Privacy notice

Last updated:

Summary

This privacy notice explains how Assure Start Ltd (SC821120) handles your personal data. In short, we only collect what we need to in order to provide services to you, and always use privacy-aware or privacy preserving methods of collection, processing and storage for any detail we need to hold.

  • We're registered
    We are registered as a data controller with the ICO (Information Commissioner's Office), our registration number is ZB664803.
  • We collect only what's needed, when it's needed
    We do not collect any personal data from visitors, except what you may provide to us for provision of services or products. This would typically mean name and email address for communication and invoicing purposes.
  • We're not tracking you, or allowing others to
    We do not use cookies or any other tracking technologies.

Data collection

We're only collecting what you disclose to us.

Data you share with us

The only way we'll have your data is if one of the following has happened:

  • You make an enquiry
  • You become a client
  • We do not use lead generation software
  • We do not buy customer lists
  • We do not use website analytics or targeting methods
Table 1: Data we collect and why
Actor Description Data types Lawful basis
Client We collect personal data from clients in order to provide services to them.
  • Name
  • Email
  • Context
  • Legitimate interest
    When initially engaging
  • Contract
    When you become a client
  • Consent
    Any marketing activity
Website visitor We minimise the amount of information collected by our website infrastructure. However, the nature of these technologies means that some information may be temporarily collected in logs to ensure the website works properly for everyone.
  • IP address
  • Browser information
  • Legitimate interest

Data obtained from third-party sources

On occasion we may collect data from third-party resources such as social media where that data is made available (e.g. LinkedIn), or where partnering with another organisation for the purposes of providing services (e.g. you're referred to us).

Data sharing (third-parties and processors)

Sometimes we share limited data for business critical activities (like processing payments).

We use services of third-party companies (data processors) to support service delivery. A typical example would be a website hosting provider, an email provider, accounting software or a payment processor.

To reduce the likelihood of an attack on our services, we don't provide a full list of these systems here. However, if you require a full list please contact us and we'll provide one.

When we use services for this purpose we ensure the appropriate legal, information security and contractual arrangements are in place to support our data protection obligations. We typically avoid the use of services where personal data would be transferred outside of the UK or EU. However, where this is unavoidable we ensure the appropriate safeguards are in place to enable this (e.g. adequacy or standard contract terms).

Table 2: Data processors we use and why we use them
Provider Description Data types Policies
cal.com We use this service for calendar scheduling, enquiries and lead collection. This is optional and you can always contact us directly using another method. We chose this provider due to its commitment to open-source and strong information security controls.
  • Name
  • Email
Privacy Policy
Stripe We use this service to process client payments and generate invoices. This is essential for us to operate and provide our services. We chose this provider due to its dominant market position, strong client facing security and developer experience.
  • Name
  • Email
  • Billing
  • Tax status
Privacy Policy
GoCardless We use this service to process client payments and generate direct debit mandates for clients who choose to pay this way.
  • Name
  • Email
  • Billing
  • Tax status
Privacy Policy
WhatsApp Business Clients or website visitors may choose to contact us using WhatsApp Business. This is optional and you can always contact us directly using another method.
  • Name
  • Phone number

Data retention

We retain data for specific, justified purposes only and for as little time as possible — we regularly review this.

We only retain personal data for as long as necessary to provide a service or information you have requested, or for other mandatory purposes such as complying with our legal obligations or resolving disputes.

We will retain your personal data for as long as you are a client, or for a maximum period of 2 years after you cease to be a client or otherwise end your relationship with us. This is to ensure we can comply with our legal obligations, and to allow us to respond to any questions or complaints that may arise after you stop being a client.

We may retain some personal data for longer periods of time where we are required to do so in accordance with legal, regulatory, tax or accounting requirements — for example, we may need to retain certain data within financial records for up to 7 years for tax purposes.

Data rights

We'll help you exercise these rights. For impartial advice, see the ICO guidance.

You have the right to request access to your personal data, to have it corrected, deleted, or to restrict its processing. You also have the right to data portability and to object to its processing.

  • Your right of access
    You have the right to request a copy of the personal data we hold on you.
  • Your right to rectification
    If any of the personal data we hold is incorrect, you have the right to rectify this (including incomplete data).
  • Your right to erasure
    You have the right to request we erase (delete) any personal data we hold. This only applies in some circumstances, we might be required to retain certain information for regulatory purposes — if that's the case, we'll let you know.
  • Your right to restrict processing, or object to it
    You have the right to ask us to restrict (stop) processing your personal data or object to its use.
  • Your right to data portability
    You have the right to request a copy of your personal data in a structured, commonly used and machine readable format (e.g. csv, json).

Cookies

Bonus! We don't need a cookie notice.

We do not implement any third-party services that collect or track personal data. There are no necessary cookies for the website to function.

We do use a lightweight, privacy-aware analytics package from Cloudflare and a self-hosted instance of Umami (a privacy-aware and open-source analytics package).

"Cloudflare Web Analytics does not use any client-side state, such as cookies or localStorage, to collect usage metrics. We also don’t “fingerprint” individuals via their IP address, User Agent string, or any other data for the purpose of displaying analytics."

Infrastructure

We're technologists, so we built this website from scratch to be lightweight and avoid common dependencies that might share your data with third-parties (e.g. remote hosted web fonts).

Contact details

Our contact methods are available on the contact page.

If you are contacting us regarding data protection, the suggested method is to email hello@assurestart.co.

Complaints

You have the right to lodge a complaint with the appropriate data protection authority about how we use your personal data.

Contact details for the Information Commissioners Office (ICO) in the UK are available on their website.