This privacy notice provides you with details of how we (Cube Direct ltd) collect, store and process your data. It should be read in conjunction with the contract that controls our business together and our general terms and conditions.
When you work with Cube Direct ltd your personal data will be handled in line with the requirements of the General Data Protection Regulation (GDPR) 2016.
The privacy and handling of data that identifies living individuals is important to us, we will operate a ‘by default and by design’ set of procedures to meet the requirement of the GDPR. We will be acting in the capacity of data processor.
Data protection officer: There is no separate appointment. Matters will be handled by the Director of Cube Direct ltd, Valerie Babington. For any enquiries please contact email@example.com.
The data we may collect, store and process include the following types:
- Identity data – including but not limited to, your full name, title.
- Communications data – including but not limited to, email communications.
Please note that as part of our business relationship we may collect, store and process personal details of other individuals in your organisation and you must have obtained permission either by contract or consent with them for us to do that.
Cube Direct ltd do not collect, store or process sensitive data as defined by the regulation.
If you fail to provide data concerning yourself or others in your organisation, then we will not be able to provide the services that we are have been requested to complete.
How we collect data
Direct interaction: Data you provide to us via email, letter, phone call, signed consent and feedback form.
How we process collected data
Your data will only be processed when there is a lawful reason to do so. Cube Direct ltd have determined that our main lawful reasons will be:
- In order to meet the obligations of the business relationship that exists between us
- For our legitimate interests
The data provided will be held on one or more of our systems whether on premise or off premise (cloud based).
The data used for support will be stored whilst our organisations continue to work together and for a maximum of twelve months after the business relationship ends. Accountancy data will be held for the statutory period as required by the UK Government.
Cube Direct ltd will process the data we hold on individuals in your organisation in order to support your needs for auditing and training as part of our business relationship between our organisations. We will also use your data to contact you with updates to the status of the services we provide.
Your Legal Rights
Under certain circumstances, you have the right to rectification, erasure, restriction, objection, if you deem, and it is proven, the data we hold is incorrect.
You have the right to data portability.
You have the right to lodge a complaint with the UK supervisory authority, which is the Information Commissioner’s Office (ICO). If you are unhappy about any aspect of how we handle your personal data, or the application of your right’s then please contact us in the first instance.
The ICO contact details can be found at www.ico.org.uk
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at the email address in section 1. of this document.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Cube Direct ltd may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Cube Direct ltd try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your personal data will not be subjected to automated decision-making activities.
Disclosure of your personal data
Cube Direct ltd will not disclose your personal data to any third parties or processors.
Cube Direct ltd have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Cube Direct ltd have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Cube Direct ltd will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law, Cube Direct ltd have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. This data will therefore be retained for seven years to allow us to respond to a ‘last minute request’.
Last modification was made 31st March 2020.