Privacy Notice

1. Introduction

This Privacy Notice explains how we collect, use, store, and protect personal data when providing our data protection support services. We act as a Data Controller for the information you provide about yourself and your business.

If you have any questions, contact us at: pps.dataprotection@gmail.com

2. The Personal Data We Collect

We only collect information necessary to provide our services, including:

• Name of business owner or contact person

• Business contact details (email, phone, address, website)

• Description of business activities

• CCTV information and Employee details (where applicable for documentation drafting)

3. How We Collect Your Data

All information is collected directly from you via:

• Email correspondence (secured by Two-Factor Authentication)

• Consultations via telephone or Zoom

• Documents you provide to us

4. Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Contractual Necessity (Article 6(1)(b)): 

  1. • To perform the services you have requested, such as drafting documentation and managing your account.

• Legitimate Interests (Article 6(1)(f)): 

  1. • For business administration and sending you legal updates for 12 months post-completion to ensure your documentation remains compliant.

5. How We Use Your Data

We use your information to:

• Draft tailored documentation (e.g., ROPA, DPIA, policies)

• Provide ongoing advice and support

• Manage business administration and invoicing

• Legal Updates & Renewal:

  1. • Service Updates: For 12 months after service completion, we will send legal updates. These are considered part of the service to keep your documentation accurate.

     • Renewal Offer: At the end of this period, we may offer a renewal service. You can opt out of these communications at any time.

6. Data Sharing & Sub-Processors

We do not sell or trade your data. To deliver our services, we use the following third-party processors:

• Dropbox: Used for secure cloud storage of your business files and drafted documents.

• Zoom: Used for video consultations. We do not record these sessions unless explicitly agreed upon for a specific purpose.

• Google (Gmail): Used for email correspondence. Access is secured by Two-Factor Authentication (2FA).

7. Data Storage & Security

Your data is stored in Dropbox, which uses high-level encryption. We also maintain local encrypted backups to prevent data loss. 

We implement strict technical measures, such as 2FA on all service accounts, to protect against unauthorised access.

8. Data Retention

We retain your information for 7 years following the completion of our work to meet professional, legal, and accounting obligations (such as HMRC requirements). After this period, your data is securely deleted.

9. Your Rights

Under the UK GDPR, you have the right to:

• Access, correct, or delete your personal data

• Object to or restrict our processing

• Request a copy of your data (Data Portability)

To exercise these rights, email: pps.dataprotection@gmail.com

10. Complaints

Please contact us first with any concerns. You also have the right to complain to the Information Commissioner’s Office (ICO).