At Small Biz Support ("us", "we", or "our"), we recognise the importance of privacy and are committed to safeguarding your personal information. This privacy policy statement is an integral part of our commitment to compliance with the General Data Protection Regulation (GDPR), which came into force in the United Kingdom on 25th May 2018. This regulation enhances data subject rights and imposes new obligations on organisations regarding the handling and processing of personal data.

1. Purpose of This Statement

The purpose of this statement is to outline our readiness and preparations for compliance with the GDPR. We have undertaken an extensive GDPR-readiness program, utilising both internal resources and external advisors trained in GDPR regulations.

2. Information and Security Audit

Small Biz Support has conducted an internal data-mapping exercise to identify the types of personal data we collect, their sources, and usage. Additionally, a security audit has been performed to ensure appropriate measures are in place to protect personal data.

3. Lawful Basis of Processing

In accordance with GDPR, we have identified lawful bases for each processing activity based on the results of our information audit. These bases are documented in our privacy notices.

4. Privacy Notices

Our privacy notices have been updated to include all necessary information required by GDPR. This includes details about Small Biz Support as the data controller, contact information for our data protection officer, purposes of processing, lawful bases, data subject rights, and procedures for exercising those rights.

5. Internal Policies and Procedures

We have developed and implemented new policies and procedures to address data protection issues efficiently. These include a Privacy Policy guiding staff on the appropriate use of personal data and procedures for handling subject access requests, data breaches, objections to direct marketing, and other GDPR-related matters.

6. Client Agreements

A Data Protection Addendum has been added to our standard terms of engagement, ensuring compliance with GDPR requirements for contracts between data controllers and processors. This addendum outlines the responsibilities of Small Biz Support when processing personal data on behalf of clients.

7. Third-Party Processors

We endeavour to ensure that all contracts with third-party processors handling personal data on our behalf include relevant controller-processor clauses, in line with GDPR requirements.

8. Staff Training

All staff members have undergone data protection awareness training, covering GDPR principles and key aspects of data protection law relevant to Small Biz Support's operations.

We are committed to maintaining the highest standards of data protection and privacy. If you have any questions or concerns regarding our privacy practices or the handling of your personal data, please contact us at [Insert Contact Information].

Thank you for entrusting Small Biz Support with your personal information.