Data Protection & GDPR Policy

1. Policy statement

SwitchAid (trading name of Project Business Solutions) is committed to protecting personal data and handling it responsibly, lawfully, and transparently. We recognise the importance of data protection and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy outlines how we approach data protection and our responsibilities when processing personal data.

2. Scope

This policy applies to:

  • All employees, directors, contractors, and temporary staff

  • All personal data processed by SwitchAid, whether relating to customers, suppliers, partners, or employees

3. Data protection principles

We process personal data in accordance with the following principles. Personal data shall be:

  • Processed lawfully, fairly, and transparently

  • Collected for specified, explicit, and legitimate purposes

  • Adequate, relevant, and limited to what is necessary

  • Accurate and kept up to date

  • Kept for no longer than necessary

  • Processed securely to protect against unauthorised access, loss, or disclosure

4. Lawful bases for processing

We only process personal data where a lawful basis applies, including:

  • Performance of a contract

  • Legal obligation

  • Legitimate interests

  • Consent (where required)

The lawful basis used depends on the nature of the data and the purpose for which it is processed.

5. Data subject rights

Individuals have rights under UK GDPR, including the right to:

  • Access their personal data

  • Request correction or deletion of data

  • Restrict or object to processing

  • Request data portability (where applicable)

Requests relating to data protection rights will be handled in accordance with statutory timescales.

6. Data security

We take appropriate technical and organisational measures to protect personal data, proportionate to the size and nature of our business. These measures are designed to prevent unauthorised access, loss, misuse, or disclosure of personal data.

7. Data sharing

We may share personal data with trusted third parties where necessary for business operations, including suppliers, service providers, and professional advisers. Personal data is only shared where appropriate safeguards are in place.

We do not sell personal data.

8. Data retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, regulatory, or contractual obligations.

9. Data breaches

Any suspected personal data breaches must be reported internally as soon as possible. Where required, breaches will be assessed and reported to the Information Commissioner’s Office (ICO) and affected individuals in line with legal requirements.

10. Responsibilities

Overall responsibility for data protection sits with the directors of SwitchAid. All staff are responsible for handling personal data in accordance with this policy and relevant procedures.

11. Contact details

For questions relating to data protection or to exercise your data protection rights, please contact:

Email: [insert contact email]
Company: SwitchAid (trading name of Project Business Solutions)
ICO Registration Number: Z294637X

12. Review

This policy will be reviewed periodically and updated where necessary to reflect changes in legislation, guidance, or business practices.