Data Privacy Policy

Effective Date: June 7, 2025

Business Name: Somerset VA

Contact Email: clare@somersetva.co.uk

1. Introduction

Somerset VA ("we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our virtual assistant services, visit our website, or interact with us in any other way.

We comply with all applicable UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Somerset VA is a virtual assistant business providing administrative, organisational, and support services to clients. Our primary contact email is clare@somersetva.co.uk.

3. Information We Collect and Use

We collect or use the following personal information for various purposes as detailed below. We will only use your personal data when the law allows us to.

A. For the operation of client or customer accounts:

We collect or use the following personal information:

  • Names and contact details: To identify you and communicate with you about your services.

  • Addresses: For billing and service delivery purposes.

  • Purchase or service history: To manage your past and current service engagements.

  • Account information, including registration details: To administer your account and provide access to our services.

  • Information used for security purposes: To verify your identity and ensure the security of your account.

  • Marketing preferences: To respect your choices regarding marketing communications.

  • Technical data, including information about browser and operating systems: To ensure the proper functioning and security of our online services.

  • Service-Specific Data: Any information you provide to us directly related to the virtual assistant services you request (e.g., meeting notes, document content, task details). This data will be processed strictly for the purpose of delivering the agreed services.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

  • Consent: We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

  • Legal obligation: We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object, and the right to data portability.

B. For information updates or marketing purposes:

We collect or use the following personal information:

  • Names and contact details: To send you updates and marketing communications.

  • Marketing preferences: To ensure we only send you communications you wish to receive.

Our lawful basis for collecting or using personal information for information updates or marketing purposes is:

  • Consent: We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

C. For dealing with queries, complaints or claims:

We collect or use the following personal information:

  • Names and contact details: To identify you and respond to your query or complaint.

  • Addresses: To correspond with you formally if required.

  • Payment details: To address any payment-related issues or refunds.

  • Account information: To access your service history relevant to the query.

  • Purchase or service history: To understand the context of your query or complaint.

  • Customer or client accounts and records: To review past interactions and service details.

  • Financial transaction information: For resolving financial discrepancies.

  • Correspondence: Records of our communications to ensure proper resolution.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Consent: We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

  • Legal obligation: We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object, and the right to data portability.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect information about criminal convictions and offences.

4. Where We Get Personal Information From

We collect your personal information directly from you through various interactions. This includes when you:

  • Request information about our services.

  • Engage us to provide virtual assistant services.

  • Subscribe to our newsletter or other publications.

  • Enter a competition, promotion, or survey.

  • Give us feedback or contact us.

As you interact with our website, we may also automatically collect Technical Data about your equipment, browsing actions, and patterns using cookies, server logs, and other similar technologies. We may also receive personal data about you from third parties or publicly available sources, such as analytics providers (e.g., Google Analytics).

5. Lawful Bases and Data Protection Rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website (www.ico.org.uk).

Which lawful basis we rely on may affect your data protection rights, which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

  • Your right of access: You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.

  • Your right to rectification: You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

  • Your right to erasure ("the right to be forgotten"): You have the right to ask us to delete your personal information.

  • Your right to restriction of processing: You have the right to ask us to limit how we can use your personal information.

  • Your right to object to processing: You have the right to object to the processing of your personal data.

  • Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

  • Your right to withdraw consent: When we use consent as our lawful basis, you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

6. Data Security

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Prospect Data – 3 years
Customer, Supplier, Associate, Affiliate data – 6 years from last financial transaction

For more information on how long we store your personal information or the criteria we use to determine this, please contact us using the details provided above.

8. Data Sharing and Disclosure

We may share your personal data with the following parties:

  • Service Providers: We may share your data with third-party service providers who assist us in operating our business and providing our services (e.g., IT support, payment processors, cloud storage providers, accounting services). These providers are contractually obliged to keep your data secure and to use it only for the purposes for which we disclose it to them.

  • Professional Advisers: We may share your data with our professional advisers (e.g., lawyers, accountants) as required for professional advice.

  • Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction.

We will never sell your personal data to third parties.

9. International Transfers

We do not transfer your personal data outside the UK. However, if our third-party service providers transfer your personal data outside the UK, they are required to ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK.

  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

10. Cookies

Our website may use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

11. How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using by emailing: clare@somersetva.co.uk

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

The ICO’s address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Helpline number: 0303 123 1113 Website: www.ico.org.uk

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time by publishing a new version on our website. We will notify you of any significant changes where required by law. Please check this page occasionally to ensure you are happy with any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: clare@somersetva.co.uk