Effective Date: 2nd January 2025
Version: 2.0
1. Introduction and Contact Information
RA Data Protection Ltd. (referred to as “we” “our” and “us”) is a data protection consultancy based in Suffolk who advise and specialise in the UK and EU GDPR and other data protection legislation. We are committed to protecting the privacy and security of your personal data and we have developed this data protection notice (“notice”) to inform you of the personal data we collect, what we do with your personal data, what we do to keep it secure as well as the Rights you have over your personal data.
Throughout this notice we refer to data protection legislation which includes the UK GDPR and Data Protection Act 2018, and other applicable laws including (but not limited to) the EU GDPR 2016, the Privacy Electronic Communication (EC Directive) Regulations (“PECR”) 2003 and the e-privacy Directive. This also includes any new or replacement legislation which may come into effect from time to time.
RA Data Protection Ltd is a data controller as we have determined the purposes of why personal data should be collected and processed.
You can contact us using the following details:
Phone: +44 (0)7851159235
Email: ravi@radataprotection.com
You can also use the above contact details to raise or discuss any data protection matters, complaints and/or concerns.
2. Legal Basis for Data Processing
Data protection legislation requires us to identify an appropriate legal bases to process personal data. The legal basis we rely on as a data controller are detailed below with brief examples for when they may apply:
· Consent, to display any client feedback/testimonials on our website/LinkedIn page
· Contractual Obligation, to take the necessary steps to enter into and conclude contracts
· Legal Obligation, where needed for tax reasons such as UK HMRC purposes.
· Legitimate Interests, to help answer any questions or general enquires received from individuals who we may have no prior existing relationship with
3. Data Subjects
Due to our business activities, we may process personal data of the following individuals (“data subjects”):
· Enquirers
· Customers
· Referrals
The above list is representative and non-exhaustive.
4. Personal Data Collection
We collect personal data through different means such as:
· When you send us an enquiry
· Contact us via telephone or email
· Via third party referrals
The above list is representative and non-exhaustive.
5. Personal Data Processed
We may process the following sets of personal data:
· Name
· Email address
· Phone number
· Job details
The above list is representative and non-exhaustive.
6. How We Use Personal Data
We may use personal data for various activities (i.e. purposes) which can include the following:
· Answering enquiries
· Facilitating/amending meetings
· Carry out our services
· Sending invoices/making payments
· Seek your views or comments on the services we provide
· Notify you of changes to our services
· Handle an enquiry or complaint you have made
The above list is representative and non-exhaustive.
7. Call Recordings
No calls made to us are recorded. If this changes we will be sure to update our notice as required.
8. Payment Information
We do not collect or store any payment information and we do not accept any credit or debit card information at any time. If this changes we will update our notice as required.
9. Data Sharing and International Data Transfers
We do not sell, rent, or lease personal data pertaining to our customers (including prospective customers) at any time.
Please note there may also be instances where we may need to share personal data with a competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.
We also do not transfer any personal data outside the UK/EEA at any time.
10. Marketing Comms and Social Media
We create posts on LinkedIn in which we share news/updates on data protection, provide updates to our services and any testimonials/feedback we receive from any of our clients. We obtain client consent to display our testimonials and feedback beforehand.
We do not currently do any marketing on X, Facebook or Instagram, nor do we carry out email marketing comms. If these are to change we will update this notice as required.
11. Website Links
This website contains links to other websites. We have no control or are liable of these sites, the content on these sites and how these sites protect your personal data. Please refer to their own privacy notices/policies within them.
12. Cookies
We use third party cookies for analytical purposes only. We do not capture any data such as your name or device information but to see how many website visitors we get. These are optional and do not affect your browsing experience.
Our website is built from GoDaddy who utilise Google Analytics for website visitor measurement only.
13. Data Retention
We will retain personal data to provide our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations. We will also determine appropriate retention periods based on our legitimate interests where identified. At the end of the retention period personal data will be securely deleted or destroyed where necessary. For more information to our retention practices, you can contact us using our details above.
14. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. If we become aware of any security incidents or data breaches we will liaise with our third party advisers to ensure the correct process and communications take place.
15. Data Protection Rights
If you are based in the UK you have several Rights to how an organisation processes your personal data. The Rights are as follows:
· Right to be informed
· Right to access data
· Right to rectification
· Right to erasure
· Right to objection
If you would like to exercise any of the above Rights you can do so by sending us a written request using our details mentioned above.
Please note we may ask for ID (e.g. passport scan, drivers license etc) to verify identity where needed. Upon successful verification we will delete and remove all copies of ID received.
Should we also require extension of time to help fulfil any Right requests, we will be sure to contact requestors as soon as possible with reason(s) why an extension is needed and when Right requests can be fully carried out and completed.
16. Concerns and Complaints
We understand you may have concerns and complaints to this notice and any aspects to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details above.
You can also submit a complaint directly to the Information Commissioners Office (the ICO), the UK supervisory authority for data protection in the UK, via https://ico.org.uk/make-a-complaint/
17. Review and Updates
We will review this notice and make changes to it from time to time. We recommend that you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.