Privacy policy

This privacy policy tells you about the information we collect from you when you use our website. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

1. WHO WE ARE AND HOW TO CONTACT OUR DATA PROTECTION OFFICER

We are Shafi Consultancy Ltd. Our address is:

Shafi Consultancy Limited, Regus House, Highbridge, Oxford Road, Uxbridge, Middlesex, UB8 1HR, United Kingdom.

You can contact us by post at the above address, by email at dpo@shaficonsultancy.com or by telephone on +44 (0)1895 876 533.

Any enquiries about our use of your personal data should be addressed to the contact details above.

2. WHAT KINDS OF PERSONAL INFORMATION ABOUT YOU DO WE PROCESS?

Personal information that we’ll process in connection with all of our products and services, if relevant, includes:

  • Personal and contact details, such as title, full name, contact details and contact details history, organisation name
  • Records of your contact with us such as via the phone number of our company and, if you get in touch with us online using our online services
  • Products and services you hold with us, as well as have been interested in and have held and the associated payment methods used
  • Financial details about you, such as your payment method(s) and history

3. WHAT IS THE SOURCE OF YOU PERSONAL INFORMATION?

We’ll collect personal information from the following general sources:

  • From you directly
  • Information generated about you when you use our products and services

4. WHAT DO WE USE YOUR PERSONAL DATA FOR?

We use your personal data, including any of the personal data listed in section 2 above, for the following purposes:

  • Managing the product or service you have with us
  • Managing any aspect of the product or service

5. WHAT ARE THE LEGAL GROUNDS FOR OUR PROCESSING OF YOUR PERSONAL INFORMATION?

We rely on the following legal bases to use your personal data:

  1. Where it is needed to provide you with our products or services, such as:
    2. a) Assessing an application for a product or service you hold with us, including consider whether or not to offer you the product, the price, the payment methods available and the conditions to attach
    b) Managing products and services you hold with us, or an application for one
  2. Where it is in our legitimate interests to do so, such as:
    3. a) Managing your products and services relating to that, updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate)
  3. To comply with our legal obligations
  4. With your consent or explicit consent:
    5. a) For some direct marketing communications

6. WHEN DO WE SHARE YOUR PERSONAL INFORMATION WITH OTHER ORGANISATIONS?

We may share information with the following third parties for the purposes listed above:

  • Business partners (for example, financial services institutions, insurers), account beneficiaries, or others who are a part of providing your products and services or operating our business

7. HOW AND WHEN CAN YOU WITHDRAW CONSENT?

You can withdraw this at any time by contacting us using the details in section 1 of this policy

8. IS YOUR PERSONAL INFORMATION TRANSFERRED OUTSIDE THE UK OR THE EEA?

We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.

9. PROFILING AND AUTOMATED DECISION MAKING

We do not use any forms of profiling and automated decision making.

10.  HOW LONG IS YOUR PERSONAL INFORMATION RETAINED BY US?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
  • For as long as we provide goods and/or services to you
  • Retention periods in line with legal and regulatory requirements or guidance.

11.  YOUR RIGHTS AS A DATA SUBJECT

Here is a list of the rights that all individuals have under data protection laws.

  • The right to be informed about the processing of your personal information
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • The right to object to processing of your personal information
  • The right to restrict processing of your personal information
  • The right to have your personal information erased (the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it
  • The right to move, copy or transfer your personal information (“data portability”)
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the information in section 1 of this policy.