top of page

Privacy Policy

About us

Name: Jessica Mussett t/a Inspire Business Support

​

Email: jess@inspirebusiness.support

​

This statement was created on 3rd August 2023. We reserve the right to modify or amend this privacy policy at any time and for any reason. It is also important that any data we hold about you is kept accurate and up to date so please keep us informed of any changes to your personal data whilst using our Services.

​

In full compliance with our obligations under the European Union and United Kingdom General Data Protection Regulations (“GDPR”), the purpose of this policy is to provide you with full transparency about how Inspire Business Support collects and processes your personal data when you brose our website, use our Services or otherwise provide personal data to us. This policy applies where your have directly or indirectly provided us with your personal data through any of the methods of collection listed below in “The Type of Personal Information we Collect” and how and why we process that data according to the required legal bases listed in “How we get the personal information and why we have it”.

​

The type of personal information we collect.

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name and contact details)

  • Our services may involve you providing us with financial or accounts related data (Client Data). The majority of Client Data that you will provide to us will not be ‘personal data’ as such term is defined in Data Protection Laws. However, some of that Client Data may include items of personal information (for example if you are a sole trader and use your personal bank account as your main bank account for making and receiving business payments. Another example is that your accounting information contains your National Insurance number.)

  • Inspire Business Support may carry out data processing on behalf of a client (data controller) from time to time which will make them The Processor under some of the Services provided. In which case, the following applies under Article 28 of the UK GDPR regulations:

1) The processor (Inspire Business Support) shall not engage another processor without prior specific or general written authorisation of the controller (the client). In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.

2) Processing by a processor shall be governed by a contract or other legal act under domestic law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. That contract or other legal act shall stipulate, in particular, that the processor:

(a)processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by domestic law; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

(b)ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(c)takes all measures required pursuant to Article 32;

(d)respects the conditions referred to in paragraphs 2 and 4 for engaging another processor;

(e)taking into account the nature of the processing, assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III;

(f)assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the processor;

(g)at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless domestic law requires storage of the personal data;

(h)makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.

With regard to point (h) of the first subparagraph, the processor shall immediately inform the controller if, in its opinion, an instruction infringes this Regulation or other domestic law relating to data protection.

3) Where a processor engages another processor for carrying out specific processing activities on behalf of the controller, the same data protection obligations as set out in the contract or other legal act between the controller and the processor as referred to in paragraph 3 shall be imposed on that other processor by way of a contract or other legal act under domestic law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of this Regulation. Where that other processor fails to fulfil its data protection obligations, the initial processor shall remain fully liable to the controller for the performance of that other processor's obligations.

​

How we get the information and why we have it.

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • When you contact us through the Website, by telephone, post, e-mail or through any other means.

  • When you give us access to your accounting data (for example, providing us with a log in to access your accounting software or by providing us with your payroll reports)

​

We use the information that you have given us in order to:

  • enable us to supply professional services to you as our client.

  • fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”)).

  • use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.

  • enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.

​

We also receive personal information indirectly, from the following sources in the following scenarios:

  • To the extent that you access the Website, we will collect your Data automatically, for example: (we automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.)

​

We may share this information with:

  • our employees, agents and/or professional advisors - to obtain advice from professional advisers.

  • third party service providers, with whom you require or permit ut to correspond, who provide services to us which require the processing of personal data - to help third party service providers in receipt of any shared data to perform functions on our behalf to help ensure we can carry out our services.

  • subcontractors

  • an alternate appointed by us in the event of incapacity or death.

  • the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation)

​

If the law allows or requires us to do so, we may share your personal data with:

  • the police and law enforcement agencies

  • courts and tribunals

  • the Information Commissioner’s Office (“ICO”)

 

We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties we may need to cease to act.

 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • At the time you instructed us to act, you gave consent to our processing your personal data for the purposes listed above.

  • The processing is necessary for the performance of our contract with you.

  • The processing is necessary for compliance with legal obligations to which we are subject (e.g. MLR 2017).

  • The processing is necessary for the purposes of the following legitimate interests which we pursue: Investigating/defending legal claims.

  • Investigating other areas of interest that may provide benefit to the client.

​

It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.

​

How we store your personal information.

Your information is securely stored:

  • We will use technical and organisational measures to safeguard your Data, for example:

    1. access to your personal information is kept digitally in files unique to you and your business.

    2. we store your Data on secure servers.

    3. Access to any client data is password protected

  • We are certified to ISO 27001. This family of standards helps us manage your Data and keep it secure.

  • Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address: jess@inspirebusiness.support.

  • If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

​

Data retention:

  • Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Data be deleted.

  • Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.

​

Your data protection rights.

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.

  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

  • Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

​

You are not required to pay any charge for exercising your rights, therefore we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why. If you make a request, we have one month to respond to you.

​

Please contact us jess@jrmbusiness.co.uk if you wish to make a request.

​

How to complain.

If you have any concerns about our use of your personal information, you can make a complaint to us by emailing jess@inspirebusiness.support

You can also complain to the ICO if you are unhappy with how we have used your data. However, we would appreciate the opportunity to rectify the situation ourselves beforehand.

​

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

​

©2023 by Inspire Business Support. Proudly created with Wix.com

bottom of page