Goodwille Ltd, under company number 02126896 and with registered office address of 24 Old Queen Street, London, SW1H 9HP (“Business”, “we”, “us”, “our”), is registered with the Information Commissioner’s Office (“ICO”) under the registration number Z7104359. Our details can be viewed at: https://ico.org.uk/ESDWebPages/Entry/Z7104359.
We will process your personal data in accordance with this policy, in the course of providing our services and advice in the areas of Governance, Finance, Human Resources, Payroll and Virtual Offices, including access to our website (“Services”).
Here at Goodwille Ltd, we are the processor of your personal data, which means that we have direct legal obligations under the data protection laws and that we are subject to regulation by supervisory authorities. We respect and value your privacy and are committed to protecting your personal data. Your personal data will be kept confidential and will never be sold to third parties. We will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
If you have any questions about this policy, please contact our Data Protection Officer at:
Name: Alexander Goodwille
E-mail address: Alexander.Goodwille@goodwille.com
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third Party Links
Data protection by design and default
We are required by law to put in place appropriate technical and organisational measures to implement the data protection principles effectively, having regard to the nature of our business, and safeguard individual rights. We endeavour to consider our data protection practices upfront in everything we do. It can help us to ensure that we comply with the GDPR’s fundamental principles and requirements in our efforts to ensure transparency and accountability. Please see below how we comply with this obligation:
- We consider data protection issues as part of the design and implementation of systems, services, products and business practices.
- We make data protection an essential component of the core functionality of our processing systems and services.
- We anticipate risks and privacy-invasive events before they occur and take steps to prevent harm to individuals.
- We only process the personal data that we need for our purposes(s), and that we only use the data for those purposes.
- We ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
- We provide the identity and contact information of those responsible for data protection both within our organisation and to individuals.
- We adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
- We provide individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
- We offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
- We only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
- When we use other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
- We use privacy-enhancing technologies, such as (PETs) to assist us in complying with our data protection by design obligations.
What is Personal Data?
“Personal data” means any information relating to an identified or identifiable natural person, known as ‘data subject’, who can be identified directly or indirectly; it may include name, address, email address, phone number, IP address, location data, cookies and similar information. It may also include “special categories of personal data” such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a data subject, data concerning health or data concerning a natural person’s sex life or sexual orientation.
How is your personal data collected?
|Direct interactions||You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
o request our services;
o create an account on our website;
o subscribe to our service or publications;
o request marketing to be sent to you;
o enter a survey; or
o give us feedback or contact us.
|Third parties or publicly available sources||o Companies House and other public registers;
o diligence platforms; and
o Social Media primarily LinkedIn.
|Technical Data||We may receive your Technical Data from the following sources:
o directly from you.
|Contact Data||We may receive your Contact Data from the following sources:
o directly from you / your employer (which may be routed via client HR or Manager; and
o websites, where it is publicly available
|Financial Data||We may receive your Financial Data from the following sources:
o directly from you;
o from third parties such as credit rating agencies;
o from providers of technical, payment and delivery services; and
o websites, where it is publicly available.
|Transaction Data||o directly from you; and
o from providers of technical, payment and delivery services.
Where we are required to process special categories of personal data relating to data subjects where such data has not been anonymised, we ensure that any transfer to and processing by us is on the lawful transfer basis under the data protection legislation.
Where you purport to transfer personal data relating to any identifiable individual, you must first make sure that you have a lawful basis to do so. If not, you must immediately cease to process any such data and must not transfer it to anyone else.
How do we use your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Please note that provision of certain personal data is mandatory in order for us to comply with mandatory client due diligence requirements and consequently to provide the Services. If you are unable to provide the relevant personal data required to comply with our legal obligations and/or our terms of business, we may not be able to provide the services to you.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications (marketing of services which are not specifically tailored to you) to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Where we have indicated that we use our legitimate business interests or legitimate interests of a third party commercial partner, we always disclose the nature of such interest and process personal data on the basis of such interests only in the circumstances where they are not infringing on data subjects’ rights and freedoms.
We will only process personal data, in accordance with applicable law, for the following purposes (and other compatible purposes):
- responding to your queries, requests and other communications;
- providing the Services, including, where applicable, procuring acts from foreign organisations;
- enabling suppliers and service providers to carry out certain functions on our behalf in order to provide the Services, including web hosting, data storage, identity verification, technical, logistical, courier or other functions as applicable;
- ensuring the security of the Business and preventing or detecting fraud;
- administrating our business, including complaints resolution, troubleshooting of our website, data analysis, testing of new features, research, statistical and survey purposes;
- developing and improving our Services;
- as you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
- complying with applicable law, guidelines and regulations or in response to a lawful request from a court or regulatory body.
If we need to use your data for any unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
How will we share your information?
We share your personal details with:
- people within our organization who are involved in carrying out the processing described above;
- our subsidiaries or associated offices;
- our suppliers and service providers to facilitate the provision of Services, including couriers, translators, IT consultants, web hosting providers, consultants for example, in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- successor or partner legal entities on a temporary or permanent basis for the purpose of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event relating to a Business. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;
- public authorities where we are required by law to do so; and
- any other third party where you have provided your consent.
We will also share your personal information:
- if we think this is necessary to in order to protect the rights, property, or safety of our business, our employees, our partners, or our customers. This includes sharing information for the purposes of fraud protection and credit risk reduction.
- with government authorities and/or law enforcement officials if required by law.
Opting out and updating your personal information
You have the right to withdraw consent at any time. Please note that we may not be able to provide our Services if you withdraw consent for us to use your personal data. You can also update your personal information at any time. If you wish to do either, contact us at firstname.lastname@example.org.
You can ask us to stop contacting you with regards to direct marketing at any time by emailing email@example.com or by following the opt-out links on any marketing messages sent to you.
International transfer of your personal data
Your personal information may be stored and processed outside of the country where it is collected, including outside of the European Economic Area. When transferring information to others, within the EEA or otherwise, we ensure that appropriate and suitable safeguards and technical measures are in place to protect your personal data. To do this, we make use of standard contractual clauses that have been approved by the European Commission, or we implement other similar measures required by laws around the world. If you would like further information about this, please contact us at firstname.lastname@example.org.
Retention of personal data
We will only keep records of your personal information for as long as is reasonably necessary for the purposes for which we have collected it, and in order to comply with any statutory or regulatory obligations in relation to retention of records. We respect requests to stop processing your personal data for marketing purposes. This includes keeping a record of your request indefinitely so that we can respect your request in future.
We may keep an anonymized form of data, which will no longer refer to you and therefore is not considered to be personal data, for statistical purposed without time limits.
Security of personal data
We will implement technical and organisational security measures in order to prevent unauthorised access to your personal data. However, please be aware that the transmission of information via the interest is never completely secure. Whilst we can do our best to keep our own system secure, we do not have full control over all processes involved in, for example your use of our website or sending confidential material to us via email, and we cannot therefore guarantee the security of your information transmitted to us on the web.
Data subject rights
Under certain circumstances, you have rights under the relevant data protection laws in relation to your personal information. Your rights are explained below:
- Right to make a subject access request (SAR)
Data subjects may request in writing copies of their personal data. However, compliance with such requests is subject to certain limitations and exemptions and the rights of other data subjects. Each request should make clear that a SAR is being made. You may also be required to submit proof of your identity and payment, where applicable.
- Right to rectification
Data subjects may request that we rectify any inaccurate or incomplete personal data.
- Right to withdraw consent
Data subjects may at any time withdraw their consent to the processing of their personal data carried out by the business on the basis of previous consent.
- Right to object to processing, including automated processing and profiling
We do not make automated decisions. We may use third party due diligence platforms which provide recommendations about data subjects by automated means. We will comply with any data subject’s objection to processing unless we have a compelling overriding legitimate ground for the processing, the processing is for the establishment, exercise or defence of legal claims or we have another lawful reason to refuse such request. We will comply with each valid opt-out request in relation to marketing communications.
- Right to erasure
Data subjects may request that we erase their personal data. We will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping the personal data, such as, our archiving obligations that we have to comply with.
Data subjects may request that we restrict our processing of their personal data in various circumstances. We will comply, unless there is a lawful reason for not doing so, such as, a legal obligation to continue processing your personal data in a certain way.
- Right to data portability
In certain circumstances, data subjects may request the controller to provide a copy of their personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. To the extent such right applies to the Services, we will comply with such transfer request. Please note that a transfer to another provider does not imply erasure of the data subject’s personal data which may still be required for legitimate and lawful purposes.
- Right to lodge a compliant with the supervisory authority
We suggest that data subjects contact us about any questions or complaints in relation to how we process personal data, however, each data subject has the right to contact the relevant supervisory authority directly.
Businesses We Helped Enter The UK