HOW WE HANDLE YOUR PERSONAL DATA
Privacy Notice
The Privacy Worx Ltd
Linden House, Linden Close, Tunbridge Wells, TN4 8HH
Email: info@theprivacyworx.com
Telephone: +44 (0) 203 343 9043
Introduction
This Privacy Notice explains how The Privacy Worx Ltd collects, uses, stores and shares personal data when you contact us, enquire about our services, or engage us to provide data protection, privacy and outsourced DPO consultancy services.
We are committed to handling personal data lawfully, fairly and transparently.
Who we are
The Privacy Worx Ltd is the controller of the personal data described in this Privacy Notice.
If you have any questions about this Privacy Notice or about how we handle your personal data, please contact us using the details above.
The personal data we collect
We may collect, use, store and transfer the following categories of personal data:
· Identity data, such as your name, title and job role.
· Contact data, such as your email address, telephone number, business address and company details.
· Enquiry and correspondence data, such as information you include in emails, calls, meeting requests, contact forms and other communications with us.
· Client relationship data, such as records relating to proposals, contracts, instructions, projects, billing and service delivery.
We do not intentionally collect special category personal data through our website contact routes. If such data is provided to us unexpectedly, we will only process it where we have a lawful basis to do so.
How we collect personal data
We collect personal data directly from you when you:
· contact us by email, telephone or contact form;
· request information about our services;
· ask us to take steps before entering into a contract;
· engage us to provide consultancy or outsourced DPO services; or
· communicate with us during the course of a client relationship.
We do not use cookies for tracking, analytics or advertising purposes on our website.
How we use personal data and our lawful bases
We only process personal data where we have a lawful basis to do so.
To respond to enquiries and discuss our services
We use identity, contact and correspondence data to respond to enquiries, arrange meetings or calls, and discuss a possible engagement.
Lawful basis:
· taking steps at your request prior to entering into a contract; and/or
· our legitimate interests in responding to general business enquiries and managing our professional services business.
To prepare proposals, agree terms and enter into a contract
We use identity, contact, correspondence and client relationship data to assess your requirements, prepare proposals and agree contractual terms.
Lawful basis:
· taking steps at your request prior to entering into a contract; and
· performance of a contract, where a contract is concluded.
To provide our consultancy and outsourced DPO services
We use identity, contact, correspondence and client relationship data to deliver our services, communicate with you, manage projects, maintain records and administer the client relationship.
Lawful basis:
· performance of a contract.
To comply with legal and regulatory obligations
We use relevant records, contractual and billing information to comply with legal obligations, including tax, accounting, regulatory and statutory requirements.
Lawful basis:
· compliance with a legal obligation.
To protect and manage our business
We may use relevant personal data where necessary to maintain records, manage professional risk, protect our business, and establish, exercise or defend legal claims.
Lawful basis:
· our legitimate interests in running a professionally accountable business and protecting our legal position.
Legitimate interests
Where we rely on legitimate interests, those interests include:
· responding to general business enquiries;
· managing our professional services business efficiently;
· maintaining appropriate business and engagement records;
· protecting our business and systems; and
· establishing, exercising or defending legal claims.
We do not rely on consent for our ordinary client and business communications.
Recipients of personal data
We may share personal data, where necessary, with:
· IT and business administration providers;
· professional advisers, such as lawyers, accountants, insurers and auditors;
· carefully selected service providers who support delivery of our services; and
· regulators, courts, law enforcement agencies or other authorities where required by law.
We only share personal data where necessary and subject to appropriate confidentiality and security measures.
International transfers
We seek to keep personal data within the United Kingdom wherever possible. However, in limited circumstances, personal data may be accessed remotely from outside the United Kingdom by service providers or support personnel in other jurisdictions.
Where this occurs, we will ensure that appropriate safeguards are in place in accordance with applicable data protection law, including where relevant adequacy regulations or approved contractual transfer mechanisms.
How long we keep personal data
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, regulatory and professional obligations.
· General enquiries that do not result in an engagement: up to 12 months after the last substantive contact.
· Proposal and pre-contract records: up to 2 years after the relevant opportunity closes.
· Client contract, billing and service records: typically 6 years after the end of the client relationship, or longer where required by law or reasonably necessary in connection with legal claims.
Whether you must provide personal data
Where you ask us to take steps before entering into a contract, or where you engage us for services, you will need to provide the personal data reasonably required for us to assess your request, communicate with you and provide our services.
If you do not provide that information, we may be unable to enter into a contract with you or provide services to you.
Automated decision-making
We do not use personal data for solely automated decision-making, including profiling, that produces legal effects or similarly significant effects.
Your rights
Subject to applicable law, you have the right to:
· request access to your personal data;
· request correction of inaccurate or incomplete personal data;
· request erasure of your personal data in certain circumstances;
· request restriction of processing in certain circumstances;
· object to processing based on legitimate interests in certain circumstances; and
· request transfer of your personal data where applicable.
To exercise any of these rights, please contact us at info@theprivacyworx.com.
Complaints
If you are unhappy with how we have handled your personal data, please contact us first so that we have an opportunity to address your concerns.
You also have the right to lodge a complaint with the Information Commissioner’s Office.
Changes to this Privacy Notice
We may update this Privacy Notice from time to time. Any material changes will be posted on this page together with the updated effective date.
Last updated: October 2025