PRIVACY POLICY

This policy was last updated in January 2021

​

Language: All communication is in English

Privacy Policy

Please read this Privacy Policy carefully and ensure you understand it. Using the Site is taken to be your agreement to this Policy. If you do not accept the Policy, then you should stop using the Site immediately.

​

This Policy governs the use of the personal data you provide to us via the site. Personal data is any or all data relating to a natural person who is identified or can be identified, from the data including name, telephone number(s), email address(es), online identifiers, physical address(es) and location data. 

​

Bradley Brown Consulting Ltd respects your privacy. We understand that how your personal data is used and shared online matters to you and we take the privacy of those who visit our website (“the Site”) very seriously. Wherever possible we will endeavour to only collect any data you voluntarily provide other than when you contact us, have contacted us in the past, or have given your consent for us to do so. We will make all reasonable efforts to process your data in accordance with the law.

​

Our site may contain links to other sites. Be aware that if you choose to click on those links your data may be processed by other organisations hosting those sites. We cannot control or monitor this and you should refer to their Privacy Policies to understand how they will process your data.

​

Amending the Policy

​

We may change this policy from time to time, in response to changes in the law or for operational reasons. Any changes will be posted on the Site and you will be notified of these when you access the Site. Use of the Site is deemed as your acceptance of the amended Policy where you continue to use the Site afterwards. You should therefore read any amendments when they are issued and regularly review this Policy.

​

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the site. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

​

Who we are

​

• The Site is owned and operated by Bradley Brown Consulting Ltd via Wix.com. Please refer to https://www.wix.com/about/privacy for their Privacy Policy. 

• Bradley Brown Consulting Ltd is not currently required to be VAT registered. At the point that registration becomes mandatory, prices will change in accordance with prevailing regulations.

• Bradley Brown Consulting Ltd is registered with the ICO.

• We have employees who are listed on the members register of the Association of Chartered Certified Accountants (ACCA). The members registered can be found at https://www.accaglobal.com/uk/en/member.html

• In line with ACCA regulations, we do not provide accounting services or regulated services requiring a Practising Certificate.

​

Your Rights

​

You have certain rights as a data subject under General Data Protection Regulation (GDPR) which governs the collection, processing and disposal of personal data by organisations such as ours.

​

In relation to the personal data we hold about you, you have the right to:

• be informed about how and why we collect and use your data

• be given access to the data we hold about you (reasonable limits apply)

• have any inaccurate or incomplete data rectified

• ask us to delete personal data earlier than we might already dispose of it (limitations may apply)

• prevent us from processing the data further (reasonable limitations may apply)

• port or transfer your data to another platform or application provided it is legal to do so and does not infringe the law or anyone else’s rights

• object to us using your data for specific purposes (i.e. direct marketing)

​

If you have any complaints about our processing of your personal data, or if you are not satisfied with the way we deal with your issue, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). This is the body in charge of supervising personal data use in the UK. The ICO address is Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF Helpline number: 0303 123 1113

​

Contact Details

​

If you wish to contact us with a GDPR query, please send your request in writing by email to GDPR@bradley-brown-consulting.co.uk. Enquiries may also be sent to our registered address at Bradley Brown Consulting Ltd, Chandos House, School Lane, Buckingham, Bucks, MK18 1HD.

​

Requests relating to these rights will be processed within one month from the date your request is received, wherever possible, applicable and appropriate. In the event that more time is needed, you will be informed.

​

Right to be informed

​

This privacy policy explains the collection and use of personal data by the company. For compliance purposes, this policy is provided to you at the point of collection of your personal data.

​

Data we collect

​

In addition to the data you provide directly to the company, we may gather further information, where appropriate, from publicly available sources with your consent. These sources will be explicitly identified during data collection using optional data fields. You give your consent when you complete the optional data fields.

​

When you communicate with us, we will collect your name, e-mail address and any other content you share with us, which may include your phone number.

​

We receive, collect and store any information you enter on the site or provide to us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history.

​

We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

​

We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

​

When you conduct a transaction on the site, as part of the process, we collect personal information you give us such as your name and email address. Your personal information will be used for the specific reasons stated.

​

How your data is used

​

We collect such non-personal and personal information for the following purposes:

• To provide and operate the Services

• To provide Users with ongoing customer assistance and technical support

• To be able to contact Visitors and Users with general or personalised service-related notices and promotional messages

• To create aggregated statistical data and other aggregated and/or inferred non-personal information, which we or our business partners may use to provide and improve our respective services

• To comply with any applicable laws and regulations.

​

We will process and store your data securely and we will only keep it for as long as we need it for the purpose(s) for which it was collected. We may also use your data for marketing purposes where you have given us your explicit consent to do so.

​

We will only share personal data that is within our control where you have given your consent or where we have a legal obligation to do so. Reasons for sharing your data with your consent may include referring you to a third-party service provider.

​

We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone or text messages where you have provided us with your phone number, and/or by post where you have provided us with your postal address.

​

How and where we store your data

​

We will only keep your data as long as we need it for the purpose(s) for which it is collected, and/or for as long as we have your permission to hold it.

​

Some or all of your data may be stored outside of the EEA (European Economic Area). When we store data outside this area, we will take all reasonable steps to ensure that your data is as safe and secure as it would be within the UK and is treated lawfully and in accordance with GDPR.

​

Steps we take to secure your data include any combination of the following:

• use of encryption

• password protection

• multi-factor authentication

• anti-virus protection including anti-spam, anti-malware, etc

​

Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.

​

All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

​

Your personal information may be stored in data centres located in the United States of America, Ireland, South Korea, Taiwan and Israel. Wix.com may use other jurisdictions as necessary for the proper delivery of services and/or as may be required by law.

​

Wix.com is a global company that respects the laws of the jurisdictions it operates within. The processing of the User Customer Data may take place within the territory of the European Union, Israel or a third country, territory, or one or more specified sectors within that third country, of which, the European Commission has decided that it ensures an adequate level of protection (transfer on the basis of an adequacy decision).

​

The security of sensitive data is of extreme importance to Wix.com who are 100% committed to data protection. See all the security certifications received by Wix.com.

​

Cookies and other tracking tools

​

Cookies are small pieces of data stored on a site visitor's browser. They are typically used to keep track of the settings users have selected and actions users have taken on a site.

​

As the site platform provider, Wix.com uses cookies for many important reasons, such as:

• To provide a great experience for visitors and customers.

• To identify registered members (users who registered to our site).

• To monitor and analyse the performance, operation and effectiveness of Wix.com platform.

• To ensure Wix.com platform is secure and safe to use.

​

Duration

​

Session (transient) cookies: These cookies are erased when site visitors close their browsers and are not used to collect information from their computers. They typically store information in the form of a session identification that does not personally identify the user.

​

Persistent (permanent or stored) cookies: These cookies are stored on a site visitor's hard drive until they expire (at a set expiration date) or until they are deleted. These cookies are used to collect identifying information about the user, such as web surfing behaviour or user preferences for a specific site.

​

Category

​

Strictly necessary cookies: These are the cookies that let visitors browse through the site. They are also necessary for security reasons.

​

Functional cookies: These cookies "remember" registered visitors/customers in order to improve user experience.

​

For further information about cookies visit http://www.allaboutcookies.org/

​

First-Party Cookies (Cookies that Wix.com places on our site.)

​

Strictly Necessary

​

Cookie name / Duration / Purpose

• ForceFlashSite / Session / When viewing a mobile site (old mobile under m.domain.com) it will force the server to display the non-mobile version and avoid redirecting to the mobile site

• hs / Session / Security

• sm / Session / Persistent (Two days or two weeks) / Identifies logged in site members

• XSRF-TOKEN / Session / Security

​

Functionality

Cookie name / Duration / Purpose

• svSession / Persistent (Two years) / Identifies unique visitors and tracks a visitor’s sessions on a site

• SSR-caching / Session / Indicates how a site was rendered. 

• smSession / Persistent (Two weeks) / Identifies logged in site members

​

Third-Party Cookies (Cookies that are placed and used by third parties on the site.)

​

Functionality

Cookie name / Duration / Purpose

• TS* / Session / Security

• TS01******* / Session / Security

• TSxxxxxxxx (where x is replaced with a random series of numbers and letters) / Session / Security

• TSxxxxxxxx_d (where x is replaced with a random series of numbers and letters) / Session / Security

​

Right of access

​

You are entitled to make a Subject Access Request under GDPR.

​

In the event that we hold or obtain personal data about you that you have not provided to us and we have not already shared with you, we will endeavour to share this information following a written request, as appropriate, to meet with legal obligations.

​

The right to access your personal data may be restricted where:

• It would be impossible to provide the information requested

• Providing the information would involve disproportionate effort

• Providing the information would render impossible or seriously impair the achievement of the processing objectives

• The company is required by law to obtain or disclose personal data

​

Right to rectification (correction of personal data)

​

We will correct your personal data in compliance with current legislation (i.e. to meet with legal requirements and obligations).

​

Right to erasure (right to be forgotten)

​

We will delete your personal data in compliance with current legislation (i.e. to meet with legal requirements and obligations). In the event that we are legally restricted from deleting your information, we will inform you of this.

​

Right to restrict processing

​

This temporary measure may be invoked where there is a legal obligation and/or legitimate reason for doing so. In the event that restricted processing adversely affects the provision of services, you will be informed.

​

Right to data portability

​

You may transfer (port) your own personal data to another platform or application, where applicable. Your right only applies where it is legal to do so and does not infringe anyone else’s rights or other applicable laws including copyright laws.

​

Due to the nature of the services provided by the company, and to enable the company to fulfil its contractual and legal obligations, it may be necessary to port personal data to another platform or application including for legitimate reasons and for the performance of a contract.

​

Right to object

​

You have the right to object to us processing your data for direct marketing activity purposes unless we are doing so to meet with contractual obligations. We will delete your personal data from our direct marketing listings as soon as is practicable possible, in compliance with current legislation.

​

Where the contract has been completed and discharged (i.e. it has not been continued or rolled-on), or otherwise terminated, your right to withdraw consent will not be affected.

​

Rights in relation to automated decision making and profiling

​

The company does not use automated decision making or profiling, therefore, this right does not apply. If at any point this position changes, you will be informed in advance.

​

Limitations

​

Circumstances where your request may be declined or may incur a reasonable fee include the following, in addition to other limitations stated within this policy.

• We may decline to fulfil your request where the request is deemed to be:

  • manifestly unfounded (i.e. there are no obvious grounds for the request)

  • excessive (i.e. too much information has been requested). Refer to Right of Access restrictions for further details

  • repetitive (i.e. you have already requested the information)

  • impossible to provide the information requested

​

Where the option to pay a reasonable fee to obtain the information requested is offered to you, we will notify you of the fee prior to completing your request. Processing will only commence upon receipt of the fee.

​

Reasonable requests falling outside the limitations specified in this Policy will be processed free of charge within one month from the date your request is received, in accordance with this Policy.

​

Purposes and lawful bases for processing data

​

The company uses the following lawful bases when processing personal data:

​

1. Performance of a contract: to perform the contract and provide the agreed service, fulfilling the necessary duties required to deliver the service purchased or signed up for. This is the company’s main lawful basis for processing data.

​

2. Legal obligations: to comply with the law. This lawful basis applies where additional data processing is required above and beyond that covered by the main basis (performance of a contract) to meet with current legislation such as fulfilling the obligations of the Companies Act.

​

3. Legitimate interests: other circumstances where we may use your data are:

• to fulfil obligations imposed by regulatory bodies including the ACCA (Association of Chartered Certified Accountants)

• for research and development purposes

• for case studies and testimonials included in our products, services and marketing material where you have given explicit irrevocable approval for us to identify you

​

4. Consent: the basis of consent will only apply where additional processing of data is desirable and extends beyond the limits of the main and supplementary bases in points 1, 2 and 3 above. A common example is where consent is required for direct marketing activity.

​

Where required, your consent will be requested to allow the company to process and use your data for reasons specifically stated when you give your consent.

​

When giving clear consent, the company is legally obligated to keep records to prove that consent has been provided.

​

Where the basis of consent applies, you will have the option to opt-in or opt-out wherever possible.

​

Data Retention Period

​

Your data will be held for the period required to comply with legal obligations which, as at May 2019, is 6 years from the end of the company's financial year being 31st August.

​

Data Storage

​

Personal data may be stored in any of the following methods:

• Paper-based files

• Electronic systems including the company website and Microsoft office documents

• Social media platforms, such as LinkedIn, Facebook, WhatsApp, Google Hangouts, Zoom

• Other third party platforms required to meet service provision, legal and regulatory obligations

​

Data Security

​

The company uses McAfee software as its main service providers for data security.

​

Terms and Conditions Notice

​

This policy is part of your contractual agreement with the Company. Please read and familiarise yourself with all Terms and Conditions including Policies, Terms of Use, Code of Conduct, and Rules of Engagement. By signing up for our services, you agree to comply with all of our terms and conditions.

​

Download your copy here: 

​

​

​