top of page

Data Protection Policy

Last updated: 18th January 2025​

​​​Introduction​

EngagePro Solutions Ltd ("we," "us," or "our") is committed to protecting the personal data of our clients, employees, and stakeholders in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we collect, process, store, and secure personal data.​

Scope

This policy applies to:

  • All employees, contractors, and partners of EngagePro Solutions Ltd.

  • All personal data processed by EngagePro Solutions Ltd, including that of clients, prospects, and employees.

Key Definitions

Personal Data: Any information relating to an identified or identifiable person.

Data Subject: The individual to whom the personal data relates.

Processing: Any operation performed on personal data, such as collection, storage, or deletion.

Data Controller: The entity that determines the purposes and means of processing personal data (EngagePro Solutions Ltd).

Principles of Data Protection

We adhere to the following principles when processing personal data:

  • Lawfulness, Fairness, and Transparency: We process data lawfully and transparently.

  • Purpose Limitation: Data is collected for specific, legitimate purposes and not processed further in a manner incompatible with those purposes.

  • Data Minimisation: We collect only the data necessary for the purpose.

  • Accuracy: Personal data is accurate and kept up to date.

  • Storage Limitation: Data is retained only for as long as necessary.

  • Integrity and Confidentiality: Personal data is processed securely to protect against unauthorised access, loss, or damage.

Legal Basis for Processing Personal Data

We process personal data under the following legal bases:

  • Contractual necessity: To deliver services to clients.

  • Consent: For marketing communications (where applicable).

  • Legal obligation: To comply with laws such as tax and employment regulations.

  • Legitimate interests: For business purposes such as client relationship management.

Rights of Data Subjects

Data subjects have the following rights under the UK GDPR:

  • Right to Access: Request a copy of the personal data we hold.

  • Right to Rectification: Request correction of inaccurate or incomplete data.

  • Right to Erasure: Request deletion of personal data where it is no longer necessary.

  • Right to Restrict Processing: Request the limitation of how we process data.

  • Right to Data Portability: Receive data in a machine-readable format.

  • Right to Object: Object to processing based on legitimate interests or for direct marketing.

  • Right to Withdraw Consent: Withdraw consent for data processing at any time.

  • Right to Complain: Lodge a complaint with the Information Commissioner’s Office (ICO).

Data Collection and Processing

We collect and process personal data:

  • Directly from data subjects (e.g., clients providing contact details)

  • From publicly available sources (e.g., LinkedIn or company websites).

Data is processed for purposes such as:

  • Delivering services to clients.

  • Managing client relationships and communication.

  • Processing payments and fulfilling legal obligations.​

Data Security

We implement appropriate technical and organisational measures to ensure the security of personal data, including:

  • Access Control: Restricting access to authorised personnel only.

  • Encryption: Securing sensitive data during transmission.

  • Regular Audits: Conducting periodic reviews of data protection practices.

  • Training: Providing data protection training to employees.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.

  • Client data: Retained for 5 years after the conclusion of services.

  • Employee data: Retained for 7 years after employment ends, in line with legal requirements.

After the retention period, data will be securely deleted or anonymised.

Data Sharing and Transfers

We do not sell personal data. Data may be shared:

  • ​With trusted third parties for business operations (e.g., payment processors, IT providers) under confidentiality agreements.

  • With legal authorities if required by law.

  • If data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

Data Breach Policy

In the event of a data breach:

  • We will assess the nature and impact of the breach.

  • Notify the ICO within 72 hours if the breach poses a risk to data subjects.

  • Inform affected data subjects without undue delay if there is a high risk to their rights and freedoms.

  • Document the breach, including its causes, impact, and remediation measures.

Roles and Responsibilities

Data Protection Officer (DPO): The Director oversees compliance with data protection laws.

Employees: Must follow this policy and report any data protection concerns to the DPO.

Complaints and Queries

If you have any concerns about how we handle your data, please contact us at:

Email: info@engageprosolutions.co.uk

Phone: 01268 975 258

​

If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

 

Website: https://ico.org.uk

Phone: 0303 123 1113

Updates to This Policy

This policy will be reviewed annually or when significant changes occur. The latest version will always be available on our website or upon request.

bottom of page