Last updated on: 25th September 2020
The scope of this privacy notice covers the data processed within our enterprise business systems, customer portal and digital marketing platforms. Please see section 2 below for a breakdown of how we collect your data. This policy does not cover any specific product-based privacy notices for the products that we sell: these separate policies can be located within the products themselves or on your customer portal.
Capita Business Services Ltd are fully committed to keeping your information safe. This privacy notice explains what personal information we collect, why we collect it, and how we use it. We hope our policy is clear and transparent, but if you have any questions, please get in touch via the contact details at the bottom of the page.
- Who collects your personal information
- How we collect it
- What personal information do we collect
- How we use your personal information
- What our legal basis is for processing your personal information
- Where your data is stored
- How long do we keep your personal information
- Who we share your personal information with
- How you can amend your preferences
- Your rights
1. Who collects your personal information
Capita Business Services Ltd includes the brand of Capita Education Software Solutions (ESS) which sits within Capita Software.
- Capita ESS sits within the Capita Software division and consists of the following business units: Capita SIMS; Capita SIMS Independent and International; Capita Libraries; Capita Reading Cloud; Capita UNIT-e & Capita AGILIT-e; and Capita IBS Schools.
All of the above business units operate under the trading name of Capita Business Services Ltd. Our registered company number is 02299747 and further information can be found in our legal statement.
Registered address: 65 Gresham Street, London, EC2V 7NQ
Postal address: The Data Protection Officer, Capita plc, 65 Gresham Street, London, EC2V 7NQ
Data Protection Officer: Jenny Coombes email@example.com 07730 194043
2. How we collect it
Capita Education and Software Solutions (ESS) collect your data through our websites*, products**, customer portals*** and within our enterprise business systems.
*Our websites are:
** these separate policies can be located within the products themselves or on your customer portal.
***Our customer portal is My Account https://myaccount.capita-cs.co.uk (For SIMS, SIMS Independent & International, Reading Cloud, Capita UNIT-e and AGILIT-e, Capita Libraries and IBS Schools customers)
3. What personal information do we collect
We collect personal information about you (such as your name, address, email address or telephone number) when you give this to us as part of becoming a customer, registering for a customer portal login, signing up to our newsletters, completing a website form, or making a sales or support enquiry.
When you subscribe to any of our marketing or communications, you indicate that you have a preference to receive these communications. We store your preferences and give you the option to amend these at any time within your Preference Centre settings and customer portal profile.
As an employee of a contracted customer, in order to provide our services to your organisation we may need to collect personal information which data protection legislation defines as special category data, such as dietary requirements for an event registration, or screenshots of data within the products you’ve purchased that we need in order to investigate and resolve a support case. As a customer you agree to the need for us to process this information as part of your organisation’s contract with Capita, or by submitting this information through the customer portal.
4. How we use your personal information
We may use your personal information following a:
• Customer visit - whereby we may contact you regards to items discussed or similar products and solutions you have expressed an interest in.
• Event attendance or registration (Including webinars) in order to contact you about the event itself and/or possibly future events and/or to obtain feedback. When registering for event we may ask you for special category data, such as dietary requirements, in order to meet your needs at the event(s).
• General enquiry or feedback where you may contacted us via telephone, email or other channels requesting information about products and services and we may use the data captured to help improve services or assist in finding a resolution to your enquiry.
• Marketing subscription where you would have signed up via a web form or other data capture point. This information will be processed in accordance to that stated at the point of capture. You can unsubscribe anytime or customise your preferences (See Section 9. How can I amend my preferences?)
• Customer portal registration where we may use your data to send important updates, event information, direct marketing and other useful information that will help you get the most out of the products and services available to you.
• Product Purchase where we may have obtained your data following the signing of a contract. We may use this data to contact you about product updates, financial queries, renewals and other useful information that will help you get the most out of our products and services.
• Sales Enquiry where you may have contacted us via telephone, email or other channels requesting information about products and services we have to offer or we have contacted you and you have expressed an interest. You can unsubscribe anytime or customise your preferences (See Section 9. How can I amend my preferences?)
• Support Enquiry where you may have contacted us via telephone, email or other channels to log a support enquiry about an issue or for general assistance. We may use the data captured to help to resolve your enquiry and may contact you after for feedback to help improve the service offered.
• Third Party data purchase where we may occasionally obtain your data from verified data supplier. We will only process data if a suitable legal basis has been established and will adhere to Capita Group Policy at all times.
• Training course attendance where we may have obtained your details following the attendance of a training course. We may use your data for the purpose of obtaining feedback to help improve the service offering.
• Your website – Occasionally we may need to obtain your details from your company website or from a publicly available website, such as Edubase. We will only process data if a suitable legal basis has been established and will only keep the data for a short period of time unless you have consented via any of the examples mentioned above.
5. What our legal basis is for processing your personal information
We will only collect and use your personal information (as described in section 4) in accordance with data protection legislation. Our legal basis for processing your personal information are as follows:
1. Contractual – We may process personal data associated to a contract or product purchase. It is important for us to hold this data in order to ensure that we have records from a legal perspective to whom signed and agreed to the terms of agreements and who to contact following issues and/or to send renewal information.
2. Consent – Where necessary we will only collect and process your personal information if you have given your consent for us to do so, for example, we will only send you certain marketing emails and process any sensitive information about you if we have your consent.
3. Legitimate Interests – We may use and process some of your personal information where we have conducted Legitimate Interest Assessment and have a legitimate business grounds for doing so. Under European privacy legislation here is a concept of “legitimate interests” as a justification for processing your personal information. As such, we may send you direct marketing if you are either an existing customer or B2B contact.
You have a right to object to our use of your personal information for these legitimate interests. Please see section 10 - Your rights and how to contact us for how to do this.
6. Where your data is stored
We store the majority of Capita ESS customers’ personal information in our cloud-based enterprise business systems, which is a combination of Microsoft Dynamics 365, Office365 applications and Marketo. Our Microsoft Azure datacentres reside in Dublin (Ireland, UK) and all data is encrypted at rest and in transit and complies to ISO27001 standards. You can read more about Microsoft’s commitment and compliance to data privacy and security in their online Trust Center. Our Marketo datacentres reside in San Jose, CA (U.S.), Ashburn, VA (U.S.), London (UK), and Sydney (AU) and all data is encrypted at rest and in transit and complies with ISO27001 standards.
7. How long do we keep your personal information
All personal data will be held in accordance with Capita plc group policy, and historical records will not be held without legitimate reason. We have a variety of automated retention policies in place that ensure data is regularly cleared down within our system if it has not been used, updated or interacted with in a reasonable amount of time.
Essentially, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this privacy notice or until your request it is deleted.
8. Who we share your personal information with
The only people who have access to your personal information are staff within Capita whom require access to this to carry out their job in order to provide services to you (this could be across various business units, but still operating solely under Capita Business Services Ltd).
Some staff within our businesses operate outside of the EEA, for example our staff in India, however all staff are subject to the same Group Information Security and Acceptable Usage policies.
In addition we sometimes need to provide access to technical support partners in order to receive support on IT projects relating to our enterprise business systems. Our current support partner also operates under Capita Business Services Ltd and thus is subject to the same Capita Group Information and Security Policies and Procedures.
9. How you can amend your preferences
If you don’t want to be on our marketing mailing lists, you can unsubscribe by opening the last email received from us and clicking on the unsubscribe or change my preference link usually found at bottom of the email. This will take you to your preference page.
If you are a My Account user, you can click ‘unwatch’ on any Notifications, Hot Topics or Forum threads that you are watching, unsubscribe from weekly my account emails here, or email firstname.lastname@example.org to have your My Account access deleted entirely.
10. Your rights
Under data protection legislation you have a number of rights in relation to your personal information. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request. This section explains what they are and how you can use them, if you wish.
Accessing your personal information
You have the right to request a copy of the personal information that we hold about you. This is known as a Subject Access Request.
If you wish to request a copy of your personal information please address requests to email@example.com
Correcting and updating your personal information
The accuracy of your information is important to us. If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by getting in touch with your account manager or service desk.
If you have a customer portal login, you can make some of these changes yourself by editing your profile.
Erasing your personal information or restricting its processing
You may ask for your personal information to be removed from our systems. Unless we are legally permitted or required to keep the data, we will comply with your request.
You may also ask us to restrict processing your personal information in the following situations:
- Where you believe it is unlawful for us to process the data,
- You have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
If you wish to exercise any of these rights please email your request to firstname.lastname@example.org. We will endeavour to complete your request as swiftly and diligently as possible.
Right to lodge a complaint
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. They can be contacted via:
Information Commissioner's Office
Tel: 01625 545 700
Changes to our Privacy Notice
This Privacy Notice may be updated from time to time so you may wish to check it each time you submit personal information to us. The date of the most recent revisions will appear on this page. If material changes are made to this Privacy Notice, for instance affecting how we would like to use your personal information, we will provide a more prominent notice (including email notification of the changes to the notice).
If you any questions or comments regarding the content of this Privacy Notice, please contact:
The Data Protection Officer
65 Gresham Street,