Policy Library

CloudMundi Ltd (trading as Compell) Privacy & Data Policy

Our Promise

  • Your Privacy Matters: We respect and protect the personal data you share with us.
  • Only What’s Needed: We process only the data necessary for our services and communications.
  • No Surprises: We are open about how your data is used.
  • Your Choice: You can opt out of marketing emails at any time.
  • Secure Handling: We implement reasonable safeguards and securely delete data when no longer required.

Who We Are

CloudMundi Ltd, trading as Compell
Registered office: 1 Knightsbridge Green, London, SW1X 7QA
Email: hello@compell.co.uk

Throughout this policy, “we”, “us”, “our” and “ours” refers to CloudMundi Ltd trading as Compell.

How We Use Your Data

We process personal data in the following ways:

  1. Marketing and Sales Leads
    • We collect and use personal data (e.g., name, email, company details) to contact you about our services or share relevant information.
    • We rely on either your consent or a legitimate business interest for B2B marketing in accordance with UK privacy law.
    • Data is sourced through our own marketing or via trusted third-party services.
  2. Clients & Contracts
    • Personal data of clients is held for the duration of the contractual relationship and to fulfil our services.
  3. Website Visitors & Enquiries
    • Information submitted via forms or email is used solely to respond to your enquiry or provide requested information.

Cookies & Website Tracking

We may use cookies or similar technologies on our website to improve functionality and analyse visitor behaviour. Non-essential cookies will only be set with your consent.

CCTV & Security

We operate CCTV at our premises for security and health & safety purposes. Footage is stored securely and retained only as long as necessary (typically up to 30 days) unless required for a specific incident.

We implement reasonable technical and organisational measures to protect your data from accidental loss, unauthorised access, or misuse. No system can guarantee 100% security; data transmission is at your own risk.

Information Security Policy

We maintain a robust information security framework designed to protect the confidentiality, integrity, and availability of personal data. This includes risk assessments, access controls, monitoring, and incident response procedures to safeguard against unauthorised access, loss, or disclosure. All personnel are required to adhere to our information security practices and report any concerns promptly.

Data Subjects’ Rights Policy

Individuals have rights regarding their personal data, including rights of access, rectification, erasure, restriction, portability, and objection. We have established clear procedures to promptly and transparently respond to all valid data subject requests within the timeframes required by law. Requests can be submitted using the contact details provided in this Privacy Policy.

Personal Data Breach Policy

We have procedures in place to detect, assess, and respond to personal data breaches without undue delay. In the event of a breach that is likely to result in a risk to individuals’ rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by law. All incidents are reviewed and actioned to prevent recurrence.

Vulnerability Management Policy

We regularly identify, assess, and remediate security vulnerabilities in our systems and applications. This includes scheduled scanning, patch management, and monitoring of security advisories to promptly mitigate risks. Any critical vulnerabilities are prioritised for immediate resolution in accordance with our risk assessment.

Password Management Policy

We enforce strong password standards and multifactor authentication where appropriate to protect access to systems and personal data. Passwords must be unique, sufficiently complex, and changed in line with best practice. Users are prohibited from sharing passwords and must report any suspected compromise immediately.

Business Continuity Policy

We maintain business continuity planning to ensure the resilience and recovery of critical systems and services in the event of disruption. Plans are regularly reviewed, tested, and updated to minimise the impact on operations and personal data processing. All relevant personnel are familiar with continuity procedures and responsibilities.

Backup and Restore Policy

We perform regular backups of critical systems and personal data to prevent loss and support restoration when needed. Backups are securely stored and tested periodically to ensure data integrity and availability. Restoration processes are documented and regularly reviewed to maintain effectiveness.

Cryptography Policy

We use industry-standard encryption to protect personal data in transit and at rest where appropriate. Cryptographic controls are selected based on current best practices and reviewed periodically to address emerging threats. Encryption keys are managed securely in accordance with recognised standards.

Mobile Devices Policy

Mobile devices used to access organisational systems or personal data must be securely configured and protected by PINs, biometric controls, or passwords. Devices must have up-to-date security patches, and lost or stolen devices must be reported immediately. Remote wipe and other security controls are applied where feasible to prevent unauthorised access.

Sharing Your Data

We may share personal data:

  • With trusted third-party service providers assisting us in delivering our services, under strict confidentiality and GDPR-compliant terms.
  • Where required by law or regulatory authorities.

We do not sell personal data.

Retention

  • Marketing / Lead Data: Retained for up to 3 years from the last contact, unless you request deletion sooner.
  • Client Data: Retained for the duration of the contract and up to 7 years after termination for legal, accounting, or regulatory purposes.
  • Website Enquiries / Other Data: Retained no longer than necessary to respond or fulfil the request.

Data is securely deleted or anonymised once no longer required.

Your Rights

Under UK data protection law, you have the right to:

  1. Access: Request a copy of your personal data.
  2. Correction: Request correction of inaccurate or incomplete data.
  3. Erasure: Request deletion where data is no longer necessary.
  4. Objection: Object to processing, including marketing communications.
  5. Data Portability: Request a copy in a machine-readable format.

To exercise your rights, contact hello@compell.co.uk.

Marketing & Emails

  • Marketing communications are sent only to those with consent or a legitimate business relationship.
  • You can unsubscribe or opt out at any time via the link in our emails or by contacting hello@compell.co.uk.

Changes to this Policy

We may update this policy to reflect changes in our services, technology, or legal requirements. The latest version is always available at compell.co.uk.

Complaints

If you have concerns about our handling of personal data, contact us first at hello@compell.co.uk.
You may also raise a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.