Privacy Policy

Back to Home

1. Who We Are

‍

Controller Details

‍

We are Cempta Charity Solutions, a consultancy providing services to charitable organisations.

‍

Email: hello@cempta.co.uk

Telephone: 07964 693965

‍

Data Protection Officer: For data protection queries, please contact Kate Griffiths using the details above.

‍

2. Information We Collect

‍

We collect and process the following categories of personal data:

‍

2.1 Information You Provide Directly

Contact Information: name, email address, telephone number, postal address
Organisation Details: charity name, charity registration number, your role and position
Professional Information: information relevant to the consultancy services we provide
Financial Information: payment and billing details
Communications: correspondence with us by email, phone, or post

‍

2.2 Information Collected Automatically

‍

When you access our website or digital services, we may automatically collect:

Technical Data: IP address, browser type and version, device type, operating system
Usage Data: pages visited, time spent on pages, links clicked, navigation paths
Cookies and Similar Technologies: see our Cookie Policy for details

‍

3. How We Use Your Information

‍

We use your personal data for the following purposes:

Providing Services: to deliver and manage our consultancy services
Communication: to communicate with you about projects, services, and updates
Financial Processing: to process payments and manage billing
Service Improvement: to improve our services and develop new offerings
Legal Compliance: to comply with legal and regulatory obligations
Business Protection: to protect our legitimate business interests and legal rights

‍

4. Legal Basis for Processing

‍

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal grounds:

Performance of Contract (Article 6(1)(b)): Processing necessary to perform our contract with you or your organisation, or to take steps before entering into a contract
Legal Obligation (Article 6(1)(c)): Processing required to comply with legal and regulatory requirements, including tax obligations and professional standards
Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving services, preventing fraud, and network security, provided these interests do not override your rights and freedoms
Consent (Article 6(1)(a)): Where you have given explicit consent for specific processing activities, such as marketing communications. You can withdraw consent at any time

‍

5. Who We Share Your Information With

‍

We may share your personal data with the following recipients:

Service Providers: Third-party service providers who assist us in delivering our services, including IT support, cloud storage providers, payment processors, and email service providers
Professional Advisors: Lawyers, accountants, auditors, and other professional advisors who are bound by confidentiality obligations
Regulatory Authorities: Government bodies, law enforcement, tax authorities, and regulatory bodies when required by law
Business Transfers: Potential buyers or investors in connection with any merger, acquisition, or sale of company assets

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

‍

6. International Data Transfers

‍

We primarily process personal data within the United Kingdom. However, some of our service providers may be located outside the UK and European Economic Area (EEA).

‍

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place:

Adequacy Decisions: Transfers to countries deemed to provide adequate protection by the UK Government
Standard Contractual Clauses: Use of UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses approved by the ICO
Other Safeguards: Binding Corporate Rules or other mechanisms approved under UK GDPR

You can obtain a copy of the safeguards we have in place by contacting us using the details in Section 1.

‍

7. How Long We Keep Your Information

‍

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

Contract Performance: For the duration of our business relationship and for a reasonable period afterwards
Legal and Regulatory Requirements: As required by law, including tax records (minimum 6 years) and contract-related documents (minimum 6 years from contract end)
Legal Claims: To establish, exercise, or defend legal claims (generally 6 years from contract termination)
Legitimate Interests: Where we have a legitimate interest in retaining the data, we keep it for no longer than necessary for that purpose

When personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention policy.

‍

8. Your Rights Under UK GDPR

‍

You have the following rights under UK GDPR and Data Protection Act 2018:

Right of Access (Article 15): Request a copy of the personal data we hold about you
Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
Right to Erasure (Article 17): Request deletion of your personal data in certain circumstances
Right to Restrict Processing (Article 18): Request limitation of how we process your data in certain situations
Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes
Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects (note: we do not currently conduct such processing)
Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of processing before withdrawal

‍

8.1 How to Exercise Your Rights

‍

To exercise any of these rights, please contact us using the details in Section 1. We will respond to your request within one month, though this may be extended by up to two further months for complex requests. We may ask you to verify your identity before processing your request.

‍

We will not charge a fee for most requests, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

‍

9. Data Security

‍

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage:

Encryption of data in transit and at rest using industry-standard protocols
Regular security assessments and vulnerability testing
Access controls, authentication, and authorisation procedures
Staff training on data protection, privacy, and security best practices
Secure backup and disaster recovery procedures
Incident response and data breach notification procedures

‍

10. Cookies and Tracking Technologies

‍

Our website may use cookies and similar tracking technologies to enhance your experience and collect analytics data. You can control cookie settings through your browser preferences.

‍

11. Complaints and Supervisory Authority

‍

Making a Complaint to Us

‍

Under the Data (Use and Access) Act 2025, individuals should first raise any complaints about our data processing directly with us before escalating to the Information Commissioner's Office. We take all complaints seriously and will investigate promptly. Please contact us using the details in Section 1.

‍

Complaints to the ICO

‍

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

‍

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Website: www.ico.org.uk

Helpline: 0303 123 1113

‍

Email: casework@ico.org.uk

‍

12. Changes to This Privacy Policy

‍

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for operational reasons. Material changes will be communicated by:

Updating the 'Last Updated' date at the top of this policy
Posting a notice on our website
Notifying you by email where appropriate

Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

‍

13. Contact Us

‍

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

‍

Cempta Charity Solutions

‍

Email: hello@cempta.co.uk

Telephone: 07964 693965