Introduction
How HELP TO MANAGE uses your information to provide you with business
management consultancy.
This office keeps business records confidential and complies with the General
Data Protection Regulation.
We hold your business record so that we can provide you with safe service
and professional consultation.
We will also use your information so that this office can check and review the
quality of the service we provide. This helps us to improve our services to you.
This privacy notice applies to personal information processed by or on behalf
of the office. This Notice explains:
● Who we are, how we use your information and our Data Protection
Officer
● What kinds of personal information about you do we process?
● What are the legal grounds for our processing of your personal
information (including when we share it with others)?
● What should you do if your personal information changes?
● For how long your personal information is retained by us?
● What are your rights under data protection laws?
The General Data Protection Regulation (GDPR) became law on 24th May
2016. This is a single EU- wide regulation on the protection of confidential and
sensitive information. It enters into force in the UK on the 25th May 2018,
repealing the Data Protection Act (1998).
For the purpose of applicable data protection legislation (including but not
limited to the General Data Protection Regulation (Regulation (EU) 2016/679)
(the “GDPR”), and the Data Protection Act 2018 (currently in Bill format before
Parliament) the office responsible for your personal data is:
HELP TO MANAGE
2 Blackburn House, Bedford rd. Aspley Guise. MK17 8DH
Email: [email protected]
Website: https://helptomanage.co.uk
This Notice describes how we collect, use and process your personal data, and
how, in doing so, we comply with our legal obligations to you. Your privacy is
important to us, and we are committed to protecting and safeguarding your
data privacy rights.
How we use your information and the law
HELP TO MANAGE will be what’s known as the ‘Controller’ of the personal
data you provide to us.
We collect basic personal data about you which does not include any special
types of information or location-based information. This does, however,
include name, address, contact details such as email and mobile number etc.
We will also sometimes collect sensitive confidential data known as “special
category personal data”, in the form of business information, religious belief (if
required in a business management setting) , ethnicity, and gender during
the services we provide to you and or linked to your business through other
business consultancy providers or third parties.
Why do we need your information?
The business management professionals who provide you with service,
maintain records about your business and any service you have received
previously.
These records help to provide you with the best possible business service.
Our records may be electronic, on paper or a mixture of both, and we use a
combination of working practices and technology to ensure that your
information is kept confidential and secure. Records which the office hold
about you may include the following information;
● Details about you, such as your address, carer, legal representative,
emergency contact details
● Information about your business and employees
● Results of investigations such financial reports
● Relevant information from other contractors or suppliers
To ensure you receive the best possible service, your records are used to
facilitate the service you receive. Information held about you may be
used to help protect the privacy of the business and to help us manage
the company.
How do we lawfully use your data?
We need to know your personal, sensitive and confidential data in order to
provide you with business services, under the General Data Protection
Regulation we will be lawfully using your information in accordance with:
Article 6, e) processing is necessary for the performance of a task carried out
in the public interest or in the exercise of official authority vested in the
controller;”
This GDPR Notice applies to the personal data of our clients and the data you
have given us about your carers/family members.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information
collected lawfully in accordance with:
● Data Protection Act 2018
● The General Data Protection Regulations 2016
● Human Rights Act 1998
● Common Law Duty of Confidentiality
Every member of our staff has a legal obligation to keep information about
you confidential.
With your consent we would also like to use your information for other services
We would, however, like to use your name, contact details and email address
to inform you of services that may benefit you or special offers that you may
be interested in.
This information is not shared with third parties and you can unsubscribe at
any time by email: [email protected]
Where do we store your information Electronically?
All the personal data we process is processed by our staff in the UK however
for the purposes of IT hosting and maintenance this information may be
located on servers within the European Union.
We have verified that any third party services that are used in the office are
GDPR compliant and are certified under the EU-US Privacy Shield Framework
(or are working towards certification) where these organisations are based
outside of the EU.
How long will we store your information?
We are required under UK law to keep your information and data for the full
retention periods as specified by the code of business conduct.
Currently, we are legally required to hold your medical records for 8 years.
How can you access, amend and move the personal data that you have given to us?
Even if we already hold your personal data, you still have various rights in
relation to it. To get in touch about these, please contact us. We will seek to
deal with your request without undue delay, and in any event in accordance
with the requirements of any applicable laws. Please note that we may keep a
record of your communications to help us resolve any issues which you raise.
Right to object: If we are using your data because we deem it necessary for
our legitimate interests to do so, and you do not agree, you have the right to
object. We will respond to your request within 30 days (although we may be
allowed to extend this period in certain cases). Generally, we will only disagree
with you if certain limited conditions apply. Right to withdraw consent:
Where we have obtained your consent to process your personal data for
certain activities (for example for a research project), or consent to market to
you, you may withdraw your consent at any time. Right to erasure: In certain
situations (for example, where we have processed your data unlawfully), you
have the right to request us to “erase” your personal data. We will respond to
your request within 30 days (although we may be allowed to extend this
period in certain cases) and will only disagree with you if certain limited
conditions apply. If we do agree to your request, we will delete your data but
will generally assume that you would prefer us to keep a note of your name
on our register of individuals who would prefer not to be contacted. That way,
we will minimise the chances of you being contacted in the future where your
data are collected in unconnected circumstances. If you would prefer us not
to do this, you are free to say so. Right of data portability: If you wish, you
have the right to transfer your data from us to another business management
consultancy. We will be able to send you an electronic copy of your notes.
Access to your personal information
Data Subject Access Requests (DSAR): You have a right under the Data
Protection legislation to request access to view or to obtain copies of what
information the office holds about you and to have it amended should it be
inaccurate. To request this, you need to do the following:
● Your request should be made to the office
● There is no charge to have a copy of the information held about you
● We are required to respond to you within one month
● You will need to give adequate information (for example full name,
address, date of birth, and details of your request) so that your identity
can be verified, and your records located.
What should you do if your personal information changes?
You should tell us so that we can update our records. We will from time to
time ask you to confirm that the information we currently hold is accurate
and up-to-date.
Data Protection Officer:
The Practice Data Protection Officer is Rita Raile. Any queries in regard to
Data Protection issues should be addressed to him by email:
