Data Protection Policy

Effective Date: 18th April 2025

Introduction

Our Commitment to Data Protection

Umair Sajid LTD (“we,” “us”) is committed to protecting personal data in compliance with UK GDPR, the Data Protection Act 2018, and international standards. This policy outlines how we collect, use, store, and safeguard personal data.

Scope

This policy applies to all data subjects (e.g., clients, website visitors) and governs data processed by our employees, contractors, and third-party services.

Definitions of Key Terms

Personal Data: Information identifying a natural person (e.g., name, email).
Data Controller: Umair Sajid LTD (determines data processing purposes).
Data Processor: Third parties (e.g., Stripe, PayPal) processing data on our behalf.
Data Subject: Individuals whose data we process (e.g., clients, website users).

GDPR Principles

We adhere to the following principles (UK GDPR Article 5):

Lawfulness, Fairness, and Transparency

Data is processed lawfully (e.g., via contract or consent).
Users are informed about data use via privacy notices.

Purpose Limitation

Data is collected for specific, legitimate purposes (e.g., service delivery).

Data Minimization

We only collect data necessary for service provision.

Accuracy

Data is kept up-to-date; errors are corrected promptly.

Storage Limitation

Data is retained for 3 years (customer data) or 7 years (payment records).

Integrity and Confidentiality

Technical and organizational measures protect data (e.g., encryption).

Accountability

We document compliance and conduct annual audits.

Data Collection and Use

Types of Data Collected

User-Provided Data: Name, email, business requirements (via contact forms).
Automatically Collected Data: IP address, browser type, session duration.
Payment Data: Processed via Stripe, PayPal, Wise (we do not store full card details).

Legal Basis for Processing

Contractual necessity: To provide services (e.g., digital marketing consultations).
Legitimate interest: Website analytics (e.g., Google Analytics).
Consent: For marketing communications or cookies.

Data Storage and Retention

Storage Protocols

Customer data: Retained for 3 years after last interaction.
Payment records: Stored for 7 years (UK tax compliance).
Cookies: Stored for 6–12 months (analytics) or session-only (essential).

Data Deletion

Data is deleted after retention periods or upon user request (right to erasure).

Data Access and Sharing

Internal Access

Restricted to authorized employees (e.g., project managers, accountants).

Third-Party Sharing

Payment gateways: Stripe, PayPal, Wise (PCI-DSS compliant).
Analytics: Google Analytics (data anonymized).
Legal authorities: If required by law (e.g., tax audits).

Data Security Measures

Technical Measures

Encryption: SSL/TLS for data in transit; AES-256 for sensitive data.
Access controls: Role-based permissions and multi-factor authentication.

Organizational Measures

Regular staff training on data protection.
Annual audits of third-party processors.

Breach Response

Users are notified within 72 hours of a confirmed breach.

Individual Rights

Data Subject Rights

Right to access: Free copy of stored data.
Right to rectification: Correct inaccurate data.
Right to erasure: Delete data (where lawful).
Right to object: Opt out of marketing or analytics.

Exercising Rights

Submit requests to umair hi@umairsajid.com. We respond within 30 days (GDPR) or 45 days (CCPA).

International Data Transfers

Legal Safeguards

Data may be stored in the UK, EU, or USA.
We use Standard Contractual Clauses (SCCs) for transfers to non-EU jurisdictions.

Data Protection Officer (DPO)

Contact Details

DPO: Umair Sajid
Email: grow@umairsajid.com

Policy Updates

Review Process

This policy is reviewed annually or when legal requirements change.

Compliance Checklist

UK GDPR: Adhere to principles (lawfulness, data minimization, etc.).
Data Protection Act 2018: Comply with UK-specific regulations (e.g., law enforcement data).
Third-Party Audits: Verify Stripe, PayPal, and Google Analytics compliance.
Breach Notification: Document and report breaches within 72 hours.

Social Media Marketing

Social Media Advertising

Social Media Management

Lead Generation

PPC Services (Pay-Per-Click)

Social Media Marketing Strategy

Paid Social Media Strategy

Social Media Marketing Consultant

Paid Social Media Consultancy

Facebook Marketing Strategy

Instagram Marketing Strategy

TikTok Marketing Strategy

Facebook Ads Strategy

Instagram Advertising Strategy

Tiktok Ads Strategy

Marketing for Landscaping Businesses

Marketing for Remittance Companies

Marketing for Small Businesses

Facebook Advertising Services

Instagram Advertising Services

TikTok Advertising Services

Case Studies

Success Stories

About Umair

My Team

Blog

Digital Assets

Social Media Marketing & Management Plan

PPC & Social Media Advertising Plan

Full Stack Digital Marketing Plan