Privacy Policy

This notice describes how Pennysmart CIC uses and protects the personal information that it holds in accordance with General Data Protection Regulation (GDPR). We encourage you to read this notice carefully so that you are aware of how and why we are using this information.

GDPR Principles

In collecting and processing your personal information, we will comply with the data protection law in force at the time. This requires that the personal information we hold about you must be:

  1. Processed lawfully, fairly and in a transparent way
  2. Collected for specified, explicit and legitimate purposes and not further processed in a matter that is incompatible with those purposes
  3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed
  4. Accurate and kept up to date
  5. Kept only as long as necessary for the purposes for which the personal data is processed
  6. Kept securely, protecting against unauthorised or unlawful processing, accidental loss, damage, or destruction

What types of personal data do we hold about you?

We may collect, store and use a variety of categories of personal information about you such as:

How is your personal information collected?

We collect personal information through forms on the following tabs on the website.

What do we do with your personal information?

We may use this data for a number of reasons:

What is the purpose and legal basis of the processing?

Data protection laws require Pennysmart to meet certain conditions before we are allowed to use your personal data. This privacy notice identifies the data we use is for Legitimate Interest purposes.

Who might we share it with?

We may have to share your data with third parties and require third parties to respect the security of your data and to treat it in accordance with the law. If necessary and relevant, data may be shared with:

We do not sell or transfer your personal information for marketing purposes.

Where we store your personal data and how we keep it safe

The data that we collect from you will be stored inside the UK or the European Economic Area (EEA).

All physical data is stored inside locked cabinets within the office and all computers are password protected as per the Pennysmart Data Protection Policy. We limit access to your personal information to those employees or third parties who have a business need to know. We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will only retain your personal information for as long as necessary to fufil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements.

In some circumstance we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Your rights in relation to your personal information

You have a number of rights under the Data Protection laws in relation to the way we process your personal data, namely:

  1. To access your data
  2. To have your data rectified if it is inaccurate or incomplete
  3. In certain circumstances to have your data deleted or removed
  4. In certain circumstances to restrict the processing of your data
  5. A right of data portability, to obtain and reuse your data for your own purpose across different services
  6. A right to object to direct marketing
  7. Not to be subject to automated decision making (including profiling)

If you want to review, verify, correct or request erasure of you personal information, object to the processing of your data, or request that we transfer a copy of your personal information to another party, please contact the Finance Department -

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we reserve the right to charge a reasonable fee of your request for access is excessive.

Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.