CMSG privacy policy
This Privacy Policy explains how CMSG ("we", "us", or "our") collects, uses, stores, and shares your personal data when you visit our website, use our services, or interact with us in any way.
We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this policy carefully. If you have any questions, contact us.
Who We Are (Data Controller)
CMSG is the data controller responsible for your personal data.
For any data protection queries, please contact us at:
Case Management Solutions Group Limited
88 Hill Village Road, Four Oaks, Sutton Coldfield, England, B75 5BE (Registered)
Ivy House, Evesham Road, Worcester, WR7 4QS (Trading)
0121 389 2288
What Personal Data We Collect
Depending on how you interact with us, we may collect the following categories of personal data:
Data you provide directly:
• Name and contact details (email address, phone number, postal address)
• Company name and job title
• Information submitted via contact forms, enquiry forms, or event registrations
• Communications you send to us (emails, messages, feedback)
• Marketing preferences and consent records
Data collected automatically:
• IP address and browser type
• Pages visited and time spent on our website
• Device and operating system information
• Referring URLs and search terms
• Cookie identifiers (see Section 10 on Cookies)
Data from third parties:
• Information from third-party platforms (e.g. LinkedIn, event platforms) where you have consented to sharing
• Publicly available business information
How We Use Your Personal Data
We use your personal data only for legitimate purposes. The table below sets out our main processing activities and the legal basis for each:
| Processing activity | Legal basis |
| Providing our products and services | Contract / Legitimate interest |
| Responding to enquiries and communications | Legitimate interest |
| Sending marketing communications | Consent |
| Improving our website and user experience | Legitimate interest |
| Complying with legal and regulatory obligations | Legal obligation |
| Administering events, webinars, or downloads | Consent / Contract |
Where we rely on legitimate interest, we have assessed that our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interest at any time (see Section 9).
Marketing Communications
We will only send you marketing communications if you have given your consent, or where we have a legitimate interest to do so under UK GDPR (for example, where you are an existing customer and the communication is relevant to a similar product or service).
You can withdraw your consent or opt out of marketing communications at any time by:
• Clicking the unsubscribe link in any marketing email
• Emailing us at [email address]
• Updating your preferences via our website
Withdrawing consent will not affect the lawfulness of any processing carried out before your withdrawal.
How We Share Your Personal Data
We do not sell your personal data. We may share it with the following categories of third parties, only where necessary:
• IT and software service providers (e.g. CRM platforms, website hosting, email delivery services)
• Analytics providers (e.g. website analytics tools)
• Professional advisers (e.g. legal, accountancy, or insurance services)
• Regulatory or law enforcement authorities, where required by law
All third-party processors are required to handle your data securely and in accordance with applicable data protection law. We enter into data processing agreements with them where required.
International Data Transfers
Where we transfer your personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
• UK adequacy regulations
• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO)
• Other legally recognised transfer mechanisms
You may request details of the safeguards we use by contacting us at info@cmsg.uk.com.
How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, or reporting requirements.
Our standard retention periods are:
• Contact and enquiry records: 3 years from last contact
• Customer records: 7 years from end of contract (for legal and tax purposes)
• Marketing consent records: Until consent is withdrawn, plus 1 year
• Website analytics data: 26 months (rolling)
• Cookie consent records: 12 months
When data is no longer required, it is securely deleted or anonymised.
Your Data Protection Rights
Under UK GDPR, you have the following rights in relation to your personal data:
• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct inaccurate or incomplete data.
• Right to erasure — you can ask us to delete your data in certain circumstances.
• Right to restrict processing — you can ask us to limit how we use your data.
• Right to data portability — you can ask us to provide your data in a structured, machine-readable format.
• Right to object — you can object to processing based on legitimate interest or for direct marketing.
• Rights related to automated decision-making — you have the right not to be subject to solely automated decisions that significantly affect you.
To exercise any of these rights, please contact us at info@cmsg.uk.com. We will respond within one calendar month. There is no charge for making a request.
We may need to verify your identity before processing your request.
Cookies
Our website uses cookies to improve your browsing experience and to help us understand how the site is used. Cookies are small text files placed on your device.
We use the following types of cookies:
• Strictly necessary cookies — essential for the website to function. These cannot be disabled.
• Analytical/performance cookies — help us understand how visitors use our site (e.g. pages visited, time on site).
• Functional cookies — remember your preferences and settings.
• Targeting/marketing cookies — used to deliver relevant content and track the effectiveness of our communications.
When you first visit our website, you will be asked to accept or decline non-essential cookies. You can change your preferences at any time via your browser settings or our cookie banner.
Data security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration.
These measures include:
• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security reviews and staff training
• Data processing agreements with all third-party processors
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals directly.
Contact us & how to complain
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
CMSG
Ivy House, Evesham Road, Worcester, WR7 4QS (Trading)
0121 389 2288
If you are not satisfied with how we handle your data or respond to a request, you have the right to lodge a complaint with the UK’s supervisory authority:
Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113