Privacy policy.

This Privacy Policy explains how Cole Bennett Virtual Assistance ("we", "us", or "our") collects, uses, stores, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

We are the data controller for the purposes of data protection law. If you have any questions about this policy or how your data is handled, you can contact us at hello@colebennett-va.com.

We collect personal data when you interact with our website, contact us, enquire about our services, or work with us as a client. The types of personal data we may collect include your name, email address, business name, billing details, correspondence, and any information you choose to provide when contacting us or completing forms.

We collect this data for specific and legitimate purposes, including responding to enquiries, providing and managing our services, processing payments, sending relevant communications, improving our website, and complying with legal or regulatory obligations.

We only process personal data where we have a lawful basis to do so. These lawful bases include consent, where you have given clear permission for us to process your data; performance of a contract, where processing is necessary to deliver agreed services; legal obligation, where processing is required by law; and legitimate interests, where processing is necessary for the operation of our business and does not override your rights and freedoms.

Personal data is only retained for as long as necessary for the purposes for which it was collected, including legal, accounting, or reporting requirements. When data is no longer required, it is securely deleted or anonymised.

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. This includes secure systems, access controls, and data minimisation practices.

We may share personal data with trusted third-party service providers where necessary to operate our business, such as website hosting providers, email platforms, payment processors, and accounting software. These third parties are only permitted to process personal data on our instructions and are required to keep it secure and confidential.

Where personal data is transferred outside of the UK or European Economic Area, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, to protect your data.

You have rights under data protection law in relation to your personal data. These include the right to access your data, request correction of inaccurate data, request erasure of your data, restrict or object to processing, request data portability, and withdraw consent at any time where processing is based on consent.

If you wish to exercise any of these rights, you can contact us using the details above. We may need to verify your identity before responding.

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK, or with your local supervisory authority if you are located in the EU.

We may update this Privacy Policy from time to time to reflect changes in legislation, business practices, or technology. Any updates will be posted on this page with the revised date.