1. Introduction

PFP Specialists Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

This privacy policy sets out how PFP Specialists Ltd. uses and protects any information that you give pfpspecialists.co.uk when you use this website. Here, you can find all the information regarding the processing of your personal data (in accordance with Article 13 of the General Data Protection Regulation, GDPR).

Terms you will find in this document:

  • Personal Data: Data that is collected that can identify the natural persons, see the section personal data collection for more information
  • We, Us, PFP Specialists: Refers to the entity PFP Specialists Ltd., the data controller, and data processor
  • Processing: operations set on personal data, such as accepting payments from natural persons (credit card processing)

All other terms that are not used frequently will be defined as they come in the spirit of clarity. 

2. Who are we

PFP Specialists Ltd. of registered address Willowbrook, Preston St. Mary, United Kingdom, is the sole company involved in this privacy notice, and we are the data controllers of all personal data mentioned in this notice.

A data controller dictates the purpose of processing and the type of personal data collected; you can find a complete explanation in section five.

3. Company and website within the Scope of the Policy

The website www.pfpspecialists.co.uk is the portal for all our services and is the primary means of data collection and data processing.

Hence, this privacy policy is that of www.pfpspecialists.co.uk, where PFP Specialists Ltd. is the data controller.

Software licenses that also fall within the scope of this privacy policy are:

  • Quantifire
  • Quantifire Web Service

4. Your Rights as a Data Subject

The GDPR affords data processing rights to the natural persons that you can find listed below:

  1. Right of access: you have the right to request a copy of the information we hold on you. Once we have verified your identity, we will have a copy of the data, free of charge, within the one-month grace period of a data subject access request.

    However, if the request is found to be manifestly unfounded or unreasonable, we may charge a fee to cover the administrative costs.

    All information that you may want to know about the processing of your data can be found in this privacy policy.

  2. Right to rectification: if you believe that the personal data we hold on you is inaccurate, out-of-date, or incomplete, you can exercise your right to rectify (i.e., delete inaccurate data or complete incomplete data).
  3. Right to erasure (“right to be forgotten”): in cases where there are no conflicting legal basis or legitimate reasons for processing personal data, you may request that we delete all personal information we hold. We will take all the necessary steps in order to ensure deletion.
  4. Right to restrict processing: you have the right to request that we stop processing your data. We will still hold your personal data, and you may exercise this right as an alternative to erasure. Conditions that allow restriction are:
    1. Accuracy of data is being rectified or has been flagged as inaccurate
    2. Processing of data is unlawful
    3. The personal data is no longer needed except for as part of a legal process
    4. You have expressed a right to object in the cases of legitimate interests, and the case is being reviewed. 
  1. Right to data portability: Data subjects may request their set of personal data to be transferred to another controller or processor. This data set is provided in a commonly used and machine-readable format.

    This right may only be exercised if the original processing was by consent, the processing is by automated means, or if the processing is based on the fulfillment of a contractual obligation.

  1. Right to object: You have a right to object to the processing of your personal data if:
    1. Processing is based on legitimate interest
    2. Processing is for direct marketing
    3. Processing if for the purposes of scientific or historical research
    4. Processing involved automated decision making or profiling

5. Personal Data Collection

This section will outline the personal data we collect. In the following section, the lawful basis of processing, we showcase how we legally process your personal data.

Why we collect your data:

  1. To provide you with information that you have requested or to render services that you have requested.
  2. To complete commercial transactions for the purchase of our products or services and legal tax and accounting purposes
  3. To fulfill a contract we entered with you or an organization that you represent
  4. To provide access to our web portal via means of a unique login tied to your personal data
  5. To manage communications between you and PFP Specialists
  6. For website analytics (see cookie policy for more details)
  7. Security measures that you set on your account such as Two-Factor Authentication (2FA)

What kind of personal data we collect:

  • Names
  • Personal Contact Information
    • Email Addresses
    • Telephone Numbers
  • Payment Information
    • Tax Numbers
    • Credit Card or IBANs
  • Technical Information
    • IP Address
    • Cookie Data
  • Company Names
  • Job Position or Occupation

Cookie Policy

What are cookies: cookies, formally known as HTTP cookies, are small data chunks stored by your web browser. They allow for a smoother browsing experience and add functionality such as remembering your session (session cookies) so that our website remembers who you are.

Why we use them: pfpspecialists.co.uk only uses first-party cookies that are strictly necessary for the operating of the website, and third-party cookies (WordPress plugins and Google Analytics) for tracking and analytics

First-party cookies are cookies that are only viewable and trackable by the operator of the website (us). Our first-party cookies include:

  • Visitor ID – data package that identifies you as a unique visitor to our website
  • Session ID – during use this string of data remembers your use of our website during the session
  • Page Number – Identifies what page of our website you are currently on
  • Comment cookies – allows users to leave a reply on parts of the website.

 We use them so that we can:

  • Log you in to secure areas (client areas) of our website and services
  • Track what page you are on so that we can display the correct information
  • Allow you to input information into text fields

Third-Party Cookies:

  • Google Analytics
  • WordPress Analytics (plugin)

Why we use them:

  • Tracking and analytics: WordPress and Google analytics plugins allow us to track visitor count and to see how visitors navigate our website, the data is processed by the plug-in and returned to us.
  • We then use that data to improve the overall user experience or make improvements to our Quantifire platform.

We will update this privacy policy and notify you if we add any third-party cookies.

You can locally block cookies (including functional cookies) from the settings in your browser if you wish, but it may affect access to certain parts of the website and our Quantifire platform.

6. Lawful Basis of Processing

In this section, you can read about how we legally process your data. We have created a table to quickly find the grouping of data and the lawful basis of processing attributed to the data.

PurposeInformation GroupingPersonal Data InventoryLawful BasisLawful Basis in Action
1. Providing information to youData Subject InformationName, Company Name, Occupation within your organization Email AddressContractual FulfillmentTo allow you access to our platform, we require personal data to create a unique login and to fulfill contractual elements
2. Completing Commercial TransactionsPayment InformationCredit Card Numbers, Bank Account Details, names, addresses, Company names1. Statutory Obligation
2. Contractual Performance
1. Accounting and tax purposes   2. Process purchases of services of PFP Specialist products
3. Access to the website portal and Quantifire servicesData subject information and Technical InformationCookies, names, unique login identifier, email address, telephone numberLegitimate InterestPurchasing our services requires a login identifier to use them
4. Managing communicationContact InformationNames, Email Addresses, Identification DetailsLegitimate InterestAny complaints or issues with the services require personal data collected during the initial sign up, which we will use for any correspondence
5. Website analyticsTechnical InformationCookies, IP addressesConsentWe use WordPress analytics to track the usage of our site, to create login client areas, and modify website usage   You may deny the use of cookies

7. Data Retention, Storage of Personal Data, and Security Measures

All the personal data we collect are stored on virtual machines hosted in western Europe by our cloud service provider (CSP).

Although we use CSPs we remain the data controller in these circumstances. We take all technical and organizational precautions when handling your personal data.

The access of personal data is reserved to a limited number of people within our information system (coupled with appropriate data risk management techniques) and we apply all appropriate technical security measures offered by the CSP and data processor.

However, we cannot control what happens outside our Information Security Management System (ISMS). This means that the boundaries between your personal devices and our information system are not under our control, and we can only ensure the safeguarding of personal data that is within the confines of our information system.

We advise you to take the necessary steps to ensure the protection of your device(s) and information when interfacing with services over the internet.

We do not accept any liability for breaches that occur beyond our sphere of influence or control.

Lastly, we are obligated under the regulation to state a data retention period:

All data for contractual performance and use of our service is kept for a maximum of 8 years (unless a data erasure is requested which we will take the necessary steps to adhere to, with exceptions to data that must be kept for legal reasons, such as for accounting and tax purposes).

8. Contact Us

If you wish to contact us regarding the use of your data or for any other reasons, please send us a message using our contact form here.

9. Complaints

We take any complaints seriously, please feel free to contact us using the link above.

If you still do not feel satisfied with the way we handled your complaint or your data, you are entitled to escalate the complaint with a supervisory authority within the EU.

The UK supervisory authority is the Information Commissioner’s Office (ICO). The contact information for the ICO can be found at https://ico.org.uk/global/contact-us/.