This is the Privacy Policy of SUMMIT BOOKKEEPING LTD
In this document, "we", "our", or "us" refers to SUMMIT BOOKKEEPING LTD
Our registered office is at Bryn Awel, Brithdir, Dolgellau, Gwynedd LL40 2RR
Our registered company number is 10641462
INTRODUCTION
This Policy outlines the data protection policies and procedures we have adopted and to which we abide to ensure we are GDPR (General Data Protection Regulation) compliant. The purpose of this Policy and any other documents referred to in it, is to clearly list and identify the legal requirements, procedures and rights which must be established when we obtain, process, transfer and/or store your Personal Data. This Policy will assist you in understanding the obligations, responsibilities and rights which arise from the Data Protection Laws.
Everyone has rights with regard to the way in which their Personal Data is handled. In order to operate efficiently we need to collate and use information about the people with whom we work. This includes current, past and prospective employees, clients, and others with whom we communicate.
This Privacy Policy applies to information that could identify you as an individual (“personal information”) and information that does not, including that which relates to your business. In the context of the law and this Policy, “process” means collect, store, transfer, use or otherwise act on information.
We are committed to the protection of your privacy and confidentiality. We recognise that you are entitled to know that your data will not be used for any unintended purpose and will not accidentally fall into the hands of a third party.
We have in place procedures and training for data protection, confidentiality and information security. These are regularly reviewed to ensure that they remain effective.
We regard the lawful and correct treatment of personal information as integral to successful operation and to maintaining the confidence of the people we work and communicate with. To this end we fully endorse and adhere to the principles of the relevant laws, including that required by the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you regarding the processing and control of your Personal Data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
We are registered as a Data Controller on the Register kept by the Information Commissioner’s Office.
DEFINITIONS
Data:
Information stored electronically, on a computer, server or in certain paper-based filing systems.
Data Controller:
Summit Bookkeeping Ltd has determined the purposes for which, and the manner in which, your Personal Data is processed. The Data Controller has overall responsibility for compliance with the Data Protection laws. Any questions about the operation of this Policy or any concerns that the Policy has not been followed should be referred in the first instance to the Directors at the Registered Office address.
Data Processor:
Any person or organisation that is not a Data User that processes Personal Data on our behalf and in accordance with our specific instructions. Our staff will be excluded from this definition but, the definition could include suppliers who handle Personal Data on our behalf.
Data Subjects:
All living individuals about whom we hold Personal Data. All Data Subjects have legal rights concerning the processing and storage of their personal information.
Data users:
Our employees whose work involves processing your Personal Data. Data users are responsible for the proper use of the data they process and must protect the data they handle in accordance with this Policy.
Enactment:
The General Data Protection Regulation 2017 (GDPR) applies, which regulates the way in which all Personal Data is held and processed.
Personal Data:
Information which can be used to directly or indirectly identify a living individual.
Processing:
Any activity in which the data is used, including (but not limited to) obtaining, recording, organising, amending, retrieving, using, disclosing, erasing, destroying and/or holding the data. The term “processing” also includes transferring Personal Data to third parties.
Supervisory Authority:
The Authorised Body which is empowered to govern and manage how the GDPR is implemented and abided by in a particular EU state. In the case of the UK the Supervisory Authority is the Information Commissioner’s Office (ICO).
Sensitive Personal Data:
This includes information about a person's race, ethnicity, political opinions, convictions, religion, trade union membership, physical and/or mental health, and sexual preference. Sensitive Personal Data can only be processed with the express written consent of the person concerned.
POLICY STATEMENT
In accordance with the GDPR anyone processing Personal Data must comply with the six principles of good practice.
Personal Data must:
1. be processed fairly, lawfully and transparently;
2. only be used for the purpose for which it was collected;
3. be adequate, relevant and not excessive for the purpose for which it is being processed;
4. be accurate and kept up-to-date;
5. not be kept longer than necessary to fulfil the purpose of its collection; and
6. be kept secure and protected from unauthorised processing, loss, damage or destruction [which includes the data not being transferred to a country or territory outside the European Economic Area unless the Personal Data is adequately protected and/or consent of the Data Subject has been provided].
1. FAIR, LAWFUL AND TRANSPARENT PROCESSING
For Personal Data to be processed lawfully, the basis for the processing must be one of the legal grounds set out in the Enactment. These include, among other things, your written consent to the processing, or that the processing is necessary for the performance of our contract with you.
In the event we collect Personal Data directly from you, this Policy should assist in informing you about:
1.1 The purpose or purposes for which we intend to process your Personal Data.
1.2 The types of third parties, if any, with which we may share or disclose your Personal Data.
1.3 The means by which you can limit our processing and disclosure of your Personal Data.
In most cases, your Personal Data will have been provided to us by you. However, with your consent, or if it is necessary in order to provide you with our services, we may have obtained your Personal Data from a third-party source.
When Sensitive Personal Data is being processed, additional conditions and securities must be in place to ensure protection.
2. PROCESSING FOR LIMITED PURPOSES
In the course of our business, we shall process the Personal Data we receive directly from you (for example, by you completing forms, sending us papers or from you corresponding with us by mail, phone, email or otherwise) and your Personal Data which we receive from any other source.
We shall only process your Personal Data to fulfil and/or enable us to satisfy the terms of our obligations and responsibilities as per our Agreement(s) with you or for any other specific purposes agreed with you and/or permitted by the Enactment. Should we deem it necessary to process your Personal Data for purposes outside and/or beyond the reasons for which it was originally collected, we will contact you first, to inform you of those purposes and our intent and may also apply for your consent.
3. ADEQUATE, RELEVANT NON-EXCESSIVE PROCESSING
We will only collect and process your Personal Data as required to fulfil the specific purpose/s of our contract and agreements with you.
4. ACCURATE AND UP TO DATE DATA
We shall ensure that all Personal Data held is accurate and up to date and will check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. If you become aware that any of your Personal Data is inaccurate, you are entitled to contact us and request that your Personal Data is amended. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
5. THE TIMELY PROCESSING OF THE DATA
We will not keep Personal Data longer than is necessary for the purpose or purposes for which it was collected. Once Personal Data is no longer required, we will take all reasonable steps to destroy and erase it or, in the case of paper records and where practicable, return it to you if requested to do so.
6. KEEPING YOUR PERSONAL DATA SECURE
Our employees and contracted personnel are bound by our privacy policies, procedures and technologies which maintain the security of all your Personal Data from the point of collection to the point of destruction.
We maintain data security by protecting the confidentiality, integrity and availability of your Personal Data, and when we do so we abide by the following definitions:
6.1 Confidentiality: We ensure that the only people authorised to use your Personal Data can access it.
6.2 Integrity: We will make certain that your Personal Data is accurate and suitable for the purpose for which it is processed.
6.3 Availability: We have established procedures which means that only our authorised Data Users should be able to access your Personal Data if they need it for authorised purposes.
We also maintain security procedures which include, but are not limited to:
6.4 Secure lockable rooms, desks and cupboards – rooms, desks and cupboards shall be kept locked if they hold your Personal Data and only accessed by authorised personnel.
6.5 Methods of disposal - paper documents containing Personal Data are shredded and digital storage devices shall be physically destroyed when they are no longer required.
6.6 Training - Data Users shall be appropriately trained and supervised in accordance with this Policy which include requirements that computer monitors do not show confidential information to passers-by and that Data Users log off from or lock their PC/electronic device when it is left unattended.
6.7 IT - our computers have appropriate password security, boundary firewalls and effective anti-malware defences. We routinely back-up electronic information to assist in restoring information in the event of disaster and our software is kept up-to-date with the latest security patches.
6.8 Separation, Pseudonymisation & Encoding - one or all of the following measures shall be applied to the Personal Data held:
• separating the Personal Data and/or;
• pseudonymisation and/or;
• the encoding of the data
6.9 We will ensure that this Policy is kept updated in response to any amendments to the law.
We shall take appropriate security measures against unlawful and/or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, your Personal Data.
We shall only transfer your Personal Data to a Data Processor (a Data User outside our business) if the Processor agrees to comply with our procedures and policies, or if the Processor puts in place security measures to protect Personal Data, which we consider adequate and are in accordance with the Enactment.
TRANSFERRING PERSONAL DATA OUT OF THE EEA
We shall only knowingly transfer any Personal Data we hold to a country outside the European Economic Area ("EEA"), if one of the following conditions applies:
• The country to which your Personal Data shall be transferred ensures an adequate level of protection and can ensure your legal rights and freedoms;
• You have given your consent that your Personal Data is transferred;
• The transfer is necessary for one of the reasons set out in the Enactment, including the performance of a contract between you and us, or to protect your vital interests;
• The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims;
• The transfer is authorised by the ICO and we have received evidence of adequate safeguards being in place regarding the protection of your privacy, your fundamental rights and freedoms, and which allow your rights to be exercised.
The Personal Data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those Data Users may be engaged in, among other things, the fulfilment of contracts with you, such as the processing of payment details and/or the provision of support services.
HOW WE USE YOUR PERSONAL DATA
We provide a range of services to businesses and personal clients. We aim to process data, whether Personal Data or not, only to the extent necessary for us to provide our clients with our services and for other agreed purposes.
We may aggregate information in a general way and use it to provide class information. If we use it for this purpose, you as an individual will not be personally identifiable.
We will only collect and process your Personal Data to the extent that it is needed to fulfil our operational and contractual needs or to comply with any legal requirements.
We shall access and use your Personal Data in accordance with your instructions and as is reasonably necessary:
• to fulfill our specific contractual obligations and responsibilities to you;
• to provide, maintain and improve our services;
• to respond to your requests, queries and problems;
• to inform you about any changes to our services and related notices, such as security and fraud notices.
If we intend to use your Personal Data for the advertising and marketing of our services and/or the services of our affiliates, we shall seek your separate express consent and you are entitled to opt out of these services at any time.
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
PERSONAL CLIENTS
If you are a personal client, Personal Data that we may process may include contact information, information about your business activities, information about your family members, and financial information such as that relating to your income, expenses, taxation and investments. Some of our services may also require us to process information deemed to be “Sensitive Personal Data” such as your race or ethnic origin, information about your health and medical history, information about your sexual life and orientation, criminal records, and information about your political, religious or philosophical beliefs.
In most cases, your Personal Data will have been provided to us by you. However, with your consent, or if it is necessary in order to provide you with our services, we may have obtained your Personal Data from a third-party source.
THIRD PARTIES CONNECTED TO CLIENTS AND SUPPLIERS
We may process your Personal Data if you have a personal or business connection with any of our clients or suppliers. For example, you may be a family member, business partner, other adviser, supplier or transaction counterparty.
The data we process may include contact information, information about business activities, information about partners, directors, employees, information relating to employment remuneration and payroll, and financial information such as that relating to income, expenses, taxation and investments.
We may be given your Personal Data by our clients or suppliers, or by third parties acting on the instructions of a client or a supplier.
We ask our clients and suppliers to bring this Privacy Policy to your attention as soon as they become aware that we process your Personal Data.
SUPPLIERS
If you supply our business with goods or services, including subcontracted services that we supply to our clients, then we may process your personal information. However, we do so only to the extent necessary to contract with you.
In most cases, your Personal Data will have been provided to us by you. However, sometimes we use third parties such as credit rating agencies to make decisions regarding our relationship.
WHEN WE MAY SHARE YOUR PERSONAL DATA
There are times when we may need to share your Personal Data. This section discusses how and when we might share your Data.
It may be necessary for us to disclose your Personal Data in certain situations:
• We may need to share your Personal Data with certain bodies to fulfill our contract with you such as your suppliers, contractors and sub-contractors, HMRC, ICB and other governmental and/or regulatory bodies.
• We use various software providers to process electronic data, including Personal Data. These include (but are not limited to) Sage, Xero, Kashflow, Iris, Quickbooks, BrightPay and Keytime.
• We use secure external servers to process/store our electronic records, including your Personal Data. These include (but are not limited to) Carbonite, iCloud and OneDrive.
All our software and service providers state that they are GDPR compliant and/or apply equivalent/adequate safeguards. Their updated Privacy Policies can be viewed on their websites or by emailing us at success@summit.wales
Additionally, it may be necessary for us to disclose your Personal Data to other third parties:
• If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, lawful requests, court orders and legal process. • To enforce or apply any contract or other agreement with you.
• To protect our rights, property, or safety and that of our employees, members, or others, in the course of investigating and preventing money laundering and fraud.
THE BASES ON WHICH WE PROCESS PERSONAL INFORMATION
The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.
If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.
If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
INFORMATION WE PROCESS BECAUSE WE HAVE A CONTRACTUAL OBLIGATION
We may process personal information when a contract has been formed with our business and processing is necessary to carry out our obligations under that contract, or when processing Personal Data is necessary in order to form a contract.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
INFORMATION WE PROCESS WITH YOUR CONSENT
If you have given us explicit permission to do so, we process your personal information under the basis of consent.
For example, you might have agreed that we may pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by emailing us at success@summit.wales. However, if you do so, you may not be able to use our services or our website further.
INFORMATION WE PROCESS FOR THE PURPOSES OF LEGITIMATE INTERESTS
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information on this basis, we do so after having given careful consideration to:
• whether the same objective could be achieved through other means
• whether processing (or not processing) might cause you harm
• whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
We may process your data on this basis for the purposes of:
• record-keeping for the proper and necessary administration of our business
• responding to communication from you to which we believe you would expect a response
• protecting and asserting the legal rights of any party
• insuring against or obtaining professional advice that is required to manage business risk
• protecting your interests where we believe we have a duty to do so
INFORMATION WE PROCESS BECAUSE WE HAVE A LEGAL OBLIGATION
Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to share information to legal or tax authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include your personal information.
SPECIFIC USES OF INFORMATION YOU PROVIDE TO US
COMMUNICATING WITH YOU
When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.
DEALING WITH COMPLAINTS
If we receive a complaint, we may record all the information you have given to us and use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
If the complaint relates to information on our website and we feel it is justified or if we believe the law requires us to do so, we shall remove the information while we investigate.
If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
We may compile statistics from information relating to complaints to assess the level of service we provide, but not in a way that could identify you or any other person.
OFFICE VISITORS
If you visit our office you may be required to sign in on arrival. We may keep a record of your visit in order to maintain the security of our premises, your safety and the safety of other visitors.
We keep the record of your visit only for as long as necessary, and in any case, for less than two years.
Closed circuit television (CCTV) may be used at our premises and surrounding area in order to deter and to help investigate crime.
We may process personal information including images and behaviours on the basis of legitimate interests.
This information may be shared with the data subject, our employees and agents and the police.
CUSTOMER RELATIONSHIP MANAGEMENT SYSTEM
We may use a customer relationship management (CRM) system to process Personal Data.
Data Subjects include existing, former and prospective clients and their agents and representatives.
Personal Data that we process includes the name of the person, information about his or her employer and job position, and contact information.
We process this data on the basis of consent for purposes that include:
• managing and developing our business or services
• informing clients and prospective clients about our services
• determining relationships between clients and our partners and employees
• analysing whether we provide clients with a high level of service
We do not sell or share any Personal Data with third parties unless we have explicit consent to do so from the data subject.
JOB APPLICATIONS AND EMPLOYMENT
If you send us information in connection with a job application or enquiry, we may retain your information in case we decide to contact you at a later date.
If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years (or longer if deemed necessary) before destroying or deleting it.
USE OF INFORMATION WE COLLECT THROUGH AUTOMATED SYSTEMS WHEN YOU VISIT OUR WEBSITE
Our websites are hosted in the UK.
COOKIES
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved. Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely. Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
Our website may use cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.
When you first visit our website, we may ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose. If you choose not to use cookies or you prevent their use through your browser settings, you may not be able to use all the functionality of our website.
We may use cookies in the following ways:
• to track how you use our website
• to record whether you have seen specific messages we display on our website
• to keep you signed in to our site
• to record your answers to surveys and questionnaires on our site while you complete them
PERSONAL IDENTIFIERS FROM YOUR BROWSING ACTIVITY
Requests by your web browser to our servers for web pages and other content on our website may be recorded. We may record information that could identify your location, such as your IP address. We may also record information reported by the software you are using to browse our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you. If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website. However, our policy is not to use such data for the purpose of personal identification.
DISCLOSURE AND SHARING OF YOUR INFORMATION
INFORMATION WE OBTAIN FROM THIRD PARTIES
Although we do not disclose your personal information to any third party (except as set out in this Policy), we may sometimes receive data that is indirectly made up from your personal information from third parties whose services we use. No such information is personally identifiable to you.
THIRD PARTY ADVERTISING ON OUR WEBSITE
Third parties may advertise on our website. In doing so, those parties, their agents or other companies working for them may use technology that automatically collects information about you when their advertisement is displayed on our website. They may also use other technology such as cookies or JavaScript to personalise the content of, and to measure the performance of their adverts. We do not have control over these technologies or the data that these parties obtain. Accordingly, this Privacy Policy does not cover the information practices of these third parties.
YOUR RIGHTS CONCERNING YOUR PERSONAL DATA
We will process and manage all your Personal Data in line with your rights. In particular your rights to:
• request access to any data we hold about you;
• prevent the processing of your Personal Data for direct-marketing purposes, if so instructed;
• ask to have inaccurate Personal Data amended;
• be forgotten, and have all relevant Personal Data erased (subject to our overriding legal obligations);
• prevent processing which is likely to cause damage or distress to you or anyone else;
• request certain restrictions on the processing of your Personal Data;
• receive a copy of your Personal Data and/or request a transfer of your Personal Data to another Data Controller;
• not be subject to automated decision making;
• be notified of a data security breach which affects your rights and freedoms, without undue delay;
• if you have provided your express consent that your Personal Data may be processed for marketing and advertising purposes, you are entitled to withdraw that consent. Such a withdrawal will not affect any processing of the data completed before consent was withdrawn; and
• to make certain requests to us concerning how your Personal Data is managed.
ACCESS AND PORTABILITY REQUESTS
You are entitled to request access to your Personal Data unless providing a copy would adversely affect the rights and freedoms of others.
You can also request information about the different categories and purposes of data processing; recipients or categories of recipients who receive your Personal Data, details on how long your Personal Data is stored for, information on your Personal Data's source and whether the Data Controller uses automated decision-making.
You also have “Data Portability” rights which includes the right to request a copy of your Personal Data be sent to you or transmitted to another Data Controller.
CORRECTION REQUESTS
You are entitled to request we correct or complete your inaccurate or incomplete Personal Data without undue delay and we will update the information and erase or correct any inaccuracies as required.
ERASURE REQUESTS
You can exercise your “right to be forgotten” and can request we erase your Personal Data. On receiving a request we will erase the Personal Data without delay, unless an exception applies that permits us to continue processing your data. Details of such exceptions are contained in the Enactment and include situations where we might need to retain the information to carry out our official duties and/or comply with legal obligations and/or for the establishment of exercising or defending legal claims, or it is in the public interest to retain your Personal Data.
RESTRICTION REQUESTS
You may request restrictions be applied to the processing of your Personal Data for some specific reasons such as you contest the accuracy of the data, the processing is unlawful or if we no longer need to process your Personal Data. You can also request restrictions be applied if the processing is being done for public interest or third-party reasons.
If such a request is received we can continue to store your Personal Data, but may only process it under certain circumstances, for example:
• you give consent for us to continue processing your data
• we need to establish, exercise, or defend legal claims, or
• we need to protect the rights of another individual or legal entity or for important public interest reasons.
OBJECTION REQUESTS
You may also object to your Personal Data being processed under certain circumstances, including for direct marketing purposes and profiling related to direct marketing. If we receive such an objection we will stop processing your Personal Data unless we can show a compelling legitimate ground for processing your Personal Data which overrides your interests and the basis of your request.
RESPONDING TO YOUR REQUESTS
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
Upon receiving a request from you concerning your Personal Data, we will respond within one month of receiving the request by email (unless you request a response in an alternative format).
If we are unable to immediately comply with your request we will inform you within our response stating whether we need to extend our response time (for up to a maximum of two months), along with an explanation for the delay. If we do not take any action within one month after receiving your request, you are entitled to request an explanation from us as to why no action was taken and you may make a complaint to the ICO:
Information Commissioner's Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113
casework@ico.org.uk
We will not be entitled to charge for the provision of your Personal Data, unless the requests are manifestly unfounded or excessive, particularly if it is repetitive in which case we may refuse to act on the request or request a fee to cover the associated administrative costs.
RETENTION PERIOD FOR PERSONAL DATA
Except as otherwise mentioned in this Privacy Policy, we keep your personal information only for as long as required by us:
• to provide you with the services you have requested;
• to comply with other law, including for the period demanded by our tax authorities;
• to support a claim or defence in court.
OTHER MATTERS
IF YOU ARE NOT HAPPY WITH OUR PRIVACY POLICY
If you are not happy with our Privacy Policy or have any complaint then you should tell us in the first instance by emailing us at success@summit.wales
If a dispute is not settled then we will attempt to resolve it by engaging in good faith with you in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office. This can be done at https://ico.org.uk/concerns/
REVIEW OF THIS PRIVACY POLICY
COMPLIANCE WITH THE LAW
Our Privacy Policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you.
REVIEW
We keep our Privacy Policy under regular review and reserve the right to amend and update the Policy as required. Where appropriate, we will notify you of those changes by mail, email and/or by placing an updated version of the Policy on our website.
If you have any question regarding our Privacy Policy, please email us at success@summit.wales
EXPLANATORY NOTES
Privacy Policy
General notes
The EU Data Protection Directive (95/46/EC), implemented as the
General Data Protection Regulation, or the GDPR, became law on 25 May 2018.
In the UK, the Data Protection Bill enshrines the law in the GDPR,
making it applicable even after the UK leaves the European Union.
SUMMIT BOOKKEEPING LTD
www.summit-inspiration.com
success@summit.wales