The essential guide to HR for new businesses

Posted on
The essential guide to HR for new businesses

Hiring staff is a great way to boost your capacity and grow your business. Your employees will spend a lot of time at work, and hopefully devote their energy and enthusiasm to making your business a success, so make sure they’re safe, secure and well looked-after. There’s a lot to consider - and a whole heap of paperwork - but there’s also lots of support and guidance available from the Government.

What are the legal requirements for hiring staff in the UK?

In the UK, there are several key requirements that you must meet before you can employ staff. These include registering as an employer with HMRC, running payroll, issuing an employment contract and meeting the national minimum wage. Check out our comprehensive list below before hiring your first team member. If you're still just thinking about taking on staff, read our article on seven things to consider before hiring staff for your startup.

In this guide you'll learn about the need to:

1. Register as an employer

2. Set up payroll

3. Check your responsibility for workplace pensions

4. Get Employers’ Liability insurance

5. Understand the National Minimum / Living Wage

6. Register with the Information Commissioners Office

7. Provide legally required Health and Safety information

8. Draw up your employment contract

9. Check your employee’s right to work in the UK

10. Find out if they need a DBS check

1. Register as an employer

First things first, you need to register as an employer with HMRC. This means you can pay your employee - and the taxman - what they’re owed.

- Register on the gov.uk/register-employer website

- Do it no more than two months before you start paying someone, but before their first payday

- You’ll receive your employer PAYE reference number within 20 working days

You must then tell HMRC whenever you take on a new staff member

- Register your employee online with HMRC using a Full Payment Submission

- You’ll receive their payroll ID number so that you can pay them

2. Set up payroll

As an employer, you’re legally responsible for payroll and PAYE…but what does that mean?

- PAYE means Pay As You Earn. It’s the UK government’s system to collect income tax directly from employers on behalf of their employees. PAYE is why – as a worker – you have tax taken out of your wages.

- Payroll is the process that a business uses to pay their employees.

There are two ways to run payroll. You can do it yourself, with the help of some trusty payroll software, or you can pay a payroll provider to do it for you. Whichever you choose, you will need to collect and keep records of your employee details so that you can pay the relevant tax. If you don’t, you could face a hefty financial penalty. You need to record:

- What you pay your employees

- Any deductions you make (tax, NI, pensions, student loans, charitable payroll giving, child maintenance)

- Employee leave and sickness absence

- Taxable expenses or benefits (such as a company car)

- Any employee tax code changes during the year

If you decide to run payroll yourself, HMRC has a list of recommended payroll software. The good news for small businesses is that this is free if you have fewer than 10 employees.

3. Check your responsibility for workplace pensions

Most people dream of retiring and unlocking their pension pot to fund new-found leisure time. Taking up a hobby, maybe buying a caravan… And, as an employer, you get to make that dream come true. Happy days!

Every employer in the UK – no matter how small – must put eligible staff into a workplace pension. This is called ‘automatic enrolment’. As a new employer, your duties begin on the day your first employee starts work.

Eligible staff means anyone who:

- is aged between 22 and state pension age

- AND earns more than £833 per month

If you have staff who meet these criteria, you’ll need to provide a pension scheme. You should pick a scheme that is regulated by the Financial Conduct Authority. Find out more at www.tpr.gov.uk/choose

If you don’t have staff who meet these criteria, you don’t need to provide a pension scheme but you still need to declare your compliance to the pension regulator. Failing to declare compliance can attract a financial penalty, so make sure you do.

You can find out more about automatic enrolment on The Pension Regulator’s website.

4. Get Employers’ Liability insurance

Accidents at work happen - much as we wish they didn’t – so it is important to be protected against any costs as a result of injury or illness caused by your business.

Employers’ Liability insurance helps you pay compensation if an employee gets injured when working for you.

As soon as you become an employer, you must have EL that:

- covers you for at least £5m

- comes from an authorised insurer

You can face massive fines for not complying with this - £2,500 for every day you’re not insured – so don’t scrimp on this. It is an employer essential, not a nice-to-have.

5. Understand the National Minimum / Living Wage

Setting the salary you’re going to pay employees has legal, financial and moral considerations. What you choose to pay staff impacts on your ability to recruit employees, and their ability to live their lives whilst they work for you.

The government have a set minimum wage that all employees are entitled to. The actual amount depends on the age of the employee.

- Young people from school leaving age to 24 are entitled to the National Minimum Wage

- Adults over the age of 25 are entitled to the National Living Wage

The living wage is a little higher than the minimum wage and designed to meet all the essential needs that workers have. Apprentices and young people under school leaving age also have minimum pay requirements. These are lower as they don’t have the same living expenses as adults.

We’ve not included the rate here because it changes every April. You can find the most up-to-date rate on the gov.uk website. We can tell you that the fine for not paying minimum wage is £20,000 per employee though, and it’s a criminal offence.

Remember that these are minimum wages only. You’ll want to look at the market rate to attract the type of employee you want, and remember that good salary and employee benefits are a key way to recruit and retain the best staff.

6. Register with the Information Commissioners Office

The Information Commissioners Office are the data protection regulator. All the stuff you’ve heard over the last few years about GDPR? That’s these guys. They’re responsible for protecting our personal data, which is massively important when you think about the information we share with companies every day.

Any individual or organisation that processes personal data needs to pay a data protection fee to the ICO (some exemptions apply, like MPs!). As an employer, you’ll be recording sensitive personal identification information, such as name, address, date of birth and more.

The ICO have a handy self-assessment tool for sole traders that will help you determine your compliance with data protection law.

7. Provide legally required Health and Safety information

Employers are required, by law, to display an approved HSE poster. Or provide their employees with the equivalent leaflet.

If you choose to display the poster, you need to display a copy in all of your business premises.

Alternatively, you can download the HSE leaflet for free at the Health and Safety Executive website.

You’ll need to adhere to Health & Safety Executive guidance on workplace safety. You’ll need to have a H&S policy, a risk assessment process, first aid on site, and appropriate welfare facilities.

You’ll also be responsible for fire safety at your premises: this means carrying out regular fire assessments, putting appropriate fire safety measures in place, providing staff with fire safety training and information.

These lists are illustrative but you should check www.gov.uk for the most up-to-date information on your legal responsibilities for staff safety, which vary massively depending on your industry.

8. Draw up your employment contract

It is important that everyone knows where they stand with employment. So it is wise to draw up an employment contract between you and your new employee.

This doesn’t have to be overly formal if that’s not your style. But it does need to include a written ‘statement of employment particulars’.

This includes all of the information about the business and the role. Things like business name and address, job title, employment duration, salary. From 6 April 2020 there are additional items that need to be included so check the gov.uk website when you're drawing up your contract.

Find out the full list on the Written Statement of Employment Particulars page of the Gov.uk website.

9. Check your employee’s right to work in the UK

Before you employ someone, you must check they’re allowed to work in the UK. If you don’t – you guessed it – you can face a financial penalty.

Usually this means checking their passport and birth certificate. The gov.uk website has an online tool to guide you through the types of documentation they accept.

You’ll need to check the documents are genuine and take a copy for your records. They may be checked by the government at a later date, so you need to be able to prove you followed the correct process.

10. Find out if they need a DBS check

Some employees need a DBS check. DBS is the Disclosure and Barring Service, which records whether people have criminal convictions that prevent them from doing certain types of work.

There are four levels of checks:

Basic

Standard

Enhanced

Enhanced with barred lists

DBS checks are designed to protect the public from exposure to people who may present a risk to them. An enhanced check is required for certain types of job, such as working with children or in healthcare.

You can check which DBS check is right for your employee on the gov.uk website.

Further reading

Are you a recruitment rookie or a rockstar? Take our quiz and find out

Thinking about hiring staff for the first time? Here's seven things to think about before hiring staff for your startup

Ready to get going but don't know where to start? Our 8-step guide on how to recruit staff can help

Interested in affordable business finance for your startup? See what you can borrow with our startup loan calculator

Sources:

www.gov.uk website, 08/01/2020

Information correct at time of publication, Jan 2020

Share

Newsletter signup

read more
Privacy Notice & Cookies Policy

Privacy Notice - Scope

We take your privacy seriously and are committed to maintaining the trust and confidence of our clients, visitors to our website and subscribers to our newsletter. Maintaining the security of your data is critical and we have implemented measures to ensure your privacy rights are respected and applied. We commit to process your data fairly, legally and to be transparent about how we do so.

This notice, which applies whether you use our services or use our website, explains our approach to data integrity and your individual rights.

This notice does not apply to pages hosted by our referral partners, independent consultants and associates.

By using our services, you consent to the collection, use and transfer of your information under the terms of this notice.

Put simply, we set out what we are going to do with your data in this Privacy Notice.

·        We ask you to read this Privacy Notice to ensure you are happy with the way that Smarta will process your data.

·        We ask you to confirm that you agree with our Privacy Notice when you confirm your decision to enter into a customer relationship with us.

·        We provide the option to opt into the different marketing options that you prefer.

The processing of personal data is governed by the General Data Protection Regulation 2016/679 (GDPR).

The notice may change from time to time so please check for updates.

If you need further details or are unsure in any way, please contact us at hello@gosmarta.com.

 

Who are we?

Smarta is a trading name of Transmit Start-Ups Ltd, which is a Limited Company registered in England. (referred to as “Smarta”, “we”, “our” or “us” in this notice).

Our registered number is 08702257.

Our registered office is Northern Design Centre, Baltic Business Quarter, Abbott's Hill, Gateshead, NE8 3DF.

 

What personal information do we collect and process?

Smarta is what is known as the controller of the personal data you provide to us. We collect personal data about you which may also include any special types of information or location-based information.

We collect and process your data in the following circumstances:

·        When you use our services

·        When you register to join Smarta or access our eLearning/online courses

·        When you join the small business directory

·        When you use our website

·        When you sign up for our mailing list

·        When you complete the contact form on our website

·        When you contact us through other means such as email, telephone, or web chat

 

Smarta may collect the following information about you:

·        Your name, date of birth and gender

·        Your ethnicity, qualification levels and employment status

·        Your contact details: postal address, telephone numbers (including business, personal & mobile numbers) and e-mail address

·        Your device’s IP address

·        Your online browsing activities on our website

·        Your communication and marketing preferences

·        Your interests, preferences, feedback and survey responses

·        Your location

·        Your correspondence and communications with us

·        Other publicly available personal data, including any which you have shared via a public platform (such as a LinkedIn profile, Twitter feed or public Facebook page).

·        Information about your business

 

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this notice. Some of the above personal data is collected directly, for example when you engage with us. Other personal data is collected indirectly, for example your browsing activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.

Smarta deliver our services under contract on behalf of other organisations, for example to offer business coaching, mentoring or consultancy services, or access to eLearning. When you register with one of our partners we may receive and process personal information form them (such as your name and contact details as provided by you).

 

Why do we collect and process your personal information?

We only collect and process the information needed to effectively provide our services to you, as well as for contact and communication purposes.

We will use your personal information as part of the reporting process we have agreed with any partner organisations we provide services for.

We will use your personal information as part of our internal reporting processes.

 

How is your personal information used?

We use your personal data:

·        To provide services to you

·        To effectively communicate with you

·        To respond to your enquiries

·        To make our website and other social media content available to you

·        To verify your identity

·        To assess your eligibility for our services and those that we deliver on behalf of other organisations

·        For crime and fraud prevention, detection and related purposes (if mandated by law)

·        To contact you (with your agreement) electronically about promotional offers and services which may interest you

·        For market research purposes and to better understand your needs

·        To enable us to manage service interactions with you

·        To ensure compliance with our contractual obligations, including auditing and reporting, we have in providing our service to you

·        Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute)

·        Test new systems and check upgrades to existing systems to improve our service delivery

·        Help improve our products and services, for quality control, security, internal record keeping and other business needs

·        To effectively manage our business and our relationships with you, partners and consultants

Certain types of personal information, such as gender and ethnicity, are used only as part of our contractual reporting requirements, for the purposes of monitoring and promoting equal opportunities.

 

The lawful basis for processing your personal information

Legitimate interest

We may collect, hold and process your personal data on the basis of legitimate interest where it is necessary in order for us to fulfil our needs as a business and to be able to provide you with our services, including, but not limited to:

·        To send you information about our services

·        To communicate with you about your enquiry

·        Facilitating introductions to our partners, or network of consultants, mentors and coaches

·        Communicating and reporting to the organisations for whom we are contracted to deliver support

·        Handling customer contacts, queries, complaints or disputes

·        Protecting customers, employees and other individuals and maintaining their safety, health and welfare

·        Promoting, marketing and advertising our products and services

·        Understanding our customers’ behaviour, activities, preferences, and needs

·        Improving existing products and services and developing new products and services

·        Complying with our legal and regulatory obligations

·        Preventing, investigating and detecting crime, fraud or anti-social behaviour, including working with law enforcement agencies

·        Protecting our employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us and our staff

·        Effectively handling any legal claims or regulatory enforcement actions taken against us

·        Fulfilling our duties and obligations to our customers, staff, colleagues, shareholders and other stakeholders.

 

Consent

We collect, hold and process your personal data on the basis that you give us consent when you accept this Privacy Notice.

We will seek your consent to hold and process your data when you sign up to our mailing list. If you chose not to sign up to our mailing list we will still communicate with you when necessary as part of our contractual obligations.

You remain in control of the personal data you share with us. You can change your preferences at any time, by choosing whether you want to give consent to your data being processed for specific types of communication and / or communication channels.

 

Vital Interest

We may use your personal information to contact you if we reasonably believe that the processing of your personal data will prevent or reduce any potential harm to you. This type of notification is in your vital interest.

 

Legal Obligation

We may use and process your personal data to comply with our legal obligations, if it is genuinely needed for law enforcement, to identify you as an individual if you contact us, or to verify the accuracy of your data.

 

Contract

We may use and process your personal data where it is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

 

Who we share your personal information with

Our service providers and suppliers

In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include cloud storage and IT providers, organisations we deliver our services on behalf of, and our network of consultants, mentors and coaches.

We only allows our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to us and to you, and for no other purposes.

 

Other third parties

Aside from our service providers, we will not disclose your personal information to any third party unless we are legally obliged to do so, or you provide your consent for us to do so (for example to access third party resources). We will never sell or rent our customer data to other organisations for marketing purposes.

Examples of where we may be legally obliged to share your personal information include:

·        Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so;

·        To comply with our legal obligations;

·        To exercise our legal rights (for example in court cases);

·        For the prevention, detection, investigation of crime or prosecution of offenders; and

·        For the protection of our employees and customers.

 

Where your personal information is stored

Your information is stored on dedicated hardware used by Smarta and all data is held and backed up within the UK or EU, or is covered by the EU-US Privacy Shield Framework.

We use Dropbox for Business for the storage of electronic files.

Where you communicate with us by email, we may store copies of the emails. Our email service is provided through Google Workspace.

We use a cloud-based Customer Relationship Management (CRM) system, HubSpot, and a cloud-based task management system, Monday, that allow us to manage and record our work with clients in an efficient manner. Where you access our services because we have been contracted by another organisation your personal information may also be added to their Customer Relationship Management system.

Website data is stored within a MariaDB database in a secure hosting environment. The only way to access the database is via a server console or via SSH. Images and assets are securely hosted on a service called S3 - which is an Amazon Web Service (AWS) service. Only authenticated users within the site have access to push files to this location.

 

How we keep your personal information secure

We are committed to keeping your personal data safe and secure.

Our security measures include:

·        Encryption of data

·        Back up of data

·        Password management

·        Implementing risk management and data impact assessment analysis

·        Regular cyber security assessments of all service providers who may handle your personal data

·        Security controls which protect our IT infrastructure from external attack and unauthorised access

·        Internal policies setting out our data security approach and training for staff.

Only authorised and trained personnel can access your personal information if required to do so as part of their legitimate job role.

 

How long we keep your personal information

We will not retain your data for longer than necessary for the purposes set out in this notice.

We are required by law to keep some information for a minimum period of time e.g. financial information for tax purposes.

Different retention periods apply for different types of data, however the longest we will normally hold any personal data is six years after we have fulfilled the service to you. Where there is no legal requirement we will retain personal information for only as long as necessary to deliver our services and respond to any subsequent communications.

When delivering contracts on behalf of partner organisations we will keep personal information for the period required in the contract.

As long as you wish to be a customer of Smarta or be displayed in our directory we will retain your data for that purpose.

Your personal data stored in the website’s database will be automatically deleted from here after five years.

You are able to update, amend or request deletion of your personal information at any time (see below).

 

Automated decision making, including profiling

We may retain some data for reporting and statistical purposes however this will only occur after removing all personal information that would allow an individual to be identified. This is called anonymisation.

We do not engage in any profiling activity.

 

When do we collect your information?

Website forms

Our website has forms built-in to allow you to create an account and interact with the site via the submission of data. When you use our forms, the information submitted is securely stored in the website’s database. Your personal data stored in the website’s database will be automatically deleted from here after five years. Your personal data is encrypted by the website.

The website is built using a framework called Laravel (it is an open-source PHP MVC framework for bespoke platform development).

The forms are built within this stack using VueJS, form data is submitted via Axios (AJAX HTTP requests) to a controller that parsers the data and stores in within a data store. Some forms are also built in the HubSpot platform.

Sensitive data and passwords are encrypted using OpenSSL and the AES-256-CBC cipher.

 

Mailing list

When you subscribe to our newsletter we collect your email address and name so that we can correspond with you. Your personal data will be stored in HubSpot, which we use to send our newsletters. You can request to be removed anytime by clicking ‘unsubscribe’ in any newsletter/mailout or by contacting us.

 

Ongoing communication

We may also collect additional information from you as we communicate with you in order to deliver your services. For example, we may collect documentation from you via email etc.

 

Online data management (analytics and security)

When someone visits our website we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.

We collect information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit, entry and exit points and the number of page views).

We do this to find out things such as the number of visitors to the various parts of the site.

This information is only processed in a way which does not identify anyone.

We do not make and do not permit Google to make, any attempt to find out the identities of those visiting our website.

If we do ever want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

 

Website security and backups

Our website has HTTPS encryption via a Let’s Encrypt SSL certificate to ensure any data passed between your browser and the web server (where this website is hosted) is encrypted. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Edge, Google Chrome and Apple Safari.

This website and its database are automatically backed up every day via our hosting provider AWS (Amazon Web Services). Backups are stored for 90 days in the EU Region.

 

Links to other web sites

This Privacy Notice does not cover the links within our site linking to other websites. Those sites are not governed by this Privacy Notice, and if you have questions about how a site uses your information, you’ll need to check that site’s privacy information.

 

Cookies

Like most websites the Smarta website uses cookies to collect information. Cookies are small data files which store information on your browser, your computer or other connected devices (such as smart phones or tablets). Cookies allow us to recognise that you have visited our website previously. Cookies are essential for the effective operation of our website, they make it easier for you to maintain your preferences on our website and improve your web browsing experience.

The cookies stored on your browser, computer or other device when you access our websites are designed by us, or on behalf of us, and are necessary to improve your use of our site.

Some cookies collect information about browsing behaviour when you access this website via the same browser, computer or device. This includes information about pages viewed and your journey around a website. We do not use cookies to collect or record information on your name, address or other contact details.

A cookie often includes a randomly generated number which is stored on your device. Many cookies are automatically deleted after you finish using the website.

 

Use of cookies

Our websites do not store any information that would, on its own, allow us to identify individual users without their permission. Any cookies that may be used on this website are used either solely on a per session basis or to maintain user preferences. Cookies are not shared with any third parties.

The main purposes for which cookies are used are:

·        For technical purposes essential to effective operation of our websites, particularly in relation to site navigation.

·        To enable us to collect information about your browsing patterns, including to monitor the success of conveying our information to you.

Types of cookies that may be used during your visit to the website are listed below.

Cookie Name

Duration

Type

What It Does

XSRF-TOKEN

6 hours

Necessary

Wix set this cookie for security purposes

smarta_session

6 hours

Other

_gcl_au

3 months

Analytics

Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.

_ga

1 year, 1 month, 4 days

Analytics

Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

_gid

1 day

Analytics

Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website’s performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.

gatUA-*

1 minute

Analytics

Google Analytics sets this cookie for user behaviour tracking.

cf_bm

30 minutes

Functional

Cloudflare sets this cookie to support Cloudflare Bot Management.

hjSessionUser2356249

1 year

Other

_hjFirstSeen

30 minutes

Analytics

Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user.

hjIncludedInSessionSample2356249

2 minutes

Other

hjSession2356249

30 minutes

Other

 

_hjAbsoluteSessionIn Progress

30 minutes

Functional

Hotjar sets this cookie to detect a user’s first pageview session, which is a true/false flag set by the cookie.

_hjRecordingLastActivity

Never

Analytics

Hotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.

_hjRecordingEnabled

Never

Analytics

Hotjar sets this cookie when a recording starts and is read when the recording module is initialised, to see if the user is already in a recording in a particular session.

_fbp

3 months

Analytics

Facebook sets this cookie to display advertisements when either on Facebook or a digital platform powered by Facebook advertising after visiting the website.

How do I disable cookies?

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below. Please be aware that blocking all cookies will, however, have a negative impact upon the usability of many websites, including ours.

 

Microsoft Edge

1.      From the Tools menu, select Internet Options.

2.      Click on the Privacy tab.

3.      Select the appropriate settings.

Google Chrome

1.      Choose Settings> Advanced

2.      Under “Privacy and security,” click “Content settings”.

3.      Click “Cookies”

Apple Safari

1.      Choose Preferences > Privacy

2.      Click on “Remove all Website Data”

Mozilla Firefox

1.      Choose the menu “tools” then “Options”

2.      Click on the icon “privacy”

3.      Find the menu “cookie” and select the relevant options

 

International Transfers

To deliver a full range of services to you, it may be necessary for us to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under GDPR.

If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice will be to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed on the European Commission website.

 

How you can help protect your personal information

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety:

·        Keep your account passwords private. Remember, anybody who knows your password may be able to access your account.

·        When creating a password, use at least 10 characters. A combination of letters, symbols and numbers is best. Try not to use easy to guess words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your passwords.

·        Avoid using the same password for multiple online accounts.

 

Your rights in respect of the personal information we hold

We fully support and facilitate the ability of people to exercise their rights in respect of the personal information supplied to others.

If you wish to correct, complain, object or otherwise control the data we hold please contact us and we will respond accordingly.

Please contact us if you have any questions about how your personal information is being used or if you are unhappy about our service or anything we do. We will do our best to resolve the issue.

 

An overview of your different rights

You have the right to request:

·        Access to the personal information we hold about you, free of charge.

·        The correction of your personal information when incorrect, out of date or incomplete.

·        For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the personal information has come to an end.

·        That we stop using your personal information for direct marketing (either through specific channels, or all channels).

·        That we stop any consent-based processing of your personal information after you withdraw that consent.

 

Your right to withdraw consent

Whenever you have given us your consent to use your personal information, you have the right to change your mind at any time and withdraw that consent.

 

Where we rely on our legitimate interest

In cases where we are processing your personal information on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal information.

 

Direct marketing

You have the right to stop the use of your personal information for direct marketing activity through all channels, or selected channels. We must always comply with your request.

 

How you can access the personal information we hold

You can access a copy of the personal information we hold by submitting a Subject Access Request to us using the contact details below.

We will respond to as soon as possible, and in any event, within one month of verifying the request. Our Subject Access Request policy can be provided on request.

To protect the confidentiality of your personal information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

 

Getting in touch with Smarta

We can be contacted at:

Smarta / Transmit Start-Ups Ltd

Northern Design Centre

Baltic Business Quarter

Abbott's Hill

Gateshead

NE8 3DF

 

Email: hello@gosmarta.com

 

The Supervisory Authority in the UK is the Information Commissioners Office (ICO).

 

Transmit Start-Ups Ltd can be found on the Data Protection Register. The registration number is ZA047144.

 

Our Data Protection Officer is:

DataCo International UK Limited

Suite 1

11 - 12 St James's Square

London

SW1Y 4LB

privacy@dataguard.co.uk

0203 514 6557

 

Complaints

If you would like to make a complaint about the way your personal data has been handled, you can contact us using the details given above.

Alternatively, you can refer your complaint to the ICO.