Privacy Policy

Prepared by:
Enhance Support Solutions Limited
The Market House
14 Market Square
Winslow
Buckingham
MK18 3RW
Company Number: 06314634
ICO Registration Number: ZA127339
For simplicity, through this document Enhance Support Solutions Limited is referred to as ‘Enhance’, ‘we’, ‘us’
or ‘our’.
25 May 2018
Enhance Support Solutions Limited: Privacy Notice – May 2018
PRIVACY NOTICE:
ENHANCE SUPPORT SOLUTIONS LIMITED

Introduction

The purpose of this notice is to provide information regarding the types of personal data collected by Enhance
and the way in which we use, share and store that information.
Enhance is a compliance, technical support and training consultancy that provides services to financial
services businesses, primarily but not exclusively, those involved with administering pension schemes. As such
data, some of which is personal data, is captured by us ordinarily in the following ways:
1) Visitors to our website;
2) Through holding details of the individuals within businesses that use our services, or have enquired about
using our services;
3) In connection with the services we provide to our clients, being sent details of their clients; and,
4) Details of people who are not clients of Enhance but to whom we may invite to information seminar
events;
Each of these is covered in more detail below. For each category, we explain as applicable whether personal
data is held and in what form, what the data is used for, with whom it may be shared, how the data is
protected, the legal bases relied on for holding the data and how long we will retain the data.
We also cover any international aspects of holding personal data and who to complain to should you need to.
If there are any questions arising from any of these, please do get in touch.

 

Visitors to our website

When someone visits enhancesolutions.co.uk certain non-identifiable information is collected to allow analysis
about the number of visitors to the website and their behaviour patterns once there – for example, what pages
were visited and for how long. No personal data is saved within the website. Where someone wishes to
contact us via the website, an email is triggered to an Enhance ‘enquiries’ email address. This data is stored
within our email system, rather than within the website.

Data item Description
Is personal data held, if so in what form? No personal data is held
What is the data used for? To analyse the visitor activity to our website
With whom may it be shared? Any (non-personal) data collected is not shared
How is the data protected? Not applicable as not personal data
The legal bases relied on for
holding the data.
Not applicable as not personal data.
How long is the data retained
for?
Not applicable as not personal data

Our cookie policy can be found at our website enhancesolutions.co.uk

Our clients and potential clients

Enhance provides services to business (‘our clients’) rather than to consumers. Consequently, much of the
data we hold on our clients, or potential clients enquiring about our services, relates to their business rather
than personal data. However, in order to communicate with our clients via email, we will hold personal data in
the form of email addresses, in particular where the email address identifies an individual (as opposed to a
more general ‘enquiries’ email address).

Data item Description
Is personal data held, if so in
what form?
Yes, personal data is held in respect of email addresses that identifies an
individual. This is in respect of existing and potential clients
What is the data used for? The data is used for communicating with our clients. Communication
includes responding to email enquiries from our clients and for sending
information, such as updates, invites to events or briefings, as part of the
service provided to our clients
With whom may it be shared? We do not ordinarily share our clients email addresses with anyone else
save for where, as part of our services to our clients, we share these email
addresses with a partner where, for example, we are jointly organising a
seminar
How is the data protected? As per our Client Agreement, we take client confidentiality seriously. Any
devices used by Enhance personnel where data is held are password
protected.
The email system we use is hosted by Zen Internet, a well respected and
established provider, using a Linux web-hosting account, with inherent
ecurity protocols embedded.
Data is also stored within:
• Dropbox (Business/Team version), the security protocols for which can
be found at https://www.dropbox.com/business/trust/security
• Solve360 - a CRM system supplied by the Norada Corporation - which
is password protected - their data safeguarding protocols can be found
at https://solve360.com/data-protection/
• Xero, our accounting software system, which is a well-known and
established accounting software package from which invoices are
issued to our clients. This too is password protected - their security
policy can be found at https://www.xero.com/uk/about/security/
The legal bases relied on for
holding the data.
We hold client data for the purpose of performing a contract.
For prospective clients who have enquired about our services, we hold the
data on the basis of this being a specific step (i.e. preparing and
communicating a proposal), which may result in a contract being
performed.
We may also retain data on a ‘legitimate interest’ basis, for example but
not exclusively, where we no longer have contractual obligations with a
client, however there may be a reason why we would like to get in touch or
there is some other reason why we should retain the personal data
How long is the data retained
for?
Unless there is a legitimate reason for us to retain personal data, we will
use reasonable endeavours to delete data six years after the contractual
obligation has ended.

Personal data held by our clients

Through the provision of services to our clients, there will be times when their clients’ personal data is viewed
by or provided to Enhance. Examples include, but not restricted to, where Enhance undertakes client file
reviews as part of an audit or where an Enhance client has a query relating to one of their clients.
As a general protocol in light of General Data Protection Protocols, in such cases Enhance’s practice is to try
and avoid holding personal data in such cases by taking steps to anonymise the data through simply referring
to a surname only and where a client reference number is present, ensuring that not all digits are shown.

Furthermore, within reviews of personal data conducted by Enhance – typically onsite compliance reviews – our
preferred methodology is to simply access our clients’ systems, rather than being sent details of personal data
for us to review. This means that personal data of our clients’ clients remains onsite and within their data
control environment.

Data item Description
Is personal data held, if so in
what form?
Personal data in respect of one of our clients’ clients may be held by us
where details are sent to Enhance by our client in line with their data
sharing policy.
As per the commentary above, our preference is to avoid us holding such
data.
What is the data used for? The personal data may be shared with Enhance by one of our clients in
espect of the services we provide. Examples include, but are not limited
o, where we are asked to review a client file for compliance purposes or to
provide technical support. Enhance does not ‘process’ this data.
With whom may it be shared? We will not share such ‘third-party’ data. The only exception to this is
where we are asked to share such data by our client under their role as
data controller. An example of this is where we have been asked to
comment on a complaint case and our client asks us to share this with
their lawyers and/or insurers
How is the data protected? As stated in the introductory narrative to this section, our preference is for
us not to hold personal data of our clients’ clients.
As per our Client Agreement, we take client confidentiality seriously. Any
devices used by Enhance personnel where data is held are password
protected.
The email system we use is hosted by Zen Internet, a well respected and
established provider, using a Linux web-hosting account, with inherent
security protocols embedded.
Data is also stored within:
• Dropbox (Business/Team version), the security protocols for which can
be found at https://www.dropbox.com/business/trust/security
• Solve360 - a CRM system supplied by the Norada Corporation - which
is password protected - their data safeguarding protocols can be found
at https://solve360.com/data-protection/
• Xero, our accounting software system, which is a well known and
established accounting software package from which invoices are
issued to our clients. This too is password protected - their security
policy can be found at https://www.xero.com/uk/about/security/
The legal bases relied on for
holding the data.
Any personal data referred to in this section supplied to Enhance by one of
our clients, will be subject to our clients’ lawful bases for holding and
sharing that data, in their capacity of data controller
How long is the data retained
for?
Unless there is a legitimate reason for us to retain personal data forwarded
to us, we will delete such data once the reason for using it has concluded.
For example, if a new business spreadsheet or client illustration is sent to
us as part of a compliance review, once we have reviewed that document,
it will be deleted from our system.

Individuals who are not clients of Enhance with whom we may wish to communicate

From time to time, there may be occasions where we wish to communicate with individuals who are not clients
of Enhance and therefore do not fall within the categories above. For example, we may be involved with
facilitating an industry-specific seminar to which we would like to invite clients and non-clients.

Data item Description
Is personal data held, if so in
what form?
Yes, personal data is held in respect of email addresses that identifies an
individual. Such data is likely to be held in a spreadsheet or our email
system if we communicate with you
What is the data used for? The data is used for communicating with our individuals who are not
clients of Enhance. Communication includes sending information, such as
invites to events or briefings, to people who we think may be interested
With whom may it be may it be
shared?
We may share these email addresses with a partner where, for example,
we are jointly organising a seminar.
How is the data protected? We take client confidentiality seriously. Any devices used by Enhance
personnel where data is held are password protected.
The email system we use is hosted by Zen Internet, a well respected and
established provider, using a Linux web-hosting account, with inherent
security protocols embedded.
Data is also stored within: Dropbox (Business/Team version), the security
protocols for which can be found at https://www.dropbox.com/business/
rust/security
The legal bases relied on for
holding the data.
Data is retained on a ‘legitimate interest’ basis on the basis that we believe
that the individuals whose data we hold may be interested in the
information we wish to send them
How long is the data retained
for?
We will retain the data for as long as we believe there is a legitimate
interest to hold the data. Any individual to whom we communicate to on
this basis can ask for their data to be removed (subject to there being no
other contractual or legitimate reason to retain the data within the previous
sections of this privacy notice).

Individuals rights (right of access, right to rectification, right to erasure and right to object)

You have a right to request a copy of the data that we hold about you. You also have the right to request that
information we hold about you which may be incorrect, or which has changed since you first told us, is
updated.
You can ask us, via the contact details below, to limit the way in which we are using your information; or,
object to certain types of processing; or to request that we erase the personal data we hold for you. We will do
our best to comply with your request unless we have to use the information for legitimate business or legal
purposes.

International matters

We do not transfer data outside of the UK.

Questions, concerns or complaints

We hope this Privacy Notice has been helpful in setting out how we hold and use your data.
If you have any questions, concerns or complaints regarding how we hold or use your data then please
contact kevin.jack@enhancesolutions.co.uk
If you feel that we have not handled any concerns or complaints adequately or you feel we have not handled
your data correctly, you can lodge a complaint with the Information Commissioners Office.
You can contact them:
By calling 0303 123 1113; or,
Online at www.ico.org.uk/concerns
Enhance Support Solutions Limited: Privacy Notice – May 2018
Enhance Support Solutions Limited: Privacy Notice – May 2018