We collect or use the following information to provide and improve products and services for clients, customers and associates:
Names and contact details
Addresses
Occupation
Date of birth
Payment details (including card or bank information for transfers and direct debits)
Financial data (including income and expenditure)
Transaction data (including details about payments to and from you and details of products and services you have purchased)
Usage data (including information about how you interact with and use our website, products and services)
Employment details (including salary, sick pay and length of service)
Credit history and credit reference information
Information relating to compliments or complaints
Video and audio recordings (e.g. Zoom meetings)
Records of meetings and decisions
Account access information
Website user information
For operation of accounts
Names and contact details
Addresses
Purchase or service history
Account information, including registration details
Information used for security purposes
Marketing preferences
Technical data, including information about browser and operating systems
For prevention and detection of crimes
Names and contact information
Client accounts and records
Call recordings
Financial information e.g. for fraud prevention or detection
Location data
To comply with legal requirements
Any other personal information required to comply with legal obligations
Safeguarding information
To protect welfare
Names and contact information
Account information
Emergency contact details
For dealing with queries, complaints or claims
Names and contact details
Payment details
Account information
Purchase or service history
Call recordings
Witness statements and contact details
Relevant information from previous investigations
Customer or client accounts and records
Financial transaction information
Correspondence
Lawful bases and data protection rights
Under UK data protection law, we must have a "lawful basis" for collecting and using your personal information. You can find out more about lawful bases on the ICO's website.
Your data protection rights
Right of access
You have the right to ask us for copies of your personal information and details about how we use it.
Right to rectification
You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
Right to erasure
You have the right to ask us to delete your personal information in certain circumstances.
Right to restriction
You have the right to ask us to limit how we can use your personal information.
Right to object
You have the right to object to the processing of your personal data in certain circumstances.
Right to data portability
You have the right to ask that we transfer your personal information to another organisation or to you.
Right to withdraw consent
Where we rely on consent, you have the right to withdraw it at any time.
Response timeframe
If you make a request, we must respond without undue delay and within one month.
Our lawful bases
Depending on the purpose, we rely on one or more of the following lawful bases:
Consent — we have permission from you after giving you all relevant information. You have the right to withdraw consent at any time.
Contract — we need the information to enter into or carry out a contract with you.
Legal obligation — we are required to collect or use the information to comply with the law.
Legitimate interests — we collect or use your information because it benefits you, our organisation or someone else, without causing undue risk. This includes sending invoices, milestone cards, and ensuring contracts are compliant.
Where we get personal information from
Directly from you
Publicly available sources
Providers of marketing lists and other personal information
Suppliers and service providers
How long we keep information
We retain personal information only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Client records (contracts, correspondence, invoices) — 6 years from the end of the client relationship
Financial data (billing details, payments) — 6 years from the end of the financial year they relate to
Marketing data (newsletter opt-ins) — until you withdraw consent or 2 years after your last interaction
Associate/subcontractor data (agreements, performance records) — 6 years after the end of the working relationship
Website visitor data (cookies, analytics) — up to 26 months, depending on the type of cookie
In some cases we may retain documents longer where necessary to protect our legal rights or maintain business records.
Who we share information with
Other financial or fraud investigation authorities
Regulatory authorities
Organisations we're legally obliged to share personal information with
Publicly on our website, social media or other marketing and information media
Suppliers and service providers
Sharing information outside the UK
Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.
ClickUp
CategoryProject Management Software
CountryUnited States
SafeguardAddendum to the EU Standard Contractual Clauses (SCCs) and the International Data Transfer Agreement (IDTA)
Bitwarden
CategoryPassword and Secure Document Management Software
CountryUnited States
SafeguardAddendum to the EU Standard Contractual Clauses (SCCs)
Google Workspace
CategoryCloud Service Provider
CountryUnited States
SafeguardAddendum to the EU Standard Contractual Clauses (SCCs)
Brevo
CategoryEmail Marketing & CRM Platform
CountryEuropean Union (France, Germany and Belgium)
SafeguardAddendum to the EU Standard Contractual Clauses (SCCs)
Odoo
CategoryERP / Cloud Business Applications Platform
CountryVaried — Europe region: France & Belgium; Americas region: USA & Canada
SafeguardAddendum to the EU Standard Contractual Clauses (SCCs)
How to complain
If you have any concerns about our use of your personal data, please contact us first: