Data Protection Policy
Comnexa Limited (“Comnexa”). Registered in Jersey, Channel Islands. Company number: 122375. Incorporated on 21st October 2016.
Comnexa Limited Data Protection Policy
1. Introduction
Comnexa Limited (“Comnexa”, “we”, “our”, “us”) is committed to safeguarding the personal data of our clients, partners, employees, and other stakeholders. This Data Protection Policy outlines how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data Protection (Jersey) Law 2018.
2. Scope
This policy applies to all personal data processed by Comnexa, whether in electronic or paper form. It covers:
Employees, contractors, and third-party processors acting on behalf of Comnexa.
Clients, partners, suppliers, and other external stakeholders whose data we may process.
3. Data Protection Principles
Comnexa adheres to the following principles as required by applicable data protection laws:
Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes.
Data Minimisation: Personal data collected is adequate, relevant, and limited to what is necessary.
Accuracy: Personal data is accurate and, where necessary, kept up to date.
Storage Limitation: Personal data is retained only as long as necessary for the purposes for which it was collected.
Integrity and Confidentiality: Personal data is processed securely to protect against unauthorised or unlawful processing, accidental loss, destruction, or damage.
4. Personal Data We Collect
Comnexa collects and processes the following categories of personal data:
Client Data: Name, contact information, payment details, and project-related information.
Employee Data: Identification details, contact information, and employment records.
Third-Party Data: Information from suppliers and contractors required for service delivery.
5. Purpose of Data Processing
We process personal data to:
Deliver Salesforce and technology consulting services to clients.
Manage client relationships and communications.
Fulfil contractual obligations with clients, employees, and suppliers.
Conduct business operations, including invoicing and marketing.
6. Data Subject Rights
Individuals have the following rights under data protection laws:
Right to Access: Request access to personal data held about them.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of their personal data under certain conditions.
Right to Restriction: Request restriction of processing in specific situations.
Right to Data Portability: Receive their personal data in a structured, machine-readable format.
Right to Object: Object to the processing of their personal data for direct marketing or other legitimate interests.
To exercise these rights, individuals can contact us at hello@comnexa.co.uk.
7. Data Sharing and Transfers
Comnexa ensures that personal data is only shared when necessary and under strict confidentiality agreements. Personal data may be shared with:
Salesforce and affiliated partners to deliver contracted services.
Third-party processors (e.g., hosting or IT support providers) who operate under strict data protection agreements.
Legal authorities where required by law.
Comnexa does not transfer personal data outside the UK or Jersey without ensuring appropriate safeguards, such as standard contractual clauses.
8. Data Security
Comnexa implements robust technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data, as outlined in our Information Security Management Program and Staff Handbook. Key measures include:
Regular data encryption, secure storage, and access control.
Incident detection and response processes.
Annual security audits and continuous employee training on data protection.
A clear desk policy to minimise risks of unauthorised access to personal data.
9. Retention Policy
Comnexa retains personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Once no longer required, data is securely destroyed or anonymised.
10. Data Breaches
In the event of a personal data breach, Comnexa will:
Notify affected individuals and the relevant supervisory authority (e.g., the UK ICO or the Jersey Information Commissioner) within 72 hours, where required.
Take immediate action to mitigate risks and prevent recurrence.
11. Responsibilities
Data Protection Officer (DPO): Oversight of compliance with data protection laws and implementation of this policy.
All Employees: Responsible for handling personal data in line with this policy and attending regular training.
12. Contact Us
For questions, concerns, or to exercise your data protection rights, please contact us:
Email: hello@comnexa.co.uk
Postal Address:
Comnexa Limited, Touche Bouais, Le Clos de la Molleterie, St Saviour, Jersey, JE2 7QE
13. Updates to this Policy
This policy is reviewed annually and updated to reflect changes in legal or operational requirements. The latest version will always be available on our website.
Effective Date: 03/01/2025