Summary
This privacy notice explains how Assure Start handles your personal data. In short, we only collect what we need to in order to provide services to you, and always use privacy-aware or privacy preserving methods of collection, processing and storage for any detail we need to hold.
Last updated: 1st May 2024
- We're registered
We are registered as a data controller with the ICO (Information Commissioner's Office), our registration number is ZB664803. - We collect only what's needed, when it's needed
We do not collect any personal data from visitors, except what you may provide to us for provision of services or products. This would typically mean name and email address for communication and invoicing purposes. - We're not tracking you, or allowing others to
We do not use cookies or any other tracking technologies.
Data collection
TL;DR: We're only collecting what you disclose to us.
Data you share with us
The only way we'll have your data is if one of the following has happened:
- You make an enquiry
- You become a client
- We do not use lead generation software
- We do not buy customer lists
- We do not use website analytics or targeting methods
| Actor | Description | Data types | Lawful basis |
|---|
| Client | We collect personal data from clients in order to provide services to them. | Name, Email, Context | - Legitimate interest
When initially engaging - Contract
When you become a client - Consent
Any marketing activity
|
| Website visitor | We minimise the amount of information collected by our website infrastructure. However, the nature of these technologies means that some information may be temporarily collected in logs to ensure the website works properly for everyone. | IP address, Browser information | |
Data obtained from third-party sources
On occasion we may collect data from third-party resources such as social media where that data is made available (e.g. LinkedIn), or where partnering with another organisation for the purposes of providing services (e.g. you're referred to us).
Data sharing (third-parties and processors)
TL;DR: Sometimes we share a little for business critical things (like processing payments).
We use services of third-party companies (data processors) to support service delivery. A typical example would be a website hosting provider, an email provider, accounting software or a payment processor.
To reduce the likelihood of an attack on our services, we don't provide a full list of these systems here. However, if you require a full list please contact us and we'll provide one.
When we use services for this purpose we ensure the appropriate legal, information security and contractual arrangements are in place to support our data protection obligations. We typically avoid the use of services where personal data would be transferred outside of the UK or EU. However, where this is unavoidable we ensure the appropriate safeguards are in place to enable this (e.g. adequacy or standard contract terms).
| Provider | Description | Data types | Policies |
|---|
 | We use this service for calendar scheduling, enquiries and lead collection. This is optional and you can always contact us directly using another method. We chose this provider due to its commitment to open-source and strong information security controls. | Name, Email | Privacy Policy |
 | We use this service to process client payments and generate invoices. This is essential for us to operate and provide our services. We chose this provider due to its dominant market position, strong client facing security and developer experience. | Name, Email, Billing information, Tax status | Privacy Policy |
 | Clients or website visitors may choose to contact us using WhatsApp Business. This is optional and you can always contact us directly using another method. | Name, Phone number | |
Data retention
TL;DR: We retain data for specific, justified purposes only and for as little time as possible — we regularly review this.
We only retain personal data for as long as necessary to provide a service or information you have requested, or for other mandatory purposes such as complying with our legal obligations or resolving disputes.
We will retain your personal data for as long as you are a client, or for a maximum period of 2 years after you cease to be a client or otherwise end your relationship with us. This is to ensure we can comply with our legal obligations, and to allow us to respond to any questions or complaints that may arise after you stop being a client.
We may retain some personal data for longer periods of time where we are required to do so in accordance with legal, regulatory, tax or accounting requirements — for example, we may need to retain certain data within financial records for up to 7 years for tax purposes.
Data rights
TL;DR: We'll help you exercise these rights. For impartial advice, see the ICO guidance.
You have the right to request access to your personal data, to have it corrected, deleted, or to restrict its processing. You also have the right to data portability and to object to its processing.
- Your right of access
You have the right to request a copy of the personal data we hold on you.
- Your right to rectification
If any of the personal data we hold is incorrect, you have the right to rectify this (including incomplete data).
- Your right to erasure
You have the right to request we erase (delete) any personal data we hold. This only applies in some circumstances, we might be required to retain certain information for regulatory purposes — if that's the case, we'll let you know.
- Your right to restrict processing, or object to it
You have the right to ask us to restrict (stop) processing your personal data or object to its use.
- Your right to data portability
You have the right to request a copy of your personal data in a structured, commonly used and machine readable format (e.g. csv, json).
Cookies
Bonus! We don't need a cookie notice.
We do not implement any third-party services that collect or track personal data. There are no necessary cookies for the website to function.
We do use a lightweight, privacy-aware analytics package from Cloudflare and a self-hosted instance of Umami (a privacy-aware and open-source analytics package).
"Cloudflare Web Analytics does not use any client-side state, such as cookies or localStorage, to collect usage metrics. We also don’t “fingerprint” individuals via their IP address, User Agent string, or any other data for the purpose of displaying analytics."
Infrastructure
We're technologists, so we built this website from scratch to be lightweight and avoid common dependencies that might share your data with third-parties (e.g. remote hosted web fonts).
Complaints
You have the right to lodge a complaint with the appropriate data protection authority about how we use your personal data.
Contact details for the Information Commissioners Office (ICO) in the UK are available on their website.