Write Oneself

Privacy Notice

The Purpose of this privacy notice is to explain how Write Oneself referred to as “WO” hereafter, processes personal data to fulfil its data protection responsibilities. Specific privacy notices for clients/ third parties will be provided if needed.

The Role of WO in data protection terms is that of a data controller where it determines the purpose and use of personal data collected. Once received it becomes the responsibility of the WO privacy manager (PM) contactable using. . The PM ensures that all processing accords with the latest UK data protection legislation.

The sort of personal data collected by WO will be basic contact details sufficient to be able to respond to general enquiries and for sales purposes.

WO’s duty of confidentiality means that WO staff will treat your personal data with due respect and in confidence. It is only disclosed to those that need to know it. We expect the same duty of confidentiality from all third parties with whom WO shares personal data. Data processing agreements are in place when required.

WO processes personal data against a lawful basis and such instances are described below:

  • We will pursue our legitimate interests to respond to your general enquiries and stay in touch with you, for marketing purposes, if you have been our client
  • To comply with our legal obligations
  • When it is necessary for the performance of a contract and its prior preparation, typically when preparing for a sale and the subsequent delivery
  • When processing for a pre-defined purpose for which your consent will be sought prior to the processing commencing – please note that consent can be withdrawn at any time by contacting the PM

In all cases the processing of personal data by WO shall be done in accordance with the principles of data protection.

WO will share personal data, on a ‘need to know’ basis with some or all of the following:

  • The Inland Revenue (HMRC) for invoice purposes
  • An IT support company that is subject to a data processing agreement
  • Accountants appointed by WO for payment handling and related record keeping
  • Unspecified recipients but only when compelled to do so for legal reasons

WO will process your personal data in the UK and the EU and all business data, including email, are backed up using a replicated systems based in the UK and the EU. WO uses appropriate technical and organisational measures to safeguard all personal data.

WO follows a retention schedule to determine the length of time it holds different types of personal data. The retention schedule is shown below:

  • Routine correspondence that is unrelated to contractual work or service-related queries will be retained for 2 years
  • Contact data is stored indefinitely unless a valid request to erasure is received from the interested data subject
  • For former customers, we will retain your details indefinitely after the conclusion of our contractual obligations to you, unless you request that we remove them
  • Invoice related information will be retained for 6 years after the tax year in which they were created
  • By exception, documentation that includes personal data may be retained by WO beyond the schedule, but only for a specific purpose and only when WO believes it has a legitimate interest or a legal obligation to do so

At the end of the retention schedule WO will either return, destroy or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, it will put it beyond operational use. It should be noted that WO allows up to 3 months after the retention schedule to complete the action.

Where the WO website uses non-essential cookies, and similar technologies, you will be asked for consent prior to their use.

The UK General Data Protection Regulation defines the rights that you have, although these do not apply in all situations. For convenience, these rights are shown below:

  • Right to be informed as to how we process your personal data – this is done through this notice
  • Right to access your personal data held by us which is done by making a ‘Data Subject Access Request’ (DSAR) to the PM
  • Right to rectification of your personal data if you believe we have collected it incorrectly or it needs to be updated
  • Right to erasure of your personal data for which we no longer have a legitimate purpose to process
  • Right to restrict processing under certain circumstances, during which time your personal data but will be out of operational use until the related matter is resolved
  • Right to data portability of your personal data in a machine-readable version, but this only applies to data that has been provided with consent or under contract
  • Right to object to our processing your personal data for which it does not have a legal or contractual obligation
  • Rights related to automated decision making and profiling (although we do not use these techniques in its decision making)

Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.

Raising concerns, exercising rights or making queries about our processing of your personal data can be done by contacting the PM. Be aware that we will need to verify your identity before responding fully. This may involve asking you for documentary proof that, in context, will enable us to confirm your identity. Alternatively, you may contact the ICO directly without referring to us first, although naturally we would welcome the first opportunity to address your concerns or queries.

v1.0

June 2023

Subscribe to our newsletter