Data Protection Policy
Effective Date: 18th April 2025
Introduction
Our Commitment to Data Protection
Umair Sajid LTD (“we,” “us”) is committed to protecting personal data in compliance with UK GDPR, the Data Protection Act 2018, and international standards. This policy outlines how we collect, use, store, and safeguard personal data.
Scope
This policy applies to all data subjects (e.g., clients, website visitors) and governs data processed by our employees, contractors, and third-party services.
Definitions of Key Terms
- Personal Data: Information identifying a natural person (e.g., name, email).
- Data Controller: Umair Sajid LTD (determines data processing purposes).
- Data Processor: Third parties (e.g., Stripe, PayPal) processing data on our behalf.
- Data Subject: Individuals whose data we process (e.g., clients, website users).
GDPR Principles
We adhere to the following principles (UK GDPR Article 5):
Lawfulness, Fairness, and Transparency
- Data is processed lawfully (e.g., via contract or consent).
- Users are informed about data use via privacy notices.
Purpose Limitation
- Data is collected for specific, legitimate purposes (e.g., service delivery).
Data Minimization
- We only collect data necessary for service provision.
Accuracy
- Data is kept up-to-date; errors are corrected promptly.
Storage Limitation
- Data is retained for 3 years (customer data) or 7 years (payment records).
Integrity and Confidentiality
- Technical and organizational measures protect data (e.g., encryption).
Accountability
- We document compliance and conduct annual audits.
Data Collection and Use
Types of Data Collected
- User-Provided Data: Name, email, business requirements (via contact forms).
- Automatically Collected Data: IP address, browser type, session duration.
- Payment Data: Processed via Stripe, PayPal, Wise (we do not store full card details).
Legal Basis for Processing
- Contractual necessity: To provide services (e.g., digital marketing consultations).
- Legitimate interest: Website analytics (e.g., Google Analytics).
- Consent: For marketing communications or cookies.
Data Storage and Retention
Storage Protocols
- Customer data: Retained for 3 years after last interaction.
- Payment records: Stored for 7 years (UK tax compliance).
- Cookies: Stored for 6–12 months (analytics) or session-only (essential).
Data Deletion
- Data is deleted after retention periods or upon user request (right to erasure).
Data Access and Sharing
Internal Access
- Restricted to authorized employees (e.g., project managers, accountants).
Third-Party Sharing
- Payment gateways: Stripe, PayPal, Wise (PCI-DSS compliant).
- Analytics: Google Analytics (data anonymized).
- Legal authorities: If required by law (e.g., tax audits).
Data Security Measures
Technical Measures
- Encryption: SSL/TLS for data in transit; AES-256 for sensitive data.
- Access controls: Role-based permissions and multi-factor authentication.
Organizational Measures
- Regular staff training on data protection.
- Annual audits of third-party processors.
Breach Response
- Users are notified within 72 hours of a confirmed breach.
Individual Rights
Data Subject Rights
- Right to access: Free copy of stored data.
- Right to rectification: Correct inaccurate data.
- Right to erasure: Delete data (where lawful).
- Right to object: Opt out of marketing or analytics.
Exercising Rights
- Submit requests to umair hi@umairsajid.com. We respond within 30 days (GDPR) or 45 days (CCPA).
International Data Transfers
Legal Safeguards
- Data may be stored in the UK, EU, or USA.
- We use Standard Contractual Clauses (SCCs) for transfers to non-EU jurisdictions.
Data Protection Officer (DPO)
Contact Details
- DPO: Umair Sajid
- Email: grow@umairsajid.com
Policy Updates
Review Process
This policy is reviewed annually or when legal requirements change.
Compliance Checklist
- UK GDPR: Adhere to principles (lawfulness, data minimization, etc.).
- Data Protection Act 2018: Comply with UK-specific regulations (e.g., law enforcement data).
- Third-Party Audits: Verify Stripe, PayPal, and Google Analytics compliance.
- Breach Notification: Document and report breaches within 72 hours.