Privacy Notice
Last updated January 2024.
The Data Protection Lady is the trading name of Beverley Adams-Reynolds and takes privacy and the protection of personal information seriously – it’s in our DNA and what we do. We are committed to protecting your data and complying with data protection law to its fullest extent. This Privacy Notice explains how we use and protect your personal information, to show that we are adhering to the DPA 2018 and UK GDPR.
Privacy Notice
This Privacy Notice applies to information we collect about individuals who interact with the Data Protection Lady. It explains what personal information may be collected and how we use it. The DPA 2018 and UK GDPR requires every organisation that processes personal information to be registered with the Information Commissioner's Office (ICO). Our registration number ZB557678 and you can find us on the Information Commissioner's register and searching for us by using our registration number.
Our promise to you
• We will keep your information secure and confidential.
• The Data Protection Lady does not spam you with marketing although we do send business to business marketing emails from time to time - you are in control of how we communicate with you – you can opt in or out or change your preferences at any time through the 'unsubscribe' link at the bottom of any marketing email received.
• We will not sell your data to a third party.
• We will not share your data with a third party. The sole deviation from this is when you attend an online professional development event where there is a guest speaker. We may share your business registration details with the guest speaker for their own marketing purposes.
• We know how to manage your information appropriately and in line with legal and regulatory requirements.
Personal data that we process
The following sections explain the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
• Service enquiry
• Contracting our services
• Training services or participating in an online webinar/event
• DPOaaS for smaller charities
• DPO Advisory Services
Service enquiry - If you enquire about our services we will collect your name, email address, telephone number, organisation you work for, your job title and your message.
This will be collected either via the website, email or telephone depending on your preferred contact method. As it is necessary for us to collect that data to enable us to respond to your enquiry in the way you would expect we have a legitimate interest to process that data. You can request for your information to be deleted at any time, however we might not be able to provide you with our services or a reply if your request deletion.
Contracting our services - If you contract one of our services, we will be entering into a contractual relationship with you and this is our legal basis for processing your information. We will collect your organisations details, your contact details and any details of contacts you provide us with to enable us fulfilling our contractual obligations towards you. In addition, should we process any commercially confidential information provided by you, it will be for the purposes specified in the contract and data processing agreement and/or NDA. We also will process limited financial details for the purpose of invoicing and financial transactions.
After engaging our services we will sent you a short feedback form. The information you provide will only be used to improve our services and, where you have agreed, to promote the services of The Data Protection Lady to potential clients via our website, LinkedIn and networking organisations.
Training services - If you request us to provide training for your staff you would need to provide us with their names and email addresses as a minimum to enable us to invite them, issue them with attendance certificates and other administrative purposes as required depending on the service requested.
The lawful basis we rely on for processing your staff personal data provided by you to us is contract.
Webinar attendance - we collect business contact details, who you work for and your role as part of the registration process. This enables us to monitor how many registered participants actually attend, and further promote upcoming events and services offered by both The Data Protection Lady and those of any guest speaker presenting at the event.
The lawful basis we rely on for processing your registration details is that of a contractual arrangement for event attendance, and it is further in our legitimate interest to process these details for business to business marketing and promotional contact.
DPOaaS for smaller charities - For the purposes of delivering the DPO as a Service we would process the data associated with that under contract with the relevant charity as applicable.
DPO Services - For the purposes of delivering the DPO as a Service contracted directly with us will process the data associated with that under contract with your organisation. Unless instructed otherwise we will be processing the data safely and securely. We use Microsoft cloud services protected by strong controls and authentication.
How we use your information
We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out above.
For example, we may use your personal information to:
• Provide services as requested by you.
• Process data relating to the services provided for training purposes.
• Reply to enquiries you send to us.
Types of information
The types of information that we may collect or hold on you for marketing purposes include name, contact details including email, event participation, communication preferences.
Sources of information
Your information may be sourced directly from you or your representative when you come into to contact with the Data Protection Lady. This information will be captured from enquiries and requests for details.
Where you may have attended a networking event organised by a third party organisation, that organisation may share attendee details with delegates for marketing purposes.
If you prefer that your information is not used in this way, please do let us know by calling 07413 219560 or emailing beverley@thedataprotectionlady.com and we will exclude your details from this process.
Legal basis for communications
Where we send marketing emails, we will only contact you if:
(a) the Data Protection Lady contacts you where you are a business and our services may be of specific relevance to you, or
(b) you have given your agreement to be contacted to third party networking organisations.
When we share your data
We will only pass your data to third parties in the following circumstances:
• You have provided your explicit consent for us to pass data to a named third party.
• We are required by law to share your data.
• In addition, we will only pass data to third party processors outside of the EU (as part of a admin processing) where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation (including the UK/US data bridge).
The Data Protection Lady utilises a CRM provided by Freshworks Inc. Data is both stored and backed up solely within the EEA by AWS based in Frankfurt. Freshworks Inc have SCCs (including a DPA Addendum) in place for the restricted transfer of data to the EEA. To access their Privacy Notice please copy and paste into your browser: https://www.freshworks.com/privacy/
Minimum analytics activity takes place and your IP address is not collected. The Data Protection Lady utilises Microanalytics.io for this activity. No cookies are dropped to perform analytics - it is one of the top alternatives to Google analytics and presents as far more privacy centric. Powered by green energy and with a lightweight tracking code less than 1kb in size, Microanalytics makes our website run faster and reduces our carbon emissions.
Free draws
Occasionally we run a free draw and give away a website data protection healthcheck. If you enter a free draw your business contact details will be entered onto our marketing list and you'll start receiving marketing emails from us. You can unsubscribe from our marketing emails at any time by simply hitting the unsubscribe link at the bottom of the email.
How long we keep your data
We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.
Rights you have over your data
You have a range of rights over your data, which include the following:
• Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this by emailing beverley@thedataprotectionlady.com
• You have the right to ask for rectification and/or deletion of your information under certain circumstances.
• You have the right of access to your information.
• You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.
A full summary of your legal rights over your data can be found on the Information Commissioner’s website: https://ico.org.uk/.
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us by emailing beverley@thedataprotectionlady.com
Please note that relying on some of these rights, such as the right to delete your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.
Cookies
Our site uses very few cookies and it is not our intention to track site visitors to any point of intrusion, or share data with third parties, Do see our separate cookie notice for more information.
