top of page

Data Protection Policy

This policy sets out how 2Manage handles the personal data of its clients, suppliers and other third parties.

 

This policy is intended to ensure that we:

 

  • Comply with data protection law and follow good practice;

  • Protect the rights of clients and partners;

  • Are transparent about how we store and process individuals’ data;

  • Are protected from the risks of a data breach.

 

Protecting the confidentiality and integrity of personal data is a critical responsibility that we take

seriously at all times. This policy is therefore intended to apply to the personal data that we process about you. 

 

Scope

 

This policy applies to all personal data that we process regardless of the media on which that data is stored or whether it relates to past or present clients, suppliers, or any other data subject.

 

Data Protection Principles

 

We adhere to the principles relating to the processing of personal data, as set out in the General Data Protection Regulation (GDPR). These require personal data to be:

 

  • Processed lawfully, fairly and in a transparent manner;

  • Collected only for specified, explicit and legitimate purposes (“purpose limitation”);

  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (“data minimisation”);

  • Accurate, and where necessary, kept up to date (“accuracy”);

  • Not kept in a form which permits identification of data subjects for longer than is necessary (“storage limitation”);

  • Processed in a way which ensures its security, using appropriate technical measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (“integrity and confidentiality”);

 

In addition to these 6 core principles, there are a number of other obligations on us (as the controller of your data) and rights that you have in relation to your data (as data subject). These include requirements that your personal data is:

 

  • Not transferred to another country without appropriate safeguards in place;

  • Made available to data subjects, who must be allowed to exercise certain rights in relation to their personal data.

 

Fair, Lawful and Transparent Processing

 

We must process your personal data lawfully, fairly and in a transparent manner.

 

What this means is that we can only process your data fairly and lawfully and for one of the specified purposes (or legal bases) set out in the GDPR. These include the following:

 

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes;

  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

  • Processing is necessary for compliance with a legal obligation to which the controller is subject;

  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person;

  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

 

When we collect personal data about you, whether directly from you or from a third party, then we are obliged to provide you with certain information about that personal data including what we will do with it, who we will share it with and what our legal basis for processing is. That information will be set out in a Privacy Notice.

 

Consent

 

We can only process personal data on the basis of one or more of the lawful bases set out in the GDPR, and listed above - these include with the consent of the data subject.

 

In order to consent to the processing of their personal data, a data subject should indicate their

agreement either by a statement or by positive action. We will not assume that consent has been given in the absence of any express agreement.

 

Data subjects must be easily able to withdraw their consent at any time. We will keep records of all consents, so that we can demonstrate our compliance with this data protection requirement.

 

Accountability

 

2Manage is the Data Controller (or simply Controller) for your data. As the Controller, we are responsible for implementing appropriate technical measures to ensure compliance with the data protection principles detailed above.

Website Hosting & Data Processing

 

Our website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to promote our services and connect with our clients.

Your data may be stored through Wix.com’s data storage, databases, and general Wix.com applications. They store your data on secure servers behind a firewall.

Wix.com is fully compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. They provide robust security measures and tools to ensure your personal information is protected.

We only collect personal data that you voluntarily provide via our website forms (e.g., contact form, booking requests, newsletter signup), and this data may be processed and stored by Wix as part of our website functionality.

To learn more about how Wix handles data, you can read their policies here:

Purpose Limitation

 

When we collect personal data it must be only for explicit and legitimate purposes that are clear up front. We may not process the data in any manner that is incompatible with these purposes.

 

If the purposes for data collection and processing change, then we must inform the data subject of these new purposes, and if necessary, we must gain their renewed consent.

 

Data Minimisation

 

The data that we collect and process is limited to what is strictly necessary and relevant for the intended purposes. When any data is no longer needed for these purposes, we will either delete or anonymise it.

 

Accuracy

 

We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards and either delete or correct inaccurate or out-of-date personal data.

 

Storage Limitation

 

Personal data will not be kept for any longer than is necessary for the stated purposes for which the data is processed. Therefore, we will ensure that when personal data is no longer needed, it is deleted or anonymised. We will require third parties to also delete or anonymise data where and when applicable.

 

Integrity and Confidentiality

 

We will secure personal data by taking technical measures against unauthorised or unlawful processing, and against accidental loss, destruction or damage. Such safeguards may include the use of encryption and pseudonymisation. We will exercise particular care in protecting special categories of personal data and criminal convictions data.

 

Personal Data Breaches

 

Should a breach of personal data occur, we will usually notify the appropriate regulator (unless it is assessed that the breach is unlikely to result in a risk to the rights and freedoms of individuals) and, in certain instances, the data subject. We are also obliged to keep a record of all personal data breaches.

 

Data Subjects’ Rights

 

The people whose data we hold (data subjects) have many rights regarding the processing of their personal data. These include, but are not limited to, the following rights to:

 

  • Withdraw consent to the processing of their personal data;

  • Request access to their personal data that 2Manage holds;

  • Prevent our use of their personal data for direct marketing purposes;

  • Ask us to erase any personal data that is no longer necessary for us to hold;

  • Ask us to correct any inaccurate or out-of-date data;

  • Prevent processing of data that is likely to cause damage or distress to the data subject or to anyone else;

  • Be notified of a data breach which is likely to result in high risk to their rights and freedoms.

 

Record Keeping

 

We are required by law to keep full and accurate records of all our data processing activities. These records include:

 

  • Data subjects’ consents to the processing of their personal data;

  • Clear descriptions of the types of data that we hold, and of the types of data subjects whose data we hold;

  • The purposes of our data processing;

  • The categories of recipients to whom the personal data has or will be disclosed;

  • Details of any third-party recipients of personal data;

  • Where possible the envisaged time limits for erasure of the different categories of data;

  • Where possible, a description of the security measures in place.

 

Direct Marketing

 

We are subject to certain rules and privacy laws when marketing to our customers. If a customer opts out of receiving direct marketing communications, we must honour their request promptly.

 

Sharing Personal Data

 

We will only share personal data with third parties, such as service providers, under the following circumstances:

 

  • The third party needs to hold the data in order to provide the contracted services;

  • The privacy notice given to the data subject has made it clear that their data will be given to third parties for express purposes;

  • The third party has agreed to comply with the necessary data security standards and procedures;

  • There exists a GDPR compliant contract between both parties.

  • ​The transfer of data complies with cross-border transfer restrictions.

bottom of page