We respect the General Data Protection Regulations (GDPR) and this policy explains how we
collect and treat any information you give us.
Our policy covers
- Why we value your privacy
- How we collect information
- What information we hold
- Where we store your information
- What we use your information for
- Who’s responsible for your information at our company
- Who has access to information about you
- The steps we take to keep your information private
- Your rights
- Changes to the policy
Why we value your privacy
We value your privacy as much as we do our own, so we’re committed to keeping your
personal and business information safe. We collect and process personal information at the
start of, and for the duration of, your relationship with us. We’ll never use your personal
information for any reason other than why you gave it, and we’ll never give anyone access to
it unless we’re forced to by law.
How we collect information
We ask for contact information including your name, email address, and phone number on
our website so that we can reply to your enquiry.
We ask for your contact and personal information if we are going to work together and need
this information to be able to work efficiently and complete tasks for you.
Occasionally, we might receive your contact information from one of our partners. If we do,
we protect it in exactly the same way as if you give it to us directly.
What information we hold
- When you contact us by email or through our website, we collect your name, email
address, phone number, website and the company you work for, if you’ve given us that.
- If you do business with us, we also collect your business name and bank details and keep
records of the invoices we send you and the payments you make.
- We may invite you to use Gocardless to pay invoices.
- We do not collect more information than we need to fulfil our stated role and will not
retain it for any longer than is necessary.
Where we store your information
When you contact us by email or through our website, we store your information in Capsule,
our Customer Relationship Management (CRM) software. When you engage our services, your
information is stored in Harvest, our time-tracking software, and in Xero, our accounts
software. We also use Dropbox as a tool for our business where your contact details may also
appear. We chose these software systems partly for their commitment to security.
What we use your information for
We occasionally use your contact information to send you updates about Bay Tree VA and its
services. When we do, you have the option to unsubscribe from these communications and
we won’t send them to you again. We might also email or phone you about services, but if
you tell us not to, we won’t get in touch again. We will use your information to send you
invoices, statements, or reminders.
Who’s responsible for your information at our company
All Bay Tree VAs are responsible for the secure handling of contact details and personal
information. However, for any queries about the information we store, please e-mail our
Managing Director and Data Protection Officer, Jane Cattermole at email@example.com or
phone on 01284 828974.
Who has access to information about you
When we store information in our own systems, only the people who need it have access. Our
management team have contact information across our client base, but individual Bay Tree
VAs have access only to what they need to carry out their role.
The steps we take to keep your information private
Where we store your information in third-party services, we restrict access only to people who
The computers and mobile devices we use are all password protected. All passwords and
sensitive information we hold are stored securely, whether by manual or electronic means.
We have a ‘Data Protection and GDPR’ protocol document in our Bay Tree VA team handbook.
This outlines practical considerations so that our Bay Tree VAs comply with GDPR in their day-
to-day role as Data Processors.
You have the right to view, amend or delete the personal information that we hold about you.
Should you wish to request access to this information, please contact
firstname.lastname@example.org where upon we will request proof of identity and provide the
necessary information within 30 days.
If you have any reason to complain about the way we handle your privacy, please contact
Jane Cattermole by email at email@example.com or by phone on 01284 828974. If you’d
prefer to send a letter, please address it to
Bury St Edmunds,
Suffolk IP30 0HP.
Changes to the policy
If we change the contents of this policy, those changes will become effective the moment we
publish them on our website.