Privacy Notice

Introduction

Your Personal Information is just that – it’s personal and it’s yours – so this notice tells you what Information we collect, how we use it, what your rights are and how to exercise them.

Treating you and your Personal Information with respect goes to the heart of our culture at CPOMS so, below, you will see our Privacy Promise. To find out how we collect and use your Information, click on the relevant sections below.

IMPORTANT: This Notice covers personal information we collect and use as a ‘Controller’, e.g. for recruitment and customer/supplier management. Our software products – CPOMS, StaffSafe, Engage etc. are used by schools and other organisations for their own purposes, e.g. safeguarding. To understand how personal information about pupils, student, staff members and others is collected and used in our software products, please refer to the school/organisation’s own Privacy Notice.

To find out how we collect and use your Information, click on the relevant sections below.
Our Privacy Promise
We promise to treat you and your Information fairly and lawfully

We will only collect, use and share your Information if we have either a legal right or a legal obligation to do so, or if we have your consent.

This is known as the “legal basis” and the law requires us to let you know the legal basis for each purpose for which we collect and use your Information.

You will find the legal basis, together with other details of the Information we collect by clicking on the applicable link below.

We ensure fairness by regularly reviewing our collection and use of your Information and by providing you with details in Privacy Notices like this.

We promise to be clear and transparent about our collection and use of your Information

Openness is at the heart of CPOMS’s culture.


We’ve designed this Privacy Notice to be transparent – making it as easy as possible for you to see clearly what information we collect, how we use it, who we may share it with, how long we keep it, and how we protect it.


Just click on the appropriate sections below for answers to your questions.

We promise to use your Information only for the purposes we’ve specified

We’ll only use your Information for the purposes we’ve told you about in this Privacy Notice or in other Privacy Notices that we post wherever we collect Information from you.

We can’t – and won’t – use or share it for any other purposes without your permission unless, of course, we have a clear legal obligation to do so.

We promise to collect no more than we need for those purposes

We take care to collect only as much information as we need for each specified purpose.

We also restrict and monitor access to your information so that only those members of our staff with a genuine business need can access it.

We promise to check that your Information is accurate and keep it up to date

We do what we reasonably can to check that the Information we collect is accurate and, with your help, we’ll keep it up to date.

If you have a CPOMS user account, you can update your own information, such as change of address or contact details, by logging into your account.

If you do spot a mistake in your information, please call or write and ask us to correct it. You’ll find our details in “Contact Us”.

We promise to keep it for no longer than we need it

We need to keep information for different periods of time, depending on the purposes for which we collected it.

We provide details in the relevant Privacy Notices so, in each of the sections below, whether you are a Customer, a Supplier, a job applicant or just visiting our website or our offices, you will find specific answers to the question, ‘How long do we keep your Information?

This is based on either how long the law allows us to keep it for business purposes, or requires us to keep it for legal purposes.

We promise to protect your Information and your Privacy

Information Security is a top priority for CPOMS.

We maintain strict Security Standards and we constantly monitor all our computer and communications devices, systems and networks to protect them from external and internal threats.

Access to Personal Information is constantly monitored and logged.

We promise to uphold your Privacy Rights and make it simple to exercise them

See the section below ‘Your Privacy Rights and how to exercise them’.

We promise to respond quickly to your requests and concerns
You can raise any concerns you may have about our handling of your Information by writing to our Data Protection Officer.
If you are not happy with the outcome, you also have the right to raise your concern with the Information Commissioner’s Office.
 
Click on “Contact us…” below for contact details.
When you use our website
How do we collect and use your Personal Information?

Personal details
If you use the web-form to book a demo or training, we will use your name and contact details to arrange the demo or training you have requested.
If you contact us by phone, email or letter, or if you use the “Contact us” web-form, we will use your name, contact details – and any other Information you may provide – to respond to your enquiry.
We may also use your Information to email you with details of our other products and services and those of our parent company. You can prevent these emails by ticking the applicable box in the web form or, alternatively, you can stop receiving them at any time by clicking on the “unsubscribe” link that you will find in the footer of all our marketing emails.

Cookies

Click on the cookie icon in the bottom left corner, available throughout the CPOMS website, for details of information collected and used by cookies.

How and with whom do we share your Information?

Where necessary to fulfill your request or respond to your enquiry, we may share your Information internally with CPOMS colleagues in other departments and with our parent company.

We use Microsoft and other IT service providers to process and store Information but, otherwise, we do not share your Information with any other external organisations.

We would disclose your Information if required to do so by law, for example, under a court order.

In the event that CPOMS is acquired by another company, your Information will be shared with them so they can continue to process your Information in accordance with this Privacy Notice.

Where do we process and store your Information?
Your Information may be stored and processed by CPOMS or by our contracted service providers, including our parent company, in:
(a) the UK, or
(b) the EU, where it has the same legal protection as in the UK, or
(c) by our parent company in the US, under an agreement approved by the Information Commissioner’s Office as guaranteeing the same legal protection as in the UK (an International Data Transfer Agreement).
 
If a service provider needs to store or process your Information in or access it from any other country, we will put in place measures approved by the Information Commissioner’s Office that commit the service provider to the same level of data protection as is required under the UK Data Protection Act and UK GDPR.
 
If your school or organisation is located outside the UK, your Information may also be accessed by CPOMS colleagues who manage your contract with CPOMS in the country location of the applicable Regional Office.
How long do we keep your Information?

Any Personal Information you provide to us via our website is used to generate an email from you to us, which may be kept on our email system for up to seven years.

Where necessary for marketing purposes, we will keep your name and email address for as long as you wish to receive details of our other products and those of our parent company. If you elected not to receive marketing communications, e.g. by “unsubscribing”, we will keep your name and relevant contact details on an “Opted-out of Marketing” list for as long as is necessary to comply with your wishes.

Personal details
The processing of your name and contact details is necessary for the pursuit of our legitimate interests in selling our products and those of our parent company to schools and other organisations with safeguarding obligations or interests.
In view of the very low risk to your rights and freedoms posed by this use of your Information, and of the facilities we provide for you to exercise your right to opt-out at any time, we have concluded that our interests are not overridden by your rights.

Cookies

The legal basis for our use of cookies is your consent.

If you're a CPOMS customer or user
How do we collect and use your Information?

If your school purchases a CPOMS product and you are a named contact or user, we will use your name, login details and contact details to manage the service and provide customer support to you.

If you are the person responsible for managing the CPOMS contract, we may also use your contact details to email your school or organisation with details of our other products and services and those of our parent company.

You can prevent these emails by ticking the applicable box in the web form or you can stop receiving them at any time by clicking on the “unsubscribe” link in the footer of our marketing emails.

How and with whom do we share your Information?

Where necessary to provide the CPOMS services, fulfil your customer service requests or respond to your enquiries, we share your Information internally with CPOMS colleagues in other departments and with one or more of our third party service providers.

We may share your name and contact details with our parent company for the purpose of marketing their child protection related products and services.

We use Microsoft and other IT service providers to process and store Information but, otherwise, we do not share your Information with any other external organisations.

We would disclose your Information if required to do so by law, for example, under a court order.

In the event that CPOMS is acquired by another company, your Information will be shared with them so they can continue to provide the CPOMS service and to process your Information in accordance with this Privacy Notice.

Where do we process and store your Information?
Your Information may be stored and processed by CPOMS or by our contracted service providers, including our parent company, in:
(a) the UK, or
(b) the EU, where it has the same legal protection as in the UK, or
(c) by our parent company in the US, under an agreement approved by the Information Commissioner’s Office as guaranteeing the same legal protection as in the UK (an International Data Transfer Agreement).
 
If a service provider needs to store or process your Information in or access it from any other country, we will put in place measures approved by the Information Commissioner’s Office that commit the service provider to the same level of data protection as is required under the UK Data Protection Act and UK GDPR.
 
If your school or organisation is located outside the UK, your Information may also be accessed by CPOMS colleagues who manage your contract with CPOMS in the country location of the applicable Regional Office.
How long do we keep your Information?

If you are a user of CPOMS products and services, we will keep your name, login details and contact details for as long as you remain a registered user.

If you or your school ask us to terminate your access, for example if you leave that school or organisation, we will no longer have access to your Information once the school or organisation has closed your account.

Any Personal Information contained in email and other correspondence between us may be kept for up to seven years.

Where necessary for marketing purposes, we will keep your name and email address for as long as you wish to receive details of our other products.

If you elected not to receive marketing emails or if you “unsubscribe”, we will keep your name an email address on a “No Email Marketing” list for as long as is necessary to comply with your wishes.

The processing of your name, userid and contact details is necessary for the pursuit of:
(a) Your employer’s legitimate interests in using CPOMS products and services to facilitate safeguarding in its school or other organisation
(b) Our legitimate interests in selling and providing our products and services to schools and other customer organisations.

In view of the very low risk to your rights and freedoms posed by this use of your Information, and of the facilities we provide for you to exercise your right to opt-out at any time, we have concluded that our interests are not overridden by your rights.

If you use the CPOMS Authenticator App

The CPOMS Authenticator App is used as part of our two-factor authentication (2FA) process to verify that the person requesting access to CPOMS is, in fact, you. To work, the app needs your permission to use your device’s camera to scan a QR code to enable you to download the app. Limited device details are collected and processed to enable the app to receive authentication requests and to send confirmation when you use the app to respond to authentication requests.

The permissions required by the application, are used for the following purposes:

  1. android.permission.CAMERA

This permission is required for scanning the QR codes from CPOMS. Once the QR code is scanned, the authentication information is stored on your device. No images from the camera are stored or transferred anywhere.

  1. android.permission.GET_ACCOUNTS

This permission is required for CPOMS to use Google Cloud Messaging (GCM). CPOMS uses GCM to send notifications to the Android device with CPOMS Authenticator installed, to notify them when someone is trying to log in to their CPOMS account. The only information that is transferred to CPOMS is the GCM registration token, which is an ID used to identify the instance of CPOMS Authenticator on the users’ devices so that CPOMS can direct messages to a specific device. See https://developers.google.com/cloud-messaging/gcm for more technical information.

Marketing activities
How do we collect and use your Information?

If your email address, or a general contact email address is published on your website or a government or local authority website, or if you request a demo online or contact us via our website Contact form, we may collect and use it to email your school or organisation with details of our products and services and those of our parent company.

You can stop these emails by clicking on the “unsubscribe” link in the footer of our marketing emails at any time.

How and with whom do we share your Information?

We may share your name and contact details with our parent company for the purpose of marketing their child protection related products and services.

We use Microsoft and other IT service providers to process and store Information but, otherwise, we do not share your Information with any other external organisations.

We would disclose your Information if required to do so by law, for example, under a court order.

In the event that CPOMS is acquired by another company, your Information will be shared with them so they can continue to process your Information in accordance with this Privacy Notice.

Where do we process and store your Information?
Your Information may be stored and processed by CPOMS or by our contracted service providers, including our parent company, in:
(a) the UK, or
(b) the EU, where it has the same legal protection as in the UK, or
(c) by our parent company in the US, under an agreement approved by the Information Commissioner’s Office as guaranteeing the same legal protection as in the UK (an International Data Transfer Agreement).
 
If a service provider needs to store or process your Information in or access it from any other country, we will put in place measures approved by the Information Commissioner’s Office that commit the service provider to the same level of data protection as is required under the UK Data Protection Act and UK GDPR.
 
If your school or organisation is located outside the UK, your Information may also be accessed by CPOMS colleagues who manage your contract with CPOMS in the country location of the applicable Regional Office.
How long do we keep your Information?

Any Personal Information contained in email and other correspondence between us may be kept for up to seven years.
Where necessary for marketing purposes, we will keep your name and email address for as long as you wish to receive details of our other products.

If you elect not to receive marketing emails or if you “unsubscribe”, we will keep your name an email address on a “No Email Marketing” list for as long as is necessary to comply with your wishes.

The processing of your name and/or email address for marketing purposes is necessary for the pursuit our legitimate interests in selling and providing our products and services to schools, academies and other customers.

In view of the very low risk to your rights and freedoms posed by this use of your Information, and of the facilities we provide for you to exercise your right to opt-out at any time, we have concluded that our interests are not overridden by your rights.

If you supply CPOMS with goods and services
How do we collect and use your Information?

If your company supplies goods or services to CPOMS and you are a named contact, we will use your name and contact details to manage the contract.

How and with whom do we share your Information?

Where necessary to manage the contract, we may share your Information internally with CPOMS colleagues in other departments, with our parent company, and with one or more of our other third party service providers.
We may also share your contact details if we recommend your company to other organisations.

We use Microsoft and other IT service providers to process and store information but, otherwise, we do not share your Information with any other external organisations.
We would disclose your Information if required to do so by law, for example, under a court order.

In the event that CPOMS is acquired by another company, your Information will be passed to them so they can continue to receive goods and/or services from your company and to process your Information in accordance with this Privacy Notice.

Where do we process and store your Information?
Your Information may be stored and processed by CPOMS or by our contracted service providers, including our parent company, in:
(a) the UK, or
(b) the EU, where it has the same legal protection as in the UK, or
(c) by our parent company in the US, under an agreement approved by the Information Commissioner’s Office as guaranteeing the same legal protection as in the UK (an International Data Transfer Agreement).
 
If a service provider needs to store or process your Information in or access it from any other country, we will put in place measures approved by the Information Commissioner’s Office that commit the service provider to the same level of data protection as is required under the UK Data Protection Act and UK GDPR.
 
If your school or organisation is located outside the UK, your Information may also be accessed by CPOMS colleagues who manage your contract with CPOMS in the country location of the applicable Regional Office.
How long do we keep your Information?

We will keep your name, login details and contact details for as long as you remain a point of contact within your company. If you are replaced as the contact, we will delete If the contract expires or is terminated, we will delete your Information from our supplier management system within seven years.
Any Personal Information contained in email and other correspondence between us may be kept for up to seven years.

The processing of your Information is necessary for the pursuit of:
• Your employer’s legitimate interests in supplying us with goods and services, and
• Our legitimate interests in procuring the supply of goods and services from your employer.
In view of the very low risk to your rights and freedoms posed by this use of your Information, and of the facilities we provide for you to exercise your right to opt-out at any time, we have concluded that our interests are not overridden by your rights.

If you're applying for a job with CPOMS
How do we collect and use your Information?
Application Stage

When we are looking for new people to join the team, we may engage a recruitment agency, post the job on our website, on job sites or on social media, or place advertisements in the media.
So, we may receive the CV Information that you have provided via any of these channels.

At this stage, we may also view (but will not copy or keep) Information in your LinkedIn profile but we do not access Information about you on other social media platforms.

We use this Information to determine whether your qualifications and experience meet the requirements for the role.

To ensure that our recruitment strategy and processes are fair and not discriminatory, we will not ask about your ethnicity, sexual orientation and whether you have a disability.

Interview Stage

If we invite you to an interview, we will also ask whether there are any ‘reasonable adjustments’ we can make to ensure you do not have difficulty in attending.

At the interview stage, we will seek to learn more about to you determine whether you will be right for the role and the role will be right for you.
This may include details of income We may take notes during the interview for later consideration or for discussion with colleagues involved in the recruitment process.

Offer Stage

If we make an offer, we will need to collect further Information:
• Proof of your identity and right to work in the UK, e.g. a valid UK passport or valid overseas passport with documents proving your right to work in the UK
• Disclosure and Barring Service (DBS) check of criminal records
• References, e.g. from your former employer as proof of employment
• P60 and bank details to enroll you for tax and payroll, and any additional Information you may provide to us for payroll-related purposes, such as attachments of earnings

How and with whom do we share your Information?

Your CV Information will be reviewed by members of the recruitment team (part of the HR department) and the hiring manager, who may share it with colleagues and team members.
For some roles it may also be shared with other senior managers, directors and board members.

P60 and payroll-related Information is shared, only to the extent necessary in each case, with the payroll team (part of the Accounts department) and with our bank, with HMRC and with the providers of our pension scheme and other employee benefits.

If you have informed us of the need for salary deductions, such as a Direct Earnings Attachment or an Attachment of Earnings, we may share Information with the court or creditor to the extent necessary to implement it.

If necessary for the purpose of obtaining legal advice to enable us to hire you, we may share ‘right to work’ related Information with our lawyers.

Emergency contact details are shared, for example with your line manager, only when needed to make contact in an emergency.

Where do we process and store your Information?
Your Information may be stored and processed by CPOMS or by our contracted service providers, including our parent company, in:
(a) the UK, or
(b) the EU, where it has the same legal protection as in the UK, or
(c) by our parent company in the US, under an agreement approved by the Information Commissioner’s Office as guaranteeing the same legal protection as in the UK (an International Data Transfer Agreement).
 
If a service provider needs to store or process your Information in or access it from any other country, we will put in place measures approved by the Information Commissioner’s Office that commit the service provider to the same level of data protection as is required under the UK Data Protection Act and UK GDPR.
 
If your school or organisation is located outside the UK, your Information may also be accessed by CPOMS colleagues who manage your contract with CPOMS in the country location of the applicable Regional Office.
How long do we keep your Information?

We will only keep your Information for as long as is required or permitted by law.

If your application is not successful

All your Information will be rendered unidentifiable or destroyed within a month of notifying you of our decision.

If your application is successful

Information that we will need during the course of your employment, such as your name, contact details and bank details, will be transferred to our HR and other business systems and will be subject to our Employee Privacy Notice.
All other Information collected in the course of the recruitment process will be retained as follows:

• CVs and application forms:
Leaving date + 7 years
• Payroll-related Information excluding your bank details:
Leaving date + 7 years
• Your bank details:
Leaving date + 1 year
• Information held for compliance with the Equality Act and to maintain ‘reasonable adjustments’:
Leaving date + 7 years
• Copies of right-to-work documentation and DBS checks:
Leaving date + 7 years
• Details of next of kin / emergency contact details:
Leaving date + 3 months

Application, Interview and Offer stages
Our processing of your Information in our job application, selection and recruitment processes is necessary in order for us to take steps, at your request, prior to entering into a contract of employment.

Put more simply, you are seeking employment with CPOMS and we need this Information in order to assess your suitability for the role.

There are certain parts of our recruitment process in which the legal basis is different:

  • Gathering further Information from you during interviews, making notes and discussing with relevant colleagues is necessary for us to pursue our legitimate interests in selecting suitable individuals for employment. We have performed a balancing test and have concluded that our legitimate interests are not overridden by your rights and freedoms, and that it is also in your interests, as an applicant, for us to ensure that we make a good hiring decision.
  • Collecting proof of identify and right to work in the UK is necessary for us to comply with our legal obligations.
  • We have a legitimate interest in providing appropriate levels of assurance to our customers (predominantly schools) because, in your role, you will have access to information relating to schoolchildren and other vulnerable individuals. It is therefore necessary for us to seek references from your former employer(s) and to perform a Disclosure and Barring Service (DBS) check of criminal records so we can continue to provide that assurance.
Your Privacy Rights

(a) Right of access to your Information – we will provide you with the Information we hold
(b) Right to have inaccurate or out of date Information corrected
(c) Right to unsubscribe from marketing messages and emails
(d) Right not to be profiled for marketing purposes – we don’t do this anyway
(e) Right to object to our processing of your Information on grounds relating to your particular situation
(f) Right to restrict our processing of your Information in certain circumstances
(g) Right to have your Information deleted in certain circumstances (“Right to be Forgotten”)
(h) Right to transfer your Information to another provider (“Right of Portability”)
(i) Where our legal basis for processing is your consent, you may withdraw it at any time
(j) Right to make a complaint to the ICO (see “Lodging a complaint” below).

If you tell us you want to exercise your rights, we’ll confirm that we have received your request and let you know if we need anything else from you, then we will respond as quickly as possible and, in any case, within a month.

Lodging a complaint

If we fail to respond within a month when you send us a request to exercise any of these rights, or if you are unhappy about the way we or any of our partners are handling your Information, you can lodge a complaint by contacting [email protected].

If you are not happy with our response or handling of your complaint, you have the right to report your concern to the Information Commissioner’s Office, whose contact details can be found on their website at: www.ico.org.uk/global/contact-us.

How do I make a Rights request, ask a question or raise a concern?
Contact Us

We – CPOMS Systems Limited – are the “Controller” of your Personal Information, which means we decide the purposes for collecting your information and how we will process it.
More importantly, it means we are responsible for looking after it and complying with the law and your Privacy Rights.

Our registered address is:

CPOMS Systems Limited
CPOMS House
Acorn Business Park
Skipton
BD23 2UE

To exercise your Privacy Rights, contact our Data Protection Officer (DPO):

By email at: [email protected] writing “Data Protection Officer” or “DPO” in the subject line

By post to: Data Protection Officer, CPOMS Systems Limited, CPOMS House, Acorn Business Park, Skipton, BD23 2UE.

If you have any concerns about our handling of your Personal Information, we would like the opportunity to look into it for you and put things right, so please get in touch with our Data Protection Officer (DPO) at [email protected] to let us know what went wrong, and please write “Data Protection Officer” or “DPO” in the subject line.

If you are not happy with our response, you have the right to complain to the Information Commissioner’s Officehttps://ico.org.uk/make-a-complaint.

We are also the UK representative for our parent company, Raptor Technologies LLC, based in the US. If you wish to exercise your Privacy Rights or raise any concerns about their processing of your Personal Information, you can send your email or letter to us, marked for their attention and we will ensure that it is forwarded to them and acted on promptly. Alternatively, if you prefer, we will deal with the matter as their representative in the UK.