This policy covers your rights under GDPR (General Data Protection Regulation) & PECR (Privacy and Electronic Communications Regulations).
As the operators of cathree.com, elionboarding.com and the Eli Onboarding Platform, CA3 registered as CAThree Ltd in England and Wales with Company Registration Number 07812353 and having its registered office address at Unit 218, The Record Hall, 16-16A Baldwin's Gardens, London, EC1N 7RJ, UK ("We", "Us", "CA3") is committed to protecting and respecting users' privacy. This policy covers all our brands – CA3 and Eli and their associated products and services.
The policy below lays out in simple English how the GDPR and the current PECR (soon to be updated to a new e-Privacy Regulation) applies to the way CA3 handles your personal data. Our aim is to be responsible, relevant and secure when using your data.
GDPR and GDPR UK compliance
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Although the UK is no longer an EU member state the UK's DPA 2018 has already enacted the EU GDPR's requirements into UK law and, with effect from 1 January 2021, the DPPEC (Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit)) Regulations 2019 amended the DPA 2018 and merged it with the requirements of the EU GDPR to form a new, UK-specific data protection regime that works in a UK context after Brexit as part of the DPA 2018. This new regime is known as the UK GDPR.
Control of personal data
The Data Controller is CAThree Ltd.
Personal data collected
The categories of personal data are your name, your job title, your company name, and your business email. No links to personal or private websites, even if they are in the public domain will be collected, stored or processed.
Access to your data
CA3 does not sell, rent or lease its customer lists to third parties. CA3 may share data with trusted partners to help us perform statistical analysis, provide customer support, or consultancy services. It may be necessary for the purposes of delivering digital communication to share personal data with technology platforms. All such third parties are prohibited from using personal information except to provide these services to CA3, and they are required to maintain the confidentiality of information.
The retention period for personal data is 5 years. We have chosen five years because it is the average length of time a UK Manager remains in their post.
CA3 will be required to deactivate personal data after the relevant retention period, or when they are in receipt of a data subject's request to do so, whichever is the earlier. The data subject has the right to change their mind and withdraw consent at any point during the retention period.
Rights and contact
CA3 acknowledges that users have the right to access their personal data and to withdraw consent to the use/processing of personal data.
For personal data controlled by CA3, users have several rights regarding access to their data. Users can exercise these rights at any point. Every user is entitled to the following:
Access – users have the right to request CA3 for copies of their personal data.
Rectification – users have the right to request that CA3 correct any information users believe is inaccurate. Users also have the right to request CA3 to complete the information they believe is incomplete.
Erasure – Users have the right to request that CA3 erase their personal data, under certain conditions.
Email: [email protected] or [email protected]
Call us at: 020 3567 0672
Or write to us: CA3, Unit 218, The Record Hall, 16-16A Baldwin's Gardens, London, EC1N 7RJ, UK
Changes to policy