You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Who We Are
- 2.1 Here are the details that the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR) says we have to give you as a 'data controller':
- • Our Website address is [Insert Website Address]
- • Our company name is [Insert Company Name]
- • Our registered address is [Insert Registered Address]
- • Our [nominated representative or Data Protection Officer] is [Insert Representative / Data Protection Officer Name] and they can be contacted at [Insert Representative / Data Protection Officer Email Address]
What we may collect
- 3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
- 3.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- • Identity Data includes first name, last name, username or similar identifier. When you email, phone, live chat or otherwise, we may collect information such as your first name, last name, email address and phone number.
- • Contact Data includes billing address, invoicing address, email address and telephone numbers.
- • Financial Data includes bank account and payment card details.
- • Transaction Data includes details about payments and other details of our Services you have purchased from us.
- • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.
- • Profile Data includes your username and password, reservations made by you, your interests, preferences, feedback and survey responses.
- • Usage Data includes information about how you use our Website and Services.
- • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- • Interaction Data includes any information that you might provide to any discussion forums on the Website.
- • Cookies Data like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our websites. Please refer to the "Do we use 'cookies'?" section below for information about cookies and how we use them and what kind.
- • Third Parties and Information we receive from other sources We may receive information about you if you use any of the other websites we operate or through the Services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on our Website. We are also working closely with third parties (including, for example, business partners, suppliers, sub-contractors, advertising networks, analytics providers, and search information providers) and may receive information about you from them.
- 3.4 [We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we do collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) and it is necessary to do so for our business, we will obtain your specific consent, unless we have another lawful basis to do so.]
- 3.5 Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
- a) You have given consent to the processing of your personal data for one or more specific purposes;
- b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- c) processing is necessary for compliance with a legal obligation to which we are subject;
- d) Details of your visits to our site and the resources you use
- e) Information about your computer (e.g. your IP address, browser, operating system, etc.) for system administration and to report aggregate information to our advertisers
- f) processing is necessary to protect the vital interests of you or of another natural person;
- g) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- h) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our financial payments, except where such interests are overridden by the fundamental rights and freedoms of the data subject, in particular where the data subject is a child.
- 3.7 In some instances, it may be appropriate for us to combine your information with other information that we may be holding about you, such as combining your name with your geographic location or your browsing or purchasing history.
THE FOLLOWING BULLET POINTS CAN BE ADAPTED IN FULL EDIT MODE
CHOOSE ONE OF THE TWO STATMENTS in 3.4 AND DELETE THE OTHER [This is an instruction that will not print or display]
Also included in this document:
4. How we may collect and use your data
6. Where we store your data and security
7. Disclosing your information
8. Your Rights
9. Links to Other Sites
11. Automated Decision-Making and Profiling
12. Terms and Conditions
13. Your consent
14. Dispute Resolution
7 Necessary Documents You Need To Protect Your Business
Assuming you are setting up a limited company you really do need a shareholders’ agreement. This regulates the arrangements between you and your fellow shareholders. If there are other founders you need to agree and write down who owns the shares, and in what amounts. You also need to set out a framework for operating the company – who can make decisions and how do they get made. Don’t assume that just because everything is okay at the beginning, or you are all friends, that it’s going to be fine later. Remember how many bands have got into arguments when they split up, because there wasn’t an agreement saying who owned what. Remember how many rows there have been among songwriters who didn’t agree on the splits between them for that hit they wrote? Exactly. If you want your company to sound like sweet music then get this basic formality right...
Click here to download our Shareholder Agreement.
If somebody is investing or loaning money to your company they will want to see the terms written down. They will want to know what shares they get and what their value is, will they get diluted if more money comes in, procedures for running the company and exit, how much control they get. These issues are directly relevant to you as the entrepreneur too. Don’t just sign whatever is put in front of you. If you don’t pay attention to these details they will come back and bite you later.
Click here to download our Share Investment Agreement.
Website T's and C's
If you are running a website you need a collection of documents covering the way that the website is run. Consumers need to see these. Sometimes there are legal reasons, as with your policies on Data, or privacy, Cookies or cancellation policy. Sometimes it’s just good to set an expectation as to how you are going to behave and how you expect your customers to behave. Don’t just copy and paste someone else’s T’s and C’s. For example, Apple’s T’s and C’s may work well for a major global technology company, but they may not be appropriate at all for your small business. Take the time to create your own T’s and C’s which reflect the way that your business runs.
Click here to download our Terms and Conditions of Website Use.
If you are asking software developers to develop apps or websites or platforms for you then you must write things down. Some people say that software developers are the new builders – just like the people who make alterations to your house they are always running late, always going over budget and whatever happens it’s never their fault – they just blind you with construction science. Sound familiar? I would never be that unkind or simplistic about developers but it’s certainly the case that confusion and frustration can break out on all sides when there is no contract in place. What’s the price? When will it be paid? What are the development milestones? Who will own the software? Who will deal with bugs, changes and maintenance and at what cost? Your software may be a core component of your business – so it’s worth getting the paperwork right.
Click here to download our Software Development Agreement.
Employment or Consulting Agreement
Do you have people working with you? You need to write down the way that you are working with them. Employees now have a host of potential legal protections, e.g. in relation to process around termination, their data, disciplinary matters, and their pension rights. So you need to address that and other obligations in writing. And don’t assume that just because you call someone a “Consultant” in order to avoid all that stuff then that is what they are. The law and the taxman may still class them as an employee if effectively they are working full time only for you. Apart from these considerations you just need to be clear on the terms on which people work for and with you. What are they paid, when? Is there a bonus? How is it calculated? What hours of work do you expect? Do they get sick pay? What happens with holidays? If they leave what happens to their shares? And so on…
Click here to view our Employment Agreements.
Contract Partner Agreements
This next one is cheating a bit because contract partner agreements can take many forms. It may be a manufacturing agreement, distribution, e commerce, drop ship, agency or licensing agreement. Whoever you trade with you need a commercial contract that governs issues like price, payment terms, delivery standards for services and products, timetables, responsibilities, exclusivity, termination and so on. Without your customers and your cash you are nothing, so take the trouble to write it all down to give yourself some protection and peace of mind.
Click here to view our Partnership Agreements.
Your ideas, copyrights, patents, software and financial information are your private DNA. They make you unique and could help deliver unique value for you. But they could be cloned by someone else if you do not keep them secret. Other people like prospective investors, trade partners and purchasers often need to find out something more about you before they will deal with you – an NDA offers you some protection in relation to the information you disclose. You may not ever want to go through a court case to enforce it, but having a signed NDA is an expression of intent by both parties and a deterrent against disclosure of confidential information.
Click here to view our Confidentiality Agreements.
So those are the 7 types of agreement which all SMEs should be considering. You can find all of these legal documents on the Legal Documents page.
Rachel McKinney is a barrister with approximately 17 years’ experience accumulated in both private practice and inhouse. She has advised businesses ranging from small business owners to large multinationals across a number of sectors, financial services, pensions and the construction industry. She provides clear, succinct and commercially focused advice on the legal risk a client may face and how to mitigate against any such risk.
She advises upon a broad range of commercial issues including compliance with General Data Protection Regulation (GDPR), dispute resolution and the proactive management of litigation and drafting and negotiating a full range of commercial agreements.
As an experienced litigator, Rachel utilises her skills to identify legal issues quickly and to provide clear and pragmatic commercial solutions from the outset that clients might avoid incurring unnecessary costs. Working with SMEs clients it is vital to provide cost effective, pragmatic and commercially focused advice. She has successfully maximised profits and minimised financial exposure for SME clients.
In her own words… “I find working with SMEs truly rewarding. As a lawyer I can make a real difference to the business in the delivery of cost effective and commercially focused advice. I really enjoy working with business owners and becoming immersed in their business to understand their future aims and objectives. It gives me an opportunity to assist in the development of the business by providing commercial solutions to minimise legal risk. It is the best part of being a lawyer.“
Step By Step Guide
- Firstly, introduce the document and explain what the document is for – telling users what information you collect about them on the website and what you do with that information. Include your contact details as well.
- Then, include all the necessary information about the company, which is known in the GDPR as the Data Controller. If the company has a nominated representative for the purposes of the GDPR, you must include their name here.
- The next section should outline what information the company may collect. You should make sure that this covers all the information that you could collect.
- It is important to describe how the collected information will be used. Again make sure that you include all the uses of the information. You can’t do anything else with a user’s information unless you’ve told the user about it.
- In the next section, you should set out where the data is stored. If a user’s information is transferred outside the European Economic Area (EEA), you should tell users this.
- Explain how a user’s information might be disclosed.
- You must include a section about the user’s rights in relation to their data. Make sure that you include contact details here.
- You need to say that you will not be responsible for any links to other sites provided on your site or posted by other users on the website.
Remember, if you come unstuck at any point, our LawBriefs are here to help. Visit our legal advice page to submit an online enquiry or call us on 020 7148 1066.
Best of luck in your SME journey.
When To Use this document:
*Updated for GDPR*