GDPR Privacy Notice
Introduction
Smart Business Recovery Limited ("We") are committed to protecting the confidentiality and privacy of information provided to us. We comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act. Please read this Privacy Policy to learn about your rights, what information we collect, how we use and protect it.
This policy together with our terms of use and any other documents referred to on it sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Protection Legislation to notify you of the information contained in this Privacy Policy.
Our Data Protection point of contact is responsible for assisting with enquiries to this Privacy Policy and or our Data Protection point of contact you can do so using the contact details noted at 2 below.
1. Definitions
Data controller - A controller determines the purposes and means of processing personal data.
Data processor - A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. Who are we?
Smart Business Recovery Limited is the data controller. This means we decide how your personal data is processed and for what purposes.
Our contact details are: Smart Business Recovery Limited, The Old Rectory, Main Street, Glenfield, Leicestershire, LE3 8DG. For all data matters contact Gavin Bates on 0116 2325117 or gavin@smartbusinessrecovery.co.uk
If you have questions or comments about this Privacy Policy or how we handle personal data, please direct your correspondence to the Smart Business Recovery Limited, The Old Rectory, Main Street, Glenfield, Leicestershire, LE3 8DG or email gavin@smartbusinessrecovery.co.uk.
3. How we collect personal data
We may collect information in the following ways;
Directly – We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us their business card, complete contact forms, attend events, visit our office. We may also obtain information personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract or through hosted software applications.
Insolvency Services – We obtain personal information in our insolvency work, initially to enable us to assess the insolvency options available to you or the Company and subsequently, to enable us to deliver insolvency services to our clients and meet our legal responsibilities, which is a legitimate interest.
This will involve us sharing your personal data or personal data that you control, as part of the provision of those insolvency services.
For example, we will require details of employees in an insolvent company in order for is to calculate outstanding pay, holiday pay, redundancy pay and pay in lieu of notice. That information is shared with the Insolvency Service, the government department responsible for making these payments to ensure that these payments are correct and as part of the insolvency process.
Our services may also include processing personal data under our client’ control on our hosted software application, which may be governed by different privacy terms and conditions.
Public Sources – Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, and internet searches
Social and professional networking sites - if you register or login using social media we may collect information and content. This may include your name and email address and depending on your privacy settings, additional details about you.
Recruitment Services – We may obtain personal data about candidates from an employment agency, and other parties including former employees and credit reference agencies.
4. The categories of personal data concerned
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
- Personal data
- Contact details (e.g. name, company name, job title, work and mobile numbers, work and personal email address and postal address’s.
- Professional details (e.g. job and career history, educational background and professional memberships
- Employee, payroll and pension details (e.g., name, address, date of birth, employment start date, personal email address, dates of breaks in employment and relevant information required to facilitate insolvency claims).
- Family and dependents (e.g. when dealing with personal insolvency matters we are often required to obtain details regarding family and dependents)
- Financial information (e.g. tax and accounting records, payroll, pension records, investment interest, finance agreements, assets, bank details and relevant information to facilitate our work as insolvency practitioners
- Special categories of data.
- We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for the legitimate business purposes.
5. What is our legal basis for processing your personal data?
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services;
- Contract – We may process personal data in order to perform our contractual obligations.
- Consent – we may rely on your freely given consent at the your provided your personal data to us.
- Legitimate interests – we may rely on legitimate interest based on our evaluation that the processing is fair, reasonable and balanced, for example direct marketing to deliver timely market insights and speciality knowledge we believe is welcomed by our business clients, contacts and individuals who have interacted with us.
- Legal obligations and regulatory and public interests – we may process personal dat inorder to meet regulatory and public obligations or mandates.
More information on lawful processing can be found on the ICO website.
6. Sharing your personal data
Your personal data will be treated as strictly confidential. We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. These include the following categories
- Parties that support us as we provide our services (e.g. IT support systems, document archiving and destruction services, specialist insolvency software providers, website hosting service providers)
- Our professional advisors, including valuation agents, solicitors, accountants and insurers.
- Our professional insolvency licencing bond and enabling bond provider
- Other government and regulatory agencies (e.g., HMRC, the Insolvency Service) or to other third parties as required by, and in accordance with, applicable law or insolvency regulation.
7. How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary for a period of 6 years following the conclusion of our appointment in order to HMRC rules and regulations and also those of our regulators.
8. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data.
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
9. Transfer of Data Abroad
We do not store personal data situated outside of the European Economic Area (EEA).
10. Automated Decision Making
We do not use any form of automated decision making in our business
11. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
12. Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
13. How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact our Gavin Bates on 0116 2325117 or gavin@smartbusinessrecovery.co.uk
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031 231113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
