Privacy Policy
Last Updated: February 2025
1. About This Privacy Policy
Gold Leaf Support ("we", "us", "our", or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK and international privacy laws.
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services.
2. Data Controller Information
Gold Leaf Support
Email:
hellogoldleaf@mail.com
Phone: 07818108940
Location: United Kingdom
Sole Proprietor: We are a solo business operation. All data is managed directly by the business owner with no external subcontractors unless explicitly stated in a service agreement.
Gold Leaf Support is the Data Controller responsible for your personal data.
3. What Data We Collect
3.1 Data You Provide Directly
- Contact Information: Name, email address, phone number, business name, address
- Service-Specific Data:
- Finance Admin: Bank details, invoice records, expense data, VAT information, supplier information, payment records
- Project Management: Project timelines, vendor details, team member names, project documentation, communication records
- Website Creation: Website content, images, branding materials, contact forms, analytics data
- Communication Data: Emails, meeting notes, support tickets, feedback
- Payment Information: Invoicing details, payment method information (processed through third-party payment providers)
3.2 Data Collected Automatically
- Website Usage: IP address, browser type, pages visited, time spent, referring website
- Cookies: See Section 10 for detailed cookie information
- Device Information: Device type, operating system, device identifiers
3.3 Data From Third Parties
- Hosting Providers: If we create your website, platform providers (Wix, Squarespace, GoDaddy, Canva) may provide usage data
- Payment Processors: Transaction confirmations and payment status
- Your Clients/Vendors: Information you share with us about third parties relevant to our services
Important Note: We only collect data necessary to provide our services. We do not collect data on your end clients or employees unless you voluntarily provide it as part of your service needs.
4. How We Use Your Data
We use your information for the following purposes:
4.1 Service Delivery
- Managing your Finance Admin account (invoicing, payment tracking, expense management)
- Coordinating your projects and managing timelines
- Building and maintaining your website
- Providing training and support
- Preparing reports and documentation for you and your accountant
4.2 Business Operations
- Invoicing and payment processing
- Responding to your inquiries and support requests
- Improving our services and user experience
- Maintaining business records
4.3 Legal Compliance
- Complying with UK tax and accounting regulations
- Complying with legal obligations (e.g., money laundering regulations)
- Protecting against fraud and unauthorized access
- Enforcing our terms and conditions
4.4 Marketing (with your consent)
- Sending newsletters about our services (only if you opt-in)
- Case studies and testimonials (only with explicit written consent)
- Service updates and announcements
We will NOT:
- Sell your data to third parties
- Use your financial data for any purpose other than the services you've engaged us for
- Share your data with unrelated businesses without your explicit consent
- Use your data for automated decision-making or profiling
5. Legal Basis for Processing
Under UK GDPR, we process your data based on the following legal grounds:
| Data Type |
Legal Basis |
Reason |
| Service Data (Finance, Projects, Website) |
Contract Performance |
Required to deliver the services you've purchased |
| Payment Information |
Contract Performance & Legal Obligation |
Processing payment and tax compliance |
| Tax & Accounting Records |
Legal Obligation |
UK tax and accounting regulations |
| Communication Data |
Contract Performance |
Providing customer support |
| Marketing Communications |
Consent |
Only with your explicit opt-in |
| Website Usage Data |
Legitimate Interest |
Improving website performance and user experience |
6. Who We Share Your Data With
6.1 Third-Party Service Providers
We may share your data with the following types of service providers:
- Email Service Providers: For sending invoices and communications (only as required for your service)
- Payment Processors: For processing payments (e.g., Stripe, PayPal - they handle payment data securely)
- Website Hosting Platforms: Wix, Squarespace, GoDaddy, Canva (for website creation services)
- Accountants/Tax Advisors: Only if you specifically request we share accounting records
- Cloud Storage Providers: For secure data backup and storage
Data Processing Agreements: All third-party service providers are bound by Data Processing Agreements (DPAs) ensuring they comply with UK GDPR and only process data as instructed.
6.2 Legal Requirements
We may disclose your data if required by law, court order, or government request (e.g., HM Revenue & Customs, police investigations).
6.3 We DO NOT Share
- Your data with competitors or unrelated businesses
- Personal data with marketing companies or data brokers
- Client/vendor data unless you explicitly authorize it
- Financial data with any party except those directly involved in service delivery
7. How Long We Keep Your Data
| Data Type |
Retention Period |
Reason |
| Active Service Data (Finance, Projects, Website) |
Duration of service + 3 years |
Active service provision and legal/tax record-keeping |
| Financial Records & Invoices |
6 years after service ends |
UK tax law requirements (self-assessment returns) |
| Communication Records |
2 years after last interaction |
Dispute resolution and record-keeping |
| Website Analytics |
12 months |
Performance analysis and improvement |
| Marketing Data (if opted in) |
Until you unsubscribe |
Sending communications you've requested |
| Cookies |
See Section 10 |
User experience improvement |
Data Deletion: After the retention period expires, we securely delete or anonymize your data. If you request deletion earlier, we will comply unless legal obligations require us to retain the data.
8. Your Data Rights Under UK GDPR
Under UK GDPR, you have the following rights:
8.1 Right of Access
You have the right to request a copy of all personal data we hold about you (Subject Access Request - SAR). We will provide this within 30 days of your request.
8.2 Right of Rectification
If your data is inaccurate or incomplete, you can request that we correct it.
8.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your data, except where:
- We have a legal obligation to retain it (e.g., tax records)
- It's necessary for service delivery
- We have a legitimate interest in retaining it
8.4 Right to Restrict Processing
You can request that we limit how we use your data in certain circumstances.
8.5 Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format for transfer to another provider.
8.6 Right to Object
You can object to processing based on legitimate interest or direct marketing.
8.7 Right Not to Be Subject to Automated Decision-Making
We do not use automated decision-making or profiling that significantly affects you.
How to Exercise Your Rights
To exercise any of these rights, contact us at: hellogoldleaf@mail.com with "Data Subject Request" in the subject line.
We will respond within 30 days. If you're not satisfied with our response, you can lodge a complaint with the UK Information Commissioner's Office (ICO).
9. Data Security
9.1 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption: Data transmitted over HTTPS encryption
- Access Control: Only authorized personnel (the business owner) access sensitive data
- Secure Storage: Data stored on secure, password-protected systems
- Backups: Regular encrypted backups to prevent data loss
- Firewalls: Network firewalls and antivirus protection
- Password Security: Strong passwords and authentication protocols
9.2 Data Breaches
In the unlikely event of a data breach, we will:
- Notify affected individuals without undue delay (within 30 days, unless we've determined there is no risk)
- Notify the ICO if the breach poses a risk to your rights and freedoms
- Provide details of the breach, affected data, and steps taken to remedy it
9.3 Limitations
While we take security seriously, no system is completely secure. We cannot guarantee 100% security of your data. You use our services at your own risk.
10. Cookies & Tracking Technology
10.1 What Are Cookies?
Cookies are small text files stored on your device that help us recognize you and improve your experience.
10.2 Types of Cookies We Use
- Essential Cookies: Required for website functionality (e.g., security, navigation)
- Analytics Cookies: Google Analytics to understand how you use our website (anonymized)
- Preference Cookies: Remember your preferences (e.g., theme, language)
10.3 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being set. Note: Disabling essential cookies may affect website functionality.
10.4 Third-Party Cookies
Our website may contain links to third-party websites. We're not responsible for their cookie practices. Please review their privacy policies.