PRIVACY POLICY
AND
DATA PROTECTION
What personal data
we collect
​
-
Contact inquiries: When you email us via our “Contact” form or directly, we collect your name, email address and any other personal data you choose to share.
-
Client project data: As part of our consultancy services, you may provide us with personal or business data (e.g. staff lists, HR metrics, survey responses).
Why we collect it
-
Responding to you: So we can reply to your enquiry.
-
Delivering our services: To carry out the work you’ve engaged us to do (e.g. analysis, reporting, evaluation).
Legal basis
We process your data under the UK GDPR on the basis of:
-
Contractual necessity (where we need it to perform the services you’ve requested), and
-
Legitimate interests (for managing our client relationships and improving our services).
How we store and protect it
-
All electronic data is held on secure, encrypted servers with access restricted to authorised Policy Bank staff.
-
Any paper records are kept in locked storage.
-
We have policies and technical controls in place to guard against unauthorised access, accidental loss or destruction.
How long we keep it
-
Enquiry emails are retained for up to 12 months after our last correspondence, then securely deleted.
-
Client project data is retained only as long as needed to fulfil our contract and any statutory record-keeping requirements; thereafter it’s permanently deleted or returned to you on request.
Your rights
Under UK GDPR you can, subject to certain conditions, ask us to:
​
-
Access the personal data we hold about you.
-
Rectify any inaccuracies.
-
Erase your data or restrict our processing of it.
-
Object to our processing.
-
Receive your data in a portable format.
To exercise any of these rights, or if you have any questions, please email our Data Protection Lead at team@thepolicybank.co.uk.
If you’re unhappy with our response, you can lodge a complaint with the Information Commissioner’s Office at ico.org.uk.