Privacy Notice
This privacy notice tells you what to expect us to do with the personal data we process about individuals connected to this business.
Who is managing your data?
Jo Brianti, Data Protection Specialist is a sole trader business based in Ealing, West London.
For all communication regarding this privacy notice please contact us in writing at the following email address:
Default terms used in this privacy notice
In this privacy notice, we use the following standard terms:
“personal data” any data or information collected about an identifiable living individual
“process” personal data is processed when we do anything with it, which includes collecting, sharing, recording, organising, storing, adapting, altering, retrieving, using, viewing, combining, or deletion.
“we”, “us”, and “our” refers to Jo Brianti, Data Protection Specialist
“you” and “your” refers to clients, individuals related to our clients, prospects, suppliers or other contacts
What information we collect, use and why
We collect the minimum data required to run this business. We only collect data directly from individuals and do not purchase, rent or buy from data brokers.
Data collected by us is used for the following purposes:
- to provide goods and services
- to manage customer accounts and guarantees
- for service updates and marketing
- for recruitment
- to manage enquiries and our customer relationships
- to meet our legal obligations
We collect the following data types:
- names, addresses and general contact data
- financial information to make and receive payments
- records of meetings and general communications
- customer or client account and transaction records
- analytics to track website usage and optimise user experience
Lawful basis
UK GDPR and the DPA 2018 requires us to have a lawful basis for processing all personal data collected. At Jo Brianti, Data Protection Specialist we process data with the following legal basis:
- contract – processing data to meet agreed contractual terms
- legal obligation – to comply statutory or regulatory requirements
- consent – processing data for marketing activities or instances where data is shared
- legitimate interests – managing client relationships and data security
Individual rights
UK GDPR and the DPA 2018 provides individuals with rights regarding their personal data which are outlined below:
- right of access – individuals have the right to request copies of their data with an explanation of what data is collected, where and how it was collected, who it is shared with and how long the data is retained
- right of rectification – individuals have the right to ask for errors or incomplete records to be put right
- right to data deletion – individuals may request to have their data deleted from our systems
- right to restrict processing – individuals may ask us to stop processing data where accuracy is in doubt, processing is unlawful or in the event of legal action
- right to object to processing – individuals may object to us processing their data for legitimate interests and ask us to cease processing
- right to data portability – individuals can ask us to transfer their personal data to another organisation
- right to withdraw consent – individuals have the right to remove consent to our data processing at any point
To exercise any of these rights please contact us at the contact details above. We have 1 calendar month to respond to your request except in complex situations where we may extend this.
In some circumstances we may not be able to comply fully with your request where an exemption is in place or where processing takes place to meet a legal obligation. We will be clear on this giving you a detailed explanation for the exemption where applicable.
Who do we share your data with
Jo Brianti, Data Protection Specialist shares personal data with the following data processors. Details of their security and privacy management is detailed in their privacy policies.
- Capsule CRM – our CRM system https://capsulecrm.com/privacy/
- Kit – email marketing tool https://kit.com/privacy
- Microsoft 365 – business operations and general communication https://www.microsoft.com/en-gb/privacy/privacystatement
- Asana – project management tool https://asana.com/terms
- Freeagent – managing company accounts and invoice processing https://www.freeagent.com/privacy/general-privacy-notice/
- Stripe – processing online payments https://stripe.com/gb/privacy
- Thrivecart – checkout, affiliate and coupon software https://legal.thrivecart.com/platform/privacy/
- Google – https://policies.google.com/privacy?hl=en-GB
We also share, when appropriate, personal data with:
- professional and legal advisors
- relevant legal authorities
- professional consultants
- organisations where we have a legal obligation to provide data
- suppliers and service providers
We have a stringent selection process for software and systems to ensure that we use products with high security standards and meet UK data protection legislation.
Our suppliers and service providers are contracted with confidentiality and NDA clauses in place. We carefully select our suppliers and service providers following a defined process to assess their security and privacy standards.
We do not share, sell or exchange data with organisations external to Jo Brianti, Data Protection Specialist.
Sharing information outside the UK
Where necessary, we may transfer personal information outside of the UK. As a small business selecting mainstream software personal data is often hosted globally which is outside our control. When doing so, we comply with the UK data protection regulations to establish that appropriate safeguards and security are in place.
Data management and retention
UK GDPR and the DPA 2018 require us to actively manage data ensure it is retained for the minimum period possible.
Our legal obligations require us to retain financial data for 7 years for audit purposes.
Our relationships with customers and prospects are managed over many years with some prospects becoming customers years after initial discussions or enquires. On this basis we have chosen to retain all prospect and contact data for 10 years.
Customer data is retained for the life of the business relationship and subject to the retention periods above.
Relationships with prospective clients may exist for some years via our marketing channels and email marketing systems. Options to unsubscribe from communications are always provided.
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Updates
This privacy notice is regularly reviewed and may be revised at any point. Please check this notice regularly to ensure you understand the current position.
This notice was last updated in April 2025.