Data controller - A controller determines the purposes and means of processing personal data.
Data processor - A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Smart Business Recovery Limited is the data controller. This means we decide how your personal data is processed and for what purposes.
Our contact details are: Smart Business Recovery Limited, The Old Rectory, Main Street, Glenfield, Leicestershire, LE3 8DG. For all data matters contact Gavin Bates on 0116 2325117 or firstname.lastname@example.org
We may collect information in the following ways;
Directly – We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us their business card, complete contact forms, attend events, visit our office. We may also obtain information personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract or through hosted software applications.
Insolvency Services – We obtain personal information in our insolvency work, initially to enable us to assess the insolvency options available to you or the Company and subsequently, to enable us to deliver insolvency services to our clients and meet our legal responsibilities, which is a legitimate interest.
This will involve us sharing your personal data or personal data that you control, as part of the provision of those insolvency services.
For example, we will require details of employees in an insolvent company in order for is to calculate outstanding pay, holiday pay, redundancy pay and pay in lieu of notice. That information is shared with the Insolvency Service, the government department responsible for making these payments to ensure that these payments are correct and as part of the insolvency process.
Our services may also include processing personal data under our client’ control on our hosted software application, which may be governed by different privacy terms and conditions.
Public Sources – Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, and internet searches
Social and professional networking sites - if you register or login using social media we may collect information and content. This may include your name and email address and depending on your privacy settings, additional details about you.
Recruitment Services – We may obtain personal data about candidates from an employment agency, and other parties including former employees and credit reference agencies.
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services;
More information on lawful processing can be found on the ICO website.
Your personal data will be treated as strictly confidential. We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. These include the following categories
We keep your personal data for no longer than reasonably necessary for a period of 6 years following the conclusion of our appointment in order to HMRC rules and regulations and also those of our regulators.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
We do not store personal data situated outside of the European Economic Area (EEA).
We do not use any form of automated decision making in our business
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
To exercise all relevant rights, queries or complaints please in the first instance contact our Gavin Bates on 0116 2325117 or email@example.com
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031 231113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.