Inside the Business Mind PLC

Data Privacy Policy

At Inside the Business Mind PLC, we are committed to protecting your personal data and privacy. This policy outlines what data we collect, how we use it, and your rights under data protection laws, including GDPR.

Effective: 1 January 2025
Next Review: 1 January, 2026

1.     Introduction

This document lays out the Data Privacy Policy and Procedures (the “Policy”) for Inside the Business Mind Plc., outlining how the company, its director and any future employees or authorized collaborators collect and use personal data and how they align with data protection laws.

2.   Purpose

The purpose of the Policy is to comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws. It sets expectations and defines practices for:

  • Collection, handling and usage of personal data
  • Customer rights
  • Compliance with data protection laws.

3.   Scope

This policy applies to all personal data collected by the company in the course of its client outreach and engagements. It is intended to clarify what types of data may be collected, how it is collected, and for what purposes.

4.   Data Collection

  • The company collects personal data through various touchpoints to enable the delivery of its services. This may include data provided directly by the client or obtained through public sources for legitimate interest purposes
  • Contact details for the client, including but not limited to email, name, company, and phone number.
  • Client communications exchanged via email, scheduling tools such as Calendly, virtual assistants recordings, online and in-person sessions sessions.
  • Business related information that may contain personal data, such as customers or staff.
  • Publicly available information (e.g., LinkedIn, media)

5.   Legal Basis for Processing

The company processes personal data in accordance with applicable data protection laws, based on the following legal grounds:

  • Contractual necessity, in order to deliver its client advisory services and for any insights on client issues involving third parties.
  • Legitimate interest, for any communications and scheduling in the context of an existing or prospective business relationship.
  • Consent, for instance newsletter sign-ups or website subscription.

6.   Data Storage and Retention

Inside the Business Mind PLC takes appropriate technical and organizational measures to ensure personal data is securely stored and retained only as long as necessary.

  • All documents are stored in Microsoft SharePoint or Google Drive, both of which are protected by two-factor authentication.
  • Client notes and documents are retained throughout the duration of the project and for a year after the end of the relationship, after which they are archived for a period of no more than 3 years, after which they are permanently deleted, unless expressly indicated by the client.
  • The Virtual Assistant Fathom is used to record client calls and generate notes and actions, unless expressly indicated by the client
  • All recordings and notes are available to the client on demand
  • Recordings are retained in Fathom’s cloud systems for 30 days unless a client requests otherwise, and are automatically deleted thereafter.
  • Email communications are retained as needed for business and legal use.

7.   Data Access

  1. Access to personal data is restricted and governed by the principle of least privilege. The people who have access to the data are:
  2. The director of the company
  3. Collaborators only on a need-to-know, project-specific basis.
  4. The company does not share any third-party data without consent.

8.   Third-Party Data

  1. In some engagements, clients may share data relating to their customers or staff. The company handles this data with the same level of security and responsibility as any other personal data it holds.
  2. If clients share data about their own customers or employees:
  3. The company will treat this data confidentially and securely
  4. Clients are responsible for ensuring they have lawful grounds to share such data
  5. The data will only be used per the agreed scope
  6. Inside the Business Mind PLC does not process personal data on behalf of clients as a data processor unless explicitly contracted to do so.

9.   Client’s Rights

  • Clients and individuals whose data is processed have rights under data protection laws, which Inside the Business Mind PLC fully respects and upholds.
  • Right to access, rectify, or delete personal data
  • Right to restrict or object to processing
  • Right to data portability
  • To exercise any of these rights, individuals may contact the company at sara@insidethebusinessmind.com. Requests will be addressed in accordance with applicable data protection laws.

10.  Other Matters

The company may use anonymized case examples in blogs/writings to provide examples of the work provided.

This policy is reviewed annually or in response to material business or regulatory changes.