Privacy Policy - I'm your PA : The virtual assistant company that likes to make you smile.
01902 585 222 info@imyourpa.co.uk

Privacy Policy

Your information is in safe hands

When you submit your information to I’m Your P.A., our primary concern is storing it securely. From time to time, we may let you know about our own products and promotional offers we believe are relevant to you. Please be assured – we never sell data to third parties. Your trust is important to us and we value your right to privacy.

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data, that’s why we’ve developed this privacy policy which:

  • Sets out the types of personal data that we collect
  • Explains how we use your data
  • Explains how we ensure your privacy is maintained
  • Explains the rights and choices you have when it comes to your personal data

This policy also applies to information we collect about people who use our services and our website.

Under the General Data Protection Legislation (‘GDPR’) we are classed as ‘the Data Controller’ and the individual whose data we have collected is known as the data ‘subject’.

If you require any further information you can contact the Data Protection Officer directly at info@imyourpa.co.ukor post to Data Protection Officer, I’m Your P.A. Limited, 2 Shaw Park Business Village, Shaw Road, Wolverhampton, West Midlands WV10 9LE

What types of data does I’m Your P.A. collect?

When you register with us or enquire about our Services, you may provide us with the following pieces of personal data:

  • Name and job title
  • Company name and address
  • Contact information including email address
  • Financial details for invoicing and payment processing purposes
  • Names and phone numbers of contacts you hold
  • Information you believe is relevant and necessary to deliver services e.g. payment preferences, preferred contact times

Whilst delivering our services we may also collect the phone number the call originated from.

In instances where we, I’m Your P.A., collect personal data we are known as the data ‘controller’ in instances where our clients supply the personal data we are known as the data ‘processor’. When acting as a data processor we will manage on your behalf the personal information you require from your clients.

What I’m Your P.A. does with the information we gather

I’m Your P.A. wants to provide the best service experience; we therefore gather this data to understand your needs and personalise our service, thus providing you with a better service experience. In particular, the information will be used for:

  • Providing a tailored and personalised service to clients and customers with products and services most likely to interest you
  • Internal audit purposes
  • Improving our services
  • Processing payments
  • Periodically send promotional or market research communications which we think you may find interesting using the contact details which you have provided. I’m Your P.A. may contact you by email, phone, SMS or mail. The lawful basis on which we process data for this purpose includes:
    • If you’re a customer – a customer/contractual consent
    • If you’ve enquired about our services – either consent (where we’re obliged to obtain), or legitimate interest will apply

How long do we keep your data?

I’m Your P.A. will keep your information for as long as we are providing you a service or are likely to provide a service due to an enquiry we have received.

We will retain records after our business relationship has ended in accordance with our Data Retention Policy detailed below. After this time your data will be securely deleted.

Where data is processed solely for marketing purposes, any information we use for this purpose will be kept until you notify us that you no longer wish to receive this information, or until the data is deleted in accordance with our Data Retention Policy, whichever is earliest. As part of ensuring we are providing the right services to you we may use your data to pursue our legitimate interests in a way which would reasonably be expected as part of running our business and supplying services, this will be done in a way that does not materially impact your rights, freedom or interests.

For example, we may use the services and products supplied historically to you to support or make available personalised offers.

We may also use your address details to post out direct marketing materials telling you about products and services that we think may be of interest to you.

You may choose to opt out of any marketing communications at any time by emailing us at info@imyourpa.co.ukor post to Data Protection Officer, I’m Your P.A. Limited 2 Shaw Park Business Village, Shaw Road, Wolverhampton, West Midlands WV10 9LE

Sensitive Personal Data

It may benefit you to notify us of any health condition or disability you have so that we are aware of these conditions and how they affect you. This will allow us to take any reasonable steps to accommodate specific needs or requirements you have when providing our services to you. This type of information is known under the law as ‘special category information’ (or ‘sensitive personal data’) and we require your explicit consent to process this information.

This data will only be kept as long as it is required for this purpose, or until such time as you notify us you no longer consent to its processing.

Sharing your personal data

I’m Your P.A. works with carefully selected Service Providers that carry out certain functions on our behalf to support the services provided to you. These include, for example, companies that help us with technology services, storing and combining data, processing payments. We only share personal data that enable our Service Providers to provide their services and it will always be shared in a secure and appropriate manner. The providers we use are:

  • IT Services are provided by TLMartin Ltd
  • Telecoms Service are provided by Minotaur Ltd
  • Data is stored with: Apple, Google, Microsoft, Dropbox, Mailchimp, Capsule (Amazon AWS), Xero

We may share personal data with other organisations in the following circumstances:

  • If the law or a public authority says we must share the personal data;
  • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
  • To an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you to. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us; or
  • To any other successors in title to our business

How we protect personal data

We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.

  • We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
  • We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).
  • We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.

However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.

All data, when no longer required will be treated in accordance with our Data Retention Policy

Your rights and choices relating to your personal data

Under data protection legislation, you have several rights regarding the use of your personal data, as follows:

The Right of Confirmation and Access

As a data subject you have the right to obtain confirmation from the data controller as to whether or not personal data concerning you is being processed. You also have the right to obtain from us free information about your personal data stored at any time, and a copy of this information. Furthermore, you have the right to obtain information as to whether personal data is transferred to a third country or to an international organisation. Where this is the case, you also have the right to be informed of the appropriate safeguards relating to the transfer.

Right to Rectification and Erasure (Right to be Forgotten)

You have the right to ask us to rectify inaccurate data or to complete any incomplete personal data that we hold.

You have the right to ask us to erase your personal data without delay where one of the statutory grounds applies, so long as the processing is not necessary. If you request us to erase your personal data, then this means that our business relationship will end as we cannot provide our service without processing your data.

Right of Restriction of Processing/Right to Object

You have the right to restrict the processing of your personal data under certain circumstances, including if you have contested its accuracy and while this is being verified by us, or if you have objected to its processing and while we are considering whether we have legitimate grounds to continue to do so. You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal data concerning you.

Right of Data Portability

You also have the right for certain data you have given us to be provided to you in a structured and commonly used electronic format (for example, a Microsoft Excel file), so that you can move, copy or transfer this data easily to another data controller. You may also request that we transmit this data directly to another organisation where it is practical for us to do so.

Automated individual decision-making, including profiling

You have the right not to be subjected to a decision based solely on automated processing, including profiling. I’m Your P.A. do not process any personal data in this way.

Data protection for Employment and Recruitment Procedures

Details of how we process data for recruitment or employment procedures are covered separately and will be provided to applicants/employees as part of the HR process.

How to exercise your Rights

If you wish to contact us in respect of any of the Rights described above, please get in touch with our Data Protection Officer on 01902 585222 or via email at info@imyourpa.co.uk We will respond to your request free of charge and usually within one month.

How to complain about the use of your data

If you wish to raise a complaint about how we have handled your personal data, including in relation to any of the rights outlined above, you can contact us on the details below at the start of this notice and we will investigate the matter for you.

If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Supervisory Authority – Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can find further information about the ICO and their complaints procedure here: https://ico.org.uk/concerns/

This notice was last updated on 28/08/2018. We may change this notice by updating this page to reflect changes in the law or our privacy practices. However, we will not use your Personal Data in any new ways without your consent.

Data Retention

  1. Introduction

I’m Your P.A. is committed to complying with the law and regulations in all our business activities, including applicable Data Protection Laws.

We are committed to using all appropriate technical and organisational measures to ensure the protection of both customer and employee personal data.

This policy, and the associated policies, set out the expected behaviours of our employees, contractors and third parties in relation to the retention, storage destruction of all data held within the business (including personal data). This policy should be read in conjunction with our Data Protection policy.

  1. Scope

Maintaining business data in a systematic and reliable manner is essential to comply with our legal and regulatory requirements. It also reduces the costs and risks associated with retaining unnecessary information.

A vital part of our Data Protection Policy and practice is that personal data is retained for the appropriate period of time, neither too long nor too short. It is paramount that the retention period allows us to meet our legal and regulatory requirements but that the rights of data subjects are also protected.

This policy has been developed to help employees properly manage Personal Data in a consistent manner which sets out:

  • How long personal data should be retained
  • How records should be disposed of

Unless otherwise stipulated, the policy refers to both hard copy and electronic documents. This document should be read in conjunction with our Data Protection Policy.

  1. Roles and Responsibilities

All employees, including contractors and third parties who process data on our behalf are responsible for complying with the requirements of this policy.

The Data Protection Officer (DPO) is responsible for maintaining the policy. Our DPO can be contacted via email at at info@imyourpa.co.ukor post to Data Protection Officer, I’m Your P.A. Limited 2 Shaw Park Business Village, Shaw Road, Wolverhampton, West Midlands WV10 9LE

All Department Heads are responsible for ensuring that documented procedures are in place to comply with the requirements of this policy.

It is the responsibility of all employees to ensure that they have read the most up to date version of this policy.

  1. Policy

Information/records (hard copy and electronic) will be retained for at least the period specified in our Data Retention Guidelines (see Appendix 1).

All information must be reviewed before destruction to determine if there are special factors that mean destruction should be delayed, for example, potential litigation, complaints or on-going cases.

Hard copy and electronically held records, documents and information must be deleted at the end of the retention period or when requested in accordance with the appropriate Data Protection legislation.

Each department should periodically review and determine whether they have records in their control which should be destroyed pursuant to this policy.

4.1 Suspending the destruction date

If a claim, audit, investigation, subpoena, or litigation has been asserted or filed by or against I’m Your P.A., or is reasonably foreseeable, we have an obligation to retain all relevant records, including those that otherwise would be scheduled for destruction under the records retention schedule.

4.2 How long should we keep our data?

Data should be kept for as long as it is needed to meet the terms of our agreement with our customers and any applicable legal requirements. Our Data Retention Guidelines have been agreed following as assessment of our data and the requirements of all our Regulators, together with our obligations under Data Protection Laws.

4.3 Methods of Destruction

All data, whether hard copy or electronic should be destroyed in a secure manner, preserving the confidentiality of all personal data.

All hard copy data must be disposed of in the confidential waste bins which are located in every area of the business. Under no circumstances should confidential or personal data be put into normal waste bins. We will maintain records of the secure destruction of all waste which is put into the confidential waste.

Our IT department will ensure that all electronic data is securely destroyed in a way which cannot be restored. They will also be responsible for ensure that any electronic equipment is securely wiped, and where appropriate securely disposed of, when it is no longer required by the business.

4.4 Sharing of Information

Unnecessary duplicate information should be destroyed. Where information has been regularly shared between business areas care should be taken to ensure that all copies of the data are destroyed in line with the Data Retention Guidelines.

  1. Training

All employees will have their responsibilities under this policy outlined to them as part of their induction training.

All employees will complete an annual refresher of this training.

I’m Your P.A. will provide further training and guidance if there are any updates made to this policy and/or the associated policies and procedures.

  1. Monitoring Compliance

As a minimum the following will be monitored to ensure compliance with this policy:

  • An annual Data Protection Compliance Audit which will, at the minimum assess:
  • Compliance with policy in relation to the protection of personal data, including;
  • Correct storage of personal data
  • Deletion of personal data in accordance with the schedule

Key business stakeholders will devise a plan with a schedule for correcting any identified deficiencies within a defined and reasonable time frame.

Any major deficiencies identified will be reported to and monitored by the DPO.

  1. Review

This policy is owned by the DPO and will be reviewed at least annually. Any changes applied to the policy will be tracked and, where appropriate refresher training/updates will be cascaded to all appropriate individuals

  1. Related Documents
  • Data Protection Policy
  • Privacy Notice
  • Data Breach Notification Procedure
  • Information Security Policy

Schedule 1 – Data Retention Guidelines

Client Personal Data

Where I’m Your P.A. acts as the Data Controller all data will be protected, retained and deleted in accordance with our agreed contractual agreements as well as in line with Data Protection legislation.

Where I’m Your P.A. acts as the Data Processor all data will be protected and treated in accordance with contractual agreements with the Data Controller as well as in line with Data Protection legislation.

As referenced within our Data Protection Policy and our Privacy Notice; personal and sensitive data will only be retained whilst it’s required to deliver a service (based on contractual agreement) or until such time we are instructed to delete it, whichever is the soonest.

Where data is processed solely for marketing purposes, any information we use for this purpose will be kept until you notify us that you no longer wish to receive this information, or until the data is deleted in accordance with our Marketing guidelines (further information on this can be obtained from our DPO either by email at info@imyourpa.co.ukor post to Data Protection Officer, I’m Your P.A. Limited 2 Shaw Park Business Village, Shaw Road, Wolverhampton, West Midlands WV10 9LE)

As part of ensuring we are providing the right services to you we may use your data to pursue our legitimate interests in a way which would reasonably be expected as part of running our business and supplying services, this will be done in a way that does not materially impact your rights, freedom or interests.

Central business records

Where I’m Your P.A. acts as the Data Controller all data will be protected, retained and deleted in accordance with our agreed contractual agreements as well as in line with Data Protection legislation.

Where I’m Your P.A. acts as the Data Processor all data will be protected and treated in accordance with contractual agreements with the Data Controller as well as in line with Data Protection legislation.

For Accounting and Financial Records, we will retain for 6 years, unless contractual agreements specify differently.

For Complaints records we will retain for 1 year following the resolution of the complaint.

For records relating to legal cases or claims notified to the business, retention periods will be agreed on a case by case basis, in accordance with Data Protection legislation (see 5.1 above).

HR records

I’m Your P.A. will retain all personal data using current Chartered Institute of Personal and Development Guidelines (CIPD) as a benchmark.

We will keep all records for the following sensitive personal data types for 3 years after the year it relates to:

  • Income Tax
  • National Insurance
  • HMRC correspondence
  • Statutory Sick Pay
  • Statutory Maternity pay
  • Parental leave records
  • We will keep all records for the following sensitive personal data types for 6 years after the year it relates to:
  • Salary details
  • Retirement benefits schemes events (for example a change in minimum contribution levels)
  • Redundancy records
  • Pension records
  • Application forms and interview notes captured as part of the application process will be kept for 3 months for any unsuccessful applicant, after which any personal sensitive data will be securely removed.

If further information is required this can be obtained from our DPO either by at info@imyourpa.co.ukor post to Data Protection Officer, I’m Your P.A. Limited 2 Shaw Park Business Village, Shaw Road, Wolverhampton, West Midlands WV10 9LE

Sign Up To I’m Your P.A. Limited Today!

Follow

Contact Info

Tel: 01902 585 222
Email: info@imyourpa.co.uk
Address: 2 Shaw Park Business Village, Shaw Road,
Wolverhampton, WV10 9LE

Company Registration No: 6419485
VAT No: 926 5302 31