
CHALLENGE | ADAPT | THRIVE
Privacy Policy
We believe strongly in protecting your privacy and this notice sets out how we use your personal data.
We are committed to protecting and respecting your privacy.
We gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and laws. This notice provides you with the necessary information regarding your right and our obligations and explains how, why and when we process your personal data. We are the data controller and processor of your data and can be contacted at davidd@d2dassociates.co.uk or at the above address if you have any queries about your data.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Information we may collect and process from you;
We process your information to meet our legal, statutory and contractual obligations and to provide you with our products and services.
Payroll Processing
We process personal data to fulfil payroll obligations, including employment payments and deductions.
Types of data processed:
-
Identity, contact details, bank information, salary, and employment data.
-
Legal basis:
-
Performance of a contract: Payroll processing as required under employment contracts.
-
Compliance with legal obligations: Including HMRC filings.
-
Legitimate interest: Use of third-party payroll services for efficiency.
Financial Management and Strategic Advice
We process data to fulfil the following obligations:
Management Accounting, Cash Flow, and Year-End Accounts: We process personal data to prepare financial reports, manage cash flow, and fulfil statutory reporting obligations (e.g., tax filings).
Strategic Advice and Consultancy: When providing professional advice, we may process personal and business data to offer tailored strategic recommendations for business operations, financial health, and compliance.
Types of data processed:
-
Identity, contact information, financial records, and business strategy documents.
-
Legal basis:
-
Performance of a contract: Providing strategic advice and consultancy services.
-
Legitimate interest: Offering services that support business success and compliance.
Non-Disclosure Agreements (NDAs)
We enter into NDAs to protect confidential business information and personal data shared during our relationship.
Types of data covered:
-
Any personal or business information classified as confidential, including financial data and business strategies.
-
Legal basis:
-
Performance of a contract: Compliance with NDA terms.
-
Legitimate interest: Ensuring confidentiality.
Use of Third-Party Software and Subcontractors
We may use third-party software or tools (e.g., cloud platforms, accounting software) to perform work efficiently, including payroll, financial management, and service delivery. We ensure that third-party providers adhere to GDPR standards and protect personal data.
Third-Party Processors: When we use third-party service providers to process personal data (e.g., accounting software, payroll providers), we ensure they are bound by data protection agreements and strict confidentiality terms.
Types of data processed:
-
Identity, contact information, financial details, transaction records, and technical data (e.g., system logs).
-
Legal basis:
-
Performance of a contract: Using third-party software or subcontractors to fulfill contractual obligations.
-
Legitimate interest: Enhancing efficiency and service quality through third-party tools.
-
Data Sharing:
-
We may share data with third-party software providers or subcontractors for operational purposes (e.g., payroll processing, accounting, or strategic advice). These third parties are contractually required to handle data securely and adhere to GDPR.
Data Breach Notification
In the event of a data breach involving your personal data, we will take the following steps:
-
Notify the ICO: We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, if it poses a risk to your rights and freedoms.
-
Notify Affected Individuals: If the breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay.
-
Security Measures: We will implement immediate measures to limit damage, such as isolating affected systems and initiating recovery protocols.
Types of data potentially affected:
-
Identity, contact, financial, and technical information.
-
Legal basis:
-
Compliance with legal obligations: Adhering to data breach notification laws.
-
Legitimate interest: Protecting personal data and maintaining transparency.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting obligations.
-
Payroll and Financial Data: Retained for 6 years in compliance with tax and statutory regulations.
-
Strategic Advice: Retained for the duration of our business relationship and as required for legal and financial audits.
-
NDA-Related Data: Retained for the duration of the NDA and any additional time necessary to resolve disputes or comply with legal obligations.
Data Security
We use strict security measures to protect your personal data, including:
-
Access Control: Restricted access to personal data based on job role and necessity.
-
Third-Party Security: We ensure that third-party service providers, such as subcontractors and software providers, comply with stringent data protection standards.
Your Rights
You have several rights concerning your personal data, including:
-
Right of Access: You can request a copy of your data.
-
Right to Rectification: You can correct any inaccuracies in your data.
-
Right to Erasure: You can request the deletion of your data when no longer needed.
-
Right to Restrict Processing: You can limit how your data is processed in certain circumstances.
-
Right to Data Portability: You can request your data in a structured, machine-readable format.
-
Right to Object: You can object to the processing of your data, particularly for direct marketing.
If you feel that a situation has arisen or may arise and you wish to learn more about these rights or to exercise those rights, please contact us on davidd@d2dassociates.co.uk. Please note that this will not include processing where it is necessary to fulfil a contract or where a legal obligation for us to process the information exists.
Changes to the Policy
We may update this privacy policy periodically. Updates will be posted on our website, and, where appropriate, you will be notified by email. Please review this policy regularly to stay informed of any changes.
Contact Information
For any queries regarding this policy or to exercise your rights, contact David Dring at davidd@d2dassociates.co.uk