Client Privacy Notice

Client Relationship Management

If you do business with us, contact us, are referred to us, or are determined to be a sales target, then we store the contact details of one or more of your representatives, so that we can communicate with you concerning the potential or actual provision of our services. We do not give, sell, or exchange these details with third-party companies for marketing purposes.

We store this information in our internal fileservers, email and phone contact databases, call logging, CRM, and backup systems.

We may also store it in the third-party process management system Trello.

For further details, please see the Trello privacy policy.

We may also store it in the third-party communication system Slack.

For further details, please see the Slack privacy policy.

We may also store it in the third-party calendar system Google Calendar.

For further details, please see the Google privacy policy.

We believe that our GDPR lawful basis for processing such personal data is one of legitimate interest.

Processing Your Data

In order to deliver the contracted product or service we will often need to process data on your behalf for which you are the GDPR data processor, such as  your employee records. We will do our utmost to ensure the security of this data, and retain it for the minimum amount of time possible.

We store this information in our internal fileservers, email and phone contact databases, call logging, CRM, and backup systems.

We may also store it in the third-party calendar system Google Calendar.

For further details, please see the Google privacy policy.

We may also store it in the third-party job tracking system ProWorkflow

For further details, please see the ProWorkflow privacy policy.

We may also store it in the third-party accounting system Xero.

For further details, please see the Xero privacy policy and Xero GDPR Centre.

We believe that our GDPR lawful basis for processing such personal data is one of contract.

If we need to pass such data onto a sub-processor, such as an occupational health professional, then we will ensure that they are GDPR compliant, and only do so with your explicit consent.

We believe that our GDPR lawful basis for processing such personal data is one of consent.

Finance & Accounting

If you are a client then your contact details, together with data relating to the purchased service, are stored by our third-party accounting system provider Xero. We use this information to issue quotes, invoices, and track financial performance.

For further details, please see the Xero privacy policy and Xero GDPR Centre.

This information will also be visible to our accountants Sibbalds.

For further details, please see the Sibbalds privacy policy.

We believe that our GDPR lawful basis for processing such personal data is one of legitimate interest.

Marketing Communication

If you do business with us or express an interest in our products or services, then we may add you to our email newsletter list. You can opt out of this at any time.

Please see our marketing privacy notice for further details.

We believe that our GDPR lawful basis for processing such personal data is legitimate interest in conjunction with the 'soft opt-in' provision of PECR.

Client Testimonials

We publish testimonials given by named clients for marketing purposes. We only do this if we have your explicit consent.

If you've previously given a testimonial but would like it to no longer be used, please let us know.