Privacy Policy

Data processing Information

Steven Johnston, the Small Business GDPR Consultant is a Data Controller under the provisions of the Data Protection Act and the Genera Data Protection Regulation. Our licence number is ZA441684.

We will take all the necessary steps to protect any Data lawfully supplied to us. This includes ensuring that data is fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; accurate; not kept longer than necessary; processed in accordance with your rights; secure; and not transferred to countries outside the European Economic Area.

We hold and process your data by lawfully allowed means, this includes but is not limited to:

Your Consent: Consent is usually given by yourself when you contact us via our Website or personally when We discuss products or services with you.

Contractual obligations: This occurs when you make a purchase directly from us of either products or services, full details of the contractual obligations both of us have will be explained at the time of creating the contract with us.

Should you wish to obtain a copy of the personal data which We hold about you, please contact Steven Johnston, The Old Dairy, Bishampton Road, Flyford Flavell, Worcestershire, WR7 4BT. There is no charge for this service.

As soon as We are satisfied as to your identity, We will send you, within one month of your request a copy of all the data We hold relating to you.

If you believe that any personal data or information which We hold about you is incorrect or incomplete, contact Steven Johnston, The Old Dairy, Bishampton Road, Flyford Flavell, Worcestershire, WR7 4BT. Any information or data which is found to be incorrect will be corrected as soon as possible.

If you wish to have your personal data removed entirely from our systems please contact Steven Johnston, The Old Dairy, Bishampton Road, Flyford Flavell, Worcestershire, WR7 4BT.

As soon as We are satisfied as to your identity and the data is not required to be kept for any other lawful reason or purpose it will be removed from our systems forthwith.

If you are unhappy with any of the responses given to you by us, you may complain to the regulator at the Information Commissioners Office on 0303 123 1113.

Lawful Basis for processing

We understand the 6 Lawful bases for data processing. We are usually only concerned with Consent and Contract:

Consent: We process information with the specific consent of the individual concerned, whether for our services or for referral to our professional partners. We require specific opt in consent Online and hard copy consent Offline regarding the use of their information.

Contract: Through a contractual relationship for the provision of products and services with full details of the contract whether Online or Offline.

Legal Obligation: When the processing is necessary for us to comply with the Law.

Vital Interests: When the processing is necessary to protect someone's life.

Public Task: When the processing is necessary for us to perform a task in the public interest or for an official function and the task or function has a clear basis in Law.

Legitimate Interests: When the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Data is held by us in secure electronic devices such as computers, Ipads, mobile phones and separate back up devices and servers.

Data is also held by us in paper form in files relating to clients which are secured by virtue of their location.

We have no plans to introduce new technology such as face recognition, biometrics or fingerprint recognition into its Data processing activities but if such a change is made or planned to be made We will complete a detailed Data Protection Impact Assessment and update this policy statement.

Children’s Data

As a general rule We do not contract with children to provide products or Services.

However, We may record details of client’s children if relevant and appropriate to our business activity or for the purpose of giving the client advice and may subsequently reference such children in records. In all cases We receive parental consent to record the child’s details.

Individuals Rights

We are aware of the individual’s rights protected by the GDPR and Data Protection Act 2018 as being the following:

The right to be informed; The right of access; The right to rectification; The right to erasure;  The right to restrict processing; The right to data portability; The right to object; The right not to be subject to automated decision making including profiling.

These rights are protected and included in the Privacy policy statement above with the exception that We do not conduct automated data processing activity or operate within areas where Data Portability would be encountered

Data Sharing

We will only supply data which personally identifies you to a third party or organisation:

Changes to this Policy

There may be developments in how we use your data according to changes in the Law. We reserve the right to make changes to this Data Protection and Privacy Policy at any time without notice and it is your responsibility to revisit this page from time to time to re-read this policy. Any revised terms shall take effect as at the date of posting.

If you don’t find your concern addressed here, feel free to contact us by emailing us at

Cookie Policy

Use of Cookies

In accordance with the GDPR we operate a "soft opt-in consent" policy. This means we give you opportunity to act before cookies are set on your first visit to our website. The cookie alert box on our homepage is fair notice, and continuing to browse is valid consent via an affirmative action.

The cookies we use record the pages of our site you visit and any interactive elements - such as forms - that you use. They can also record information on the visit date and time as well as internet browser and the device you use to access the site. We don’t collect any information that can identify you personally.

If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting.

You can find out much more about cookies at

Google Analytics

We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.