The General Data Protection Regulations (“GDPR") came into force on 25th May 2018 to control the use of personal data. Under GDPR, personal data is any information which can directly or indirectly identify a living person.
• Who we are
• What personal data we collect on you
• How we collect your data
• What we do with your data
• Why we process your data and the lawful basis for processing
• Where we store your data and how we protect it
• Who we share your data with
• What is our marketing policy
• How we use your data on our website
• Your rights
CGR Business Solutions Limited may change this policy from time to time by updating this page. You should check this page periodically to ensure that you are happy with any changes.
Who we are
CGR Business Solutions Limited (“CGR”) are a business consultancy company based in Telford. We provide consulting, advisory and support services to assist businesses.
As part of handling and processing your data, we have a designated Data Controller who will be the contact if you have any queries or issues about what we do or why we do it.
Our Data Controller is: CGR Business Solutions Ltd (company number 11080090)
CGR Business Solutions Limited, Suite 3-12 Grovenor House, Central Park, Telford, Shropshire, TF2 9TW
We are registered with the Information Commissioners Office (“ICO”).
What personal data we collect on you
We may collect the following personal data on you:
• Identity data e.g. full name
• Contact data e.g. addresses, phone numbers, email addresses
• Transaction data e.g. history of current or previous services provided to you
• Financial data e.g. banking details from invoices payments
• Technical data e.g. analytics data from our website
Data Protection law recognises that certain categories of personal information are more sensitive. These are known as special categories of data and cover health information, race, religious beliefs and political opinions. We do not collect any sensitive data.
How we collect your data
We collect your data in the following ways:
• from meeting you in person and exchanging contact details e.g. through business cards
• through enquiries about our services on phone calls and emails
• from your appointed representatives
• through publicly available challenges (both online and in hard copy) such as web searches, companies house and published directories (including papers and magazines)
• from customers themselves providing information in order for us to advise them under the terms of our contractual obligations.
• From our business network of contacts
• Through the information form on our website where you have opted in to receiving communications
What we do with your data
We use your personal data for the following purposes:
• Fulfilling an agreed contract to provide services to you
• Notify you of any changes to our service
• Invoicing you under the terms of our contract
• Building a network of business contacts who may be sources of referral both to us and to assist our customers
• Prospecting to source new customers to build our business
• Responding to your queries about our services
• Maintaining contact with customers or reconnecting after a period of time with a view to provide additional services
• Paying suppliers by using their bank details
• Providing information on services, news or other relevant information that may be of interest to you
• Review website analytics to tailor our online presence to our current and prospective customers
• Maintaining information to complete our records
Why do we process your data and the lawful basis for processing
We process data to provide consulting, advisory and business support services; promote our business; maintain our accounts and records; and build a network of contacts.
GDPR provides six lawful basis for processing data. We process your data on two main grounds:
• Contractual obligations
• Legitimate Interests
Summary of each basis and example of the reason for processing is described below:
It is necessary for us to process customer’s data in order to deliver on our Contractual Obligations to complete a service under agreed terms of engagement, this may be verbal, through a written contract or via email.
It is in our Legitimate Interests to keep you informed of the services; provide you with updates on news or offers and other relevant business information for the purpose of either retaining your custom in the future if you are already a customer or potentially supplying you with our services.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws.
Where we store your data and how we protect it
We store your data in secure electronic files which are backed up on secure hard drives. All paper documents and back up hard drives are stored in a secure location in line with our information security policy.
We only retain your data for as long as is necessary under our data retention policy. At the end of the retention period, data is securely destroyed, and hard copies will be shredded.
Who we share your data with
We may share your data with third party business associates or other advisors in order to fulfil our contractual obligations to you or where they are able to offer services which may be of assistance to you.
What is our marketing policy
From time to time, we would like to contact you by email, telephone and post to provide you with details of our services for marketing purposes on the basis of legitimate business interest. If you wish to opt out of receiving any further communications email email@example.com
How we use your data on our website
We do not use your data for the purposes of profiling or automated decision making. We use Google Analytics data to help to develop our website. All analytics data is anonymous, and you cannot be identified from the data. If you want to exclude yourself from being monitored by analytics, the simplest way is to use private browsing.
In order to provide you with the most tailored experience of our site, we will need to place small text files, or “cookies” on your computer. Most cookies that we use are session cookies and only exist for the length of time that you are using our site. They perform certain functional tasks – such as remembering that you are logged in when moving from page to page or to pre-load personal data from forms to save you time.
We also track cookies anonymously to fuel our site analytics and learn how to improve your experience to hone the relevance of our products or services.
You can set your browser to reject all cookies. Please note that of you do this then certain areas of the website will not be able to function for you. Choose a browser setting that rejects third party cookies but allows the benign, functional ones and site will work.
We occasionally include links to third party sites to provide you with news and relevant information that may be of interest to you.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Transferring data outside of the UK or European Economic Area (“EEA”)
We do not transfer data outside of the UK or EEA. However, by the nature of the internet, the personal data you supply through this website may be sent electronically to servers anywhere in the world e.g. Google Analytics. It may be used, stored and processed anywhere in the world including countries outside the UK or EEA
You have the right to be informed of what we do with your data and why. Under GDPR you have the following rights:
• To access, edit and update your personal information
• To be forgotten and have your personal information deleted
• To restrict processing of your personal information
• To object and complain
You can find more about your individual rights on the ICO website
If you have any issues or queries or need further information, please contact our Data Controller by:
1. Writing to us at:
CGR Business Solutions Ltd
Suite 3-12 Grosvenor House, Central Park, Telford, Shropshire, TF2 9TW
2. Emailing us at: firstname.lastname@example.org
Right to access, edit or update your personal information
You have a right to request a copy of the information we hold on you. Please contact us if you wish to receive a copy of any of your personal data. We will provide a copy of all data we hold on you within one month.
We endeavour to keep all our data as accurate and up to date as possible. If any data, we hold on you is inaccurate or out of date please contact us and we will rectify as soon as possible and at the latest within a month.
All requests should be addressed to our Data Controller at: email@example.com
Right to be forgotten
If a member of the public asks for their personal data to be removed from our current record systems, this will be done within one month of the request being received. The same timescale will apply when we are notified that personal information needs to be corrected or updated. You can also opt out of email correspondance.
You also have the right to be forgotten by us. If you want to be forgotten by us, please contact us at firstname.lastname@example.org and advise us that you want to be forgotten by us.
We will remove all data we hold on you other than what is required to complete our Contractual Obligations. However, you should be aware that by being forgotten, should you may a new enquiry or details are passed to us in future, we will neither hold or have access to any data about you. We also need to store some data, in a secure place, to ensure that we remember your request to be forgotten. For example, if we need to restore systems from a backup we need to know and to remember that you wanted to be forgotten.
Right to restrict processing
You can withdraw consent for any aspect of data processing at any time. Please be aware that we must process and maintain data to support contractual obligations to you and to third parties so withdrawing your consent will not necessarily mean that your data is deleted. We will retain what is necessary to fulfil our contractual obligations and also an identifier to ensure we do not collect your data again.
You can opt out of receiving any communication from us, other than mandated by our contractual obligations, by sending an email to email@example.com
Right to object or complain
You have the right to lodge a complaint with the ICO if you feel that we have not lived up to our obligations.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 19 July 2018.