Privacy policy
This Privacy Statement governs the handling of personal data by We Got Your Back ('us', 'our', or 'we'), provided to us by you, either because (a) we request it for the supply of goods and/or services to us from you, or (b) we supply goods and/or services to you.
For the purpose of our staff and direct customers, We Got Your Back is registered as a 'data controller' in accordance with current data protection legislation, and we have given appropriate notifications to the ICO. We process personal data in accordance with current data protection legislation.
For our clients, we act as a 'data processor' for the purposes of our service provision to them and their staff, and we operate under the direct instructions of our clients' own data controller.
For queries regarding data protection matters, please contact:
We Got Your Back's Data Protection Officer at Data Protection Officer, 101 Wolverhampton Road, Codsall, Wolverhampton, England, WV8 1PFUK
or info@wegyb.com.
Personal Data:
We will not collect any personal data about you or your employees/personnel, except where it is specifically and knowingly provided, or where it is necessary for us to process or hold for the purposes of providing goods or services to you or your organization that has requested supply from us and where there is a valid legal basis.
Where we store your personal data:
We will process and store personal data you provide to us on our internal and external systems located exclusively within the EU. All our systems have been enabled with technical and organizational security measures and controls. We will only store your personal data for as long as necessary to meet contractual or legal requirements. If the personal information you provide us becomes inaccurate or out of date (e.g., contact information changes), please inform us as soon as possible so we can update our records.
Use of personal data:
We use personal data held about you as follows: (a) if you are a supplier of goods and/or services to us, we will:
Hold appropriate contact information for the goods or services we procure from you Make inquiries regarding your performance as a supplier Maintain a record of data protection impact assessments and processing records as required under data protection legislation Run internal reports for compliance purposes as required by us for internal audit purposes (b) if we are the provider of goods and/or services to your organization, we will only hold the information we are instructed to hold by your organization.
Unless otherwise agreed with you, we will not use any of your personal data for automated decision-making or profiling.
Disclosure of your Information:
We will not disclose your information to anyone outside We Got Your Back except where we are required or permitted by law.
Legal basis for processing:
Data protection legislation requires that we meet certain conditions before we can use your personal data as described in this Privacy Statement. For personal data which is not 'special category' as defined under data protection legislation, unless otherwise notified, we rely on a condition known as 'legitimate interests' to process your personal data for the above specified purposes. For example, it is in our legitimate interest to process your personal data in relation to your business contact names and contact details, where it is required by us, in order to procure goods and services from you as a supplier. It is also in our interest to administer and respond to inquiries about your appointment or potential engagement with us as a supplier of goods or services. To meet legal obligations under applicable data protection laws, we may hold necessary information as part of our data protection impact assessments (DPIA), compliance program, and record-keeping obligations. We will ensure that we keep the amount of data collected and the extent of any processing to a minimum to meet this legitimate interest.
Where we have been contracted by you or your organization to collect personal data, including 'special category', our legal basis for processing is 'in the execution of a legal contract'. We will only collect and process as instructed by you or your data controller.
Your rights in relation to your personal data: Under data protection legislation, you have the following rights in relation to your personal data if you are a supplier of goods & services to us:
The right to access your personal data by subject access request The right to have your personal data rectified if inaccurate/incomplete Subject to exceptions, the right to have data erased The right to object to direct marketing The right to not be subjected to automated decision-making (including profiling) where it produces a legal effect or significant effect on you The right to bring a civil action if there is a breach of your data subject rights If we are the provider of goods and/or services to you or your organization, you or your organization provides you with these rights.
If you are not satisfied with the way in which your personal data is held or processed by us, we would request that you raise a complaint with our Data Protection Officer at the contact details set out above in the first instance; however, you also have the right to complain in relation to data protection matters to the Information Commissioner Office (ICO).
Changes to this Privacy Statement:
This Privacy Statement is correct as of January 2024. We reserve the right to change the statement at any time with notice.