Data Protection Policy

When we talk about 'Data Protection Law,' we mean the rules in the United Kingdom that protect your privacy, like the UK GDPR, the Data Protection Act 2018, and other related laws.

​

In simple terms, this policy outlines how we collect, use, share, store, and get rid of your personal information. Everyone at Happy Business, including our employees, agents, contractors, and anyone else working with us, must follow the rules and principles mentioned here at all times.

• Consent: This is when you agree to let us use your personal information. It has to be given freely, with clear information, and a positive action from you to show that you're okay with it.

• Data Controller: This is the person or organisation that decides why and how your personal information is used. In our case, Happy Business is the data controller for all personal data related to our staff, customers, partners and business contacts,  used for our business purposes.

• Data Processor: This is a person or organisation that handles personal data on behalf of a data controller.

• Data Subject: This is you – a living person whose personal data we have.

• EEA (European Economic Area): This includes all EU Member States, Iceland, Liechtenstein, and Norway.

• Personal Data: Any information that can identify a person directly or indirectly, like a name, ID number, location data, or other specific details about someone.

• Personal Data Breach: When there's a security problem leading to accidental or unlawful loss, access, or disclosure of personal data.

• Processing: Any action we perform on personal data, like collecting, storing, or sharing, whether done manually or using machines.

• Pseudonymisation: Changing personal data in a way that it can't be linked to a specific person without using additional information.

• Special Category Personal Data: Extra-sensitive personal data, like details about race, political beliefs, health, etc.

3.1 Commitment to Fairness:

We are not just following the rules; we're committed to treating your personal data correctly, lawfully, and fairly. We respect everyone's legal rights, privacy, and trust.

3.2 Contacting Our Data Protection Officer:

If you have any questions about this policy or data protection laws, reach out to our Data Protection Officer, Beckie Pascoe, at beckie@happy-business.co.uk. They are in charge of making sure this policy is followed and developing related guidelines.

3.3 Responsibilities:

All directors, managers and associates must ensure that everyone working for us follows this policy. They need to put in place practices, processes, controls, and training to make sure we're doing things right.

3.4 When to Consult the Data Protection Officer:

Always get in touch with our Data Protection Officer in the following situations:

• If you are unsure about the legal basis for collecting, holding, or processing personal data.

• When relying on consent to collect, hold, or process personal data.

• If you are uncertain about how long to keep a particular type of personal data.

• When creating or updating privacy notices or similar documents.

• If you need help dealing with a data subject's rights or a subject access request.

• In case of a suspected or actual personal data breach.

• If you are unsure about the security measures needed to protect personal data.

• When sharing personal data with third parties.

• If transferring personal data outside the UK and have questions about the legal basis.

• Before starting significant new processing activities or making major changes to existing ones, requiring a Data Protection Impact Assessment.

• When using personal data for different purposes than originally collected.

• If there's any automated processing, including profiling or automated decision-making.

• For assistance in complying with the law related to direct marketing.

4.1 Fair and Transparent Processing: 
We promise to handle your personal data fairly, lawfully, and transparently.
4.2 Specific and Legitimate Collection: 
We will only collect your data for clear and legitimate reasons. We will not use it for anything else unless it is for important public, scientific, historical, or statistical purposes.
4.3 Just Enough Information: 
We will only gather the data that's necessary for the reasons we told you about.
4.4 Accuracy and Timeliness: 
We will make sure your data is accurate and, if needed, update it. If something is wrong, we will fix it quickly.
4.5 Limited Storage Duration: 
We will keep your data for as long as needed for the reasons we collected it. If we need to keep it longer for public, scientific, historical, or statistical purposes, we will use extra measures to protect your rights.
4.6 Secure Processing: 
We will keep your data safe from unauthorised or unlawful use, accidental loss, destruction, or damage. We will use the right technical and organisational methods to ensure its security.
These principles ensure that we follow the law and respect your rights. If you have any questions, feel free to ask our Data Protection Officer.

5.1 Right to Information: 
You have the right to be informed about how and why we process your data.
5.2 Right of Access: 
You can request access to the personal data we hold about you.
5.3 Right to Rectification: 
If your data is incorrect, you can ask for it to be corrected.
5.4 Right to Erasure (Right to be Forgotten): 
You have the right to request the deletion of your personal data.
5.5 Right to Restrict Processing: 
You can limit how we use your data in specific circumstances.
5.6 Right to Data Portability: 
You can obtain a copy of your data for your own use.
5.7 Right to Object: 
You have the right to object to certain uses of your data.
5.8 Rights with Respect to Automated Decision-Making and Profiling: 
If decisions about you are made by machines without human involvement, you can challenge them.
These rights, outlined in the UK GDPR, empower you to control and protect your personal data. If you have questions or want to exercise these rights, feel free to reach out to our Data Protection Officer.

6.1 Legal and Fair Processing:

We promise to process your personal data legally, fairly, and transparently, without harming your rights. The processing of personal data shall be lawful if at least one of the following applies;

• If you give us permission (consent).

• If it is necessary for a contract or before entering into one.

• If we have a legal obligation.

• If it is to protect someone's life.

• If it is for public tasks or official authority.

• If it is for our legitimate interests, but not if it harms your fundamental rights and freedoms, especially if you are a child.

6.2 Special Category Data:

If the data we are dealing with is sensitive, we will meet one of these conditions:

• If you explicitly agree, and the law allows it.

• If it is needed for employment, social security, or social protection laws, following the law or a collective agreement.

• If it is to protect someone's life and they cannot give consent.

• If we are a non-profit body with certain aims, and it is related to our legitimate activities.

• If you make your data public.

• If it is for legal claims or during court actions.

• If there is a substantial public interest and it is proportionate and respects your rights.

• If it is for health-related reasons, following the law and safeguards.

• If it is for public health, like protecting against serious health threats, following the law and safeguarding your rights.

• If it is for public interest, scientific research, or historical purposes, following the law and safeguarding your rights.

These rules make sure we are responsible and transparent in handling your data. If you have questions, contact our Data Protection Officer.