Placeholder Picture

Talk to Ted - Call for a free initial discussion or meeting

07484 138682

Placeholder Picture

Success Through Knowledge

PaperWasp Limited GDPR Processes

Information Held

• Contact Details: Client Name, Business Address, Email Address, Telephone Numbers
• Client DOB, NINO, Business Accounts, AML documents, Accountant Name
• Business Fact Find

Where did the information come from?

• Directly from the Client
• Directly from the relevant Service Partner

Who do we share the information with?

• Contact Details are shared with the relevant Service Partner
• AML details are shared with the relevant Service Partner

Communicating with Clients / Prospects

• Permission is requested to use Client / Prospect email addresses
• Permission is requested to communicate via Email or Post

Retention Periods

• Client information is retained in line with legal Guidelines
• Prospect information is retained until an advice decline is registered it is then deleted or a request to retain it is submitted
• Non-client data, where permission is received, is archived into a Dropbox ‘Decline’ folder

Individuals’ Rights to

• Be informed
• Access
• Rectification
• Erasure
• Restrict processing
• Data portability
• Object
• Not be subject to automated decision-making including profiling
• Data being in a structured commonly used and readable format

Access Requests

• We will not charge for non-excessive information requests (4 per year)
• We will respond within 48 hours
• We will supply the requested access information within one calendar month
• We will refuse or charge for manifestly unfounded or excessive access requests
• We will inform the requestor within 24 hours of a refusal or charge

Lawful basis for processing personal data

• To communicate an appointment venue, date and time
• To provide a letter of Engagement
• To provide a Client Advice Report
• To communicate weekly progress updates


• We will always ask permission to use a prospect or client email address
• We will always ask permission to communicate via post or email
• Clients without email will always be asked what information they would like to receive via the postal system
• We will always use an ‘opt-in’ / ‘opt-out’ process with Clients and Prospects


• We will always ask parents or guardian’s permission for holding data on children under the age of 16

Data Breaches

• All breaches will be notified to the person or persons concerned within 24 hours of discovery
• If relevant, ICO will be informed immediately that a breach is detected

Data Protection Officers

• Responsibility for data protection compliance sits with the Principal, Ted Shaw
• Data Protection processes will be validated by an External Company
• Data protection is only required for UK clients, we do not deal, Internationally

EJS 02/19 Rev. 1.1

PaperWasp Limited
Newbury | Berkshire | RG14
07484 138682

Registered Office: 27 Old Gloucester Street | London | WC1N 3AX
Registered in England and Wales No: 11890789

Business Training | Sales Team Training | Business Mentoring | Business Coaching | Business Strategy Training | Business Adviser | Business Advice

Privacy Policy