbers
- Credit Card or IBANs
- Technical Information
- IP Address
- Cookie Data
- Company Names
- Job Position or Occupation
What are cookies: cookies, formally known as HTTP cookies, are small data chunks stored by your web browser. They allow for a smoother browsing experience and add functionality such as remembering your session (session cookies) so that our website remembers who you are.
Why we use them: pfpspecialists.co.uk only uses first-party cookies that are strictly necessary for the operating of the website, and third-party cookies (WordPress plugins and Google Analytics) for tracking and analytics
First-party cookies are cookies that are only viewable and trackable by the operator of the website (us). Our first-party cookies include:
- Visitor ID – data package that identifies you as a unique visitor to our website
- Session ID – during use this string of data remembers your use of our website during the session
- Page Number – Identifies what page of our website you are currently on
- Comment cookies – allows users to leave a reply on parts of the website.
We use them so that we can:
- Log you in to secure areas (client areas) of our website and services
- Track what page you are on so that we can display the correct information
- Allow you to input information into text fields
- Google Analytics
- WordPress Analytics (plugin)
Why we use them:
- Tracking and analytics: WordPress and Google analytics plugins allow us to track visitor count and to see how visitors navigate our website, the data is processed by the plug-in and returned to us.
- We then use that data to improve the overall user experience or make improvements to our Quantifire platform.
You can locally block cookies (including functional cookies) from the settings in your browser if you wish, but it may affect access to certain parts of the website and our Quantifire platform.
In this section, you can read about how we legally process your data. We have created a table to quickly find the grouping of data and the lawful basis of processing attributed to the data.
|Purpose||Information Grouping||Personal Data Inventory||Lawful Basis||Lawful Basis in Action|
|1. Providing information to you||Data Subject Information||Name, Company Name, Occupation within your organization Email Address||Contractual Fulfillment||To allow you access to our platform, we require personal data to create a unique login and to fulfill contractual elements|
|2. Completing Commercial Transactions||Payment Information||Credit Card Numbers, Bank Account Details, names, addresses, Company names||1. Statutory Obligation|
2. Contractual Performance
|1. Accounting and tax purposes 2. Process purchases of services of PFP Specialist products|
|3. Access to the website portal and Quantifire services||Data subject information and Technical Information||Cookies, names, unique login identifier, email address, telephone number||Legitimate Interest||Purchasing our services requires a login identifier to use them|
|4. Managing communication||Contact Information||Names, Email Addresses, Identification Details||Legitimate Interest||Any complaints or issues with the services require personal data collected during the initial sign up, which we will use for any correspondence|
7. Data Retention, Storage of Personal Data, and Security Measures
All the personal data we collect are stored on virtual machines hosted in western Europe by our cloud service provider (CSP).
Although we use CSPs we remain the data controller in these circumstances. We take all technical and organizational precautions when handling your personal data.
The access of personal data is reserved to a limited number of people within our information system (coupled with appropriate data risk management techniques) and we apply all appropriate technical security measures offered by the CSP and data processor.
However, we cannot control what happens outside our Information Security Management System (ISMS). This means that the boundaries between your personal devices and our information system are not under our control, and we can only ensure the safeguarding of personal data that is within the confines of our information system.
We advise you to take the necessary steps to ensure the protection of your device(s) and information when interfacing with services over the internet.
We do not accept any liability for breaches that occur beyond our sphere of influence or control.
Lastly, we are obligated under the regulation to state a data retention period:
All data for contractual performance and use of our service is kept for a maximum of 8 years (unless a data erasure is requested which we will take the necessary steps to adhere to, with exceptions to data that must be kept for legal reasons, such as for accounting and tax purposes).
8. Contact Us
If you wish to contact us regarding the use of your data or for any other reasons, please send us a message using our contact form here.
We take any complaints seriously, please feel free to contact us using the link above.
If you still do not feel satisfied with the way we handled your complaint or your data, you are entitled to escalate the complaint with a supervisory authority within the EU.
The UK supervisory authority is the Information Commissioner’s Office (ICO). The contact information for the ICO can be found at https://ico.org.uk/global/contact-us/.