1. Introduction

This Privacy Policy explains how Business Advisory and Solutions Ltd (trading as "Overfunded") ("we," "us," "our," or the "Company") collects, uses, shares, and protects information in relation to our website www.overfunded.co.uk and our services.

We are committed to protecting and respecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR) (EU) 2016/679, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.

When we refer to "personal data" in this Privacy Policy, we mean any information that relates to an identified or identifiable individual.

2. Data Controller Information

Business Advisory and Solutions Ltd (trading as Overfunded) is the data controller responsible for your personal data.

Registered Office:

• Department Campfield

• Lower Byrom St

• Manchester M3 4FP

• United Kingdom

Contact Details:

• Email: contact@overfunded.co.uk

• Website: www.overfunded.co.uk

Company Registration: Registered in England and Wales

3. Information We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide Directly

Contact Information:

• Full name

• Email address

• Phone number

• Company name and job title

• Postal address

Account Information:

• Username and password

• Account preferences

• Communication preferences

Business Information:

• Company details

• Business requirements

• Project information

• Financial information (if relevant to services)

Communication Data:

• Enquiries and correspondence

• Feedback and testimonials

• Survey responses

• Support requests

3.2 Information Collected Automatically

Technical Data:

• IP address

• Browser type and version

• Operating system

• Device information

• Time zone setting and location

• Browser plug-in types and versions

Usage Data:

• Pages visited on our website

• Date and time of visits

• Page response times

• Download errors

• Length of visits to pages

• Page interaction information (scrolling, clicks, mouse-overs)

• Methods used to browse away from pages

Cookie Data:

• Please see Section 11 for detailed information about cookies

3.3 Information from Third Parties

We may receive personal data about you from:

• Analytics providers (such as Google Analytics)

• Advertising networks

• Search information providers

• Social media platforms

• Business partners and referrers

• Credit reference agencies (where applicable)

• Publicly available sources (Companies House, Electoral Register)

4. Lawful Basis for Processing

We only process personal data where we have a lawful basis. The lawful bases we rely on are:

4.1 Consent

Where you have given clear consent for us to process your personal data for specific purposes, such as:

• Marketing communications

• Non-essential cookies

• Testimonials and case studies

4.2 Contract

Processing necessary for the performance of a contract with you or to take steps at your request before entering a contract:

• Providing our services

• Processing payments

• Managing your account

• Customer support

4.3 Legal Obligations

Processing necessary for compliance with legal obligations:

• Tax and accounting requirements

• Responding to lawful requests from authorities

• Health and safety requirements

• Anti-money laundering regulations

4.4 Legitimate Interests

Processing necessary for our legitimate interests or those of third parties, provided your interests and fundamental rights do not override those interests:

• Business improvement and development

• Marketing to existing customers

• Fraud prevention and network security

• Internal administration

• Ensuring website functionality

4.5 Vital Interests

Processing necessary to protect someone's life (rarely applicable to our services)

4.6 Public Task

Processing necessary to perform a task in the public interest (rarely applicable to our services)

5. How We Use Your Information

We use your personal data for the following purposes:

5.1 Service Delivery

• To provide and manage our services

• To process transactions

• To communicate about our services

• To provide customer support

• To manage our relationship with you

5.2 Marketing and Communications

• To send marketing communications (with consent)

• To personalise our services

• To inform you about changes to our services

• To request feedback and reviews

• To send service-related communications

5.3 Business Operations

• To improve our website and services

• To conduct data analytics

• To protect against fraud and illegal activities

• To manage risk

• To comply with legal obligations

• To enforce our terms and conditions

5.4 Legal and Compliance

• To comply with applicable laws and regulations

• To establish, exercise, or defend legal claims

• To respond to lawful requests from authorities

6. Data Sharing and Disclosure

We may share your personal data with:

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our business:

• Cloud storage providers

• Email service providers

• Payment processors

• Analytics providers

• Marketing platforms

• IT support services

• Professional advisors (lawyers, accountants, auditors)

6.2 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

6.3 Legal Requirements

We may disclose information where required by law or where we believe disclosure is necessary to:

• Comply with legal obligations

• Protect our rights, property, or safety

• Protect the rights, property, or safety of others

• Detect, prevent, or address fraud or security issues

6.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

7.1 Safeguards

• Adequacy Decisions: Transfers to countries deemed adequate by the UK or EU

• Standard Contractual Clauses: UK or EU-approved standard contractual clauses

• Binding Corporate Rules: For transfers within corporate groups

• Your Consent: Explicit consent for specific transfers

7.2 Specific Transfers

We may transfer data to:

• United States (using appropriate safeguards)

• Other countries where our service providers operate

You can request details of specific safeguards by contacting us at contact@overfunded.co.uk.

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

8.1 Retention Periods

CategoryRetention PeriodCustomer account dataDuration of relationship plus 6 yearsTransaction records6 years (tax and accounting requirements)Marketing contactsUntil consent withdrawn or 3 years of inactivityWebsite analytics26 monthsCCTV footage (if applicable)30 days unless required for investigationEmployee data6 years after employment endsCookie dataSee Cookie Policy (Section 11)

8.2 Retention Criteria

When determining retention periods, we consider:

• The nature and sensitivity of the data

• Legal and regulatory requirements

• Statute of limitations periods

• Industry best practices

• Business requirements

8.3 Data Deletion

After the retention period expires, we securely delete or anonymise personal data.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access

You can request a copy of your personal data and information about how we process it.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances:

• The data is no longer necessary for the original purpose

• You withdraw consent (where consent is the lawful basis)

• You object to processing and we have no overriding legitimate interest

• The data has been unlawfully processed

• Deletion is required by law

9.4 Right to Restrict Processing

You can request restriction of processing in certain circumstances:

• You contest the accuracy of the data

• Processing is unlawful but you don't want erasure

• We no longer need the data but you need it for legal claims

• You've objected to processing pending verification of legitimate interests

9.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format and have it transferred to another controller where:

• Processing is based on consent or contract

• Processing is carried out by automated means

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

9.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.

9.9 How to Exercise Your Rights

To exercise any of these rights:

• Email: contact@overfunded.co.uk

• Post: Data Protection Officer, Business Advisory and Solutions Ltd, Department Campfield, Lower Byrom St, Manchester M3 4FP

We will respond within one month, extendable by two months for complex requests. We will not charge a fee unless requests are manifestly unfounded or excessive.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

10.1 Security Measures

• Encryption of data in transit and at rest

• Access controls and authentication

• Regular security assessments and penetration testing

• Employee training on data protection

• Confidentiality agreements with employees and contractors

• Regular backups and disaster recovery procedures

• Physical security for offices and data centres

• Incident response procedures

• Data minimisation practices

10.2 Data Breach Response

In case of a personal data breach:

• We will notify the Information Commissioner's Office within 72 hours where required

• We will notify affected individuals without undue delay if the breach is likely to result in high risk

• We maintain records of all data breaches

10.3 Your Responsibilities

• Keep your account credentials confidential

• Use strong, unique passwords

• Notify us immediately of any suspected unauthorised access

• Ensure information you provide is accurate and up to date

11. Cookies and Tracking Technologies

11.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. We use cookies to:

• Ensure website functionality

• Improve user experience

• Analyse website usage

• Deliver targeted advertising

11.2 Types of Cookies We Use

Essential Cookies

• Required for website operation

• Cannot be disabled

• Include session cookies and security cookies

Analytics Cookies

• Help us understand website usage

• Google Analytics (with IP anonymisation)

• Can be disabled through cookie settings

Functional Cookies

• Remember your preferences

• Language settings

• Login details (if you choose)

Marketing Cookies

• Track visitors across websites

• Display relevant advertisements

• Measure advertising effectiveness

11.3 Cookie Management

You can manage cookies through:

• Our cookie consent banner

• Browser settings

• Third-party opt-out tools

Note: Disabling certain cookies may impact website functionality.

11.4 Other Tracking Technologies

We may also use:

• Web beacons/pixel tags

• Local storage

• Device fingerprinting (with consent)

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

13. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will:

• Delete the information immediately

• Notify the parent or guardian if contact details are available

• Take reasonable steps to prevent future collection from children

Parents who believe we have collected information from their child should contact us immediately at contact@overfunded.co.uk.

14. Marketing Communications

14.1 Legal Basis for Marketing

• Consent: For email marketing to prospects

• Legitimate Interests: For marketing to existing customers (soft opt-in)

14.2 Types of Marketing

• Service updates and newsletters

• Event invitations

• Industry insights and resources

• Promotional offers

14.3 Opting Out

You can opt out of marketing communications:

• Click "unsubscribe" in any marketing email

• Email us at contact@overfunded.co.uk

• Update preferences in your account settings

• Contact us to update your preferences

Note: You will still receive service-related communications.

15. Special Category Data

Special category data includes information about race, ethnicity, politics, religion, trade union membership, genetics, biometrics, health, sex life, or sexual orientation.

We generally do not collect special category data unless:

• You provide explicit consent

• It's necessary for legal obligations

• You've made it publicly available

• It's necessary for legal claims

If we do process special category data, we apply additional safeguards.

16. Automated Decision-Making and Profiling

We may use automated decision-making in limited circumstances:

• Fraud prevention

• Credit checks (where applicable)

• Marketing personalisation

You have the right to:

• Request human intervention

• Express your point of view

• Contest automated decisions

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be effective immediately upon posting to our website.

17.1 Notification of Changes

We will notify you of significant changes through:

• Email notification

• Prominent notice on our website

• Request for renewed consent where required

17.2 Review

We encourage you to review this Privacy Policy regularly. The "Last Updated" date indicates the latest revision.

18. Complaints

If you have concerns about our data processing:

18.1 Contact Us First

We aim to resolve complaints internally:

• Email: contact@overfunded.co.uk

• Post: Data Protection Officer, Business Advisory and Solutions Ltd, Department Campfield, Lower Byrom St, Manchester M3 4FP

18.2 Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

• Website: https://ico.org.uk

• Telephone: 0303 123 1113

• Live chat: Available on ICO website

• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

19. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices:

Data Protection Officer
Business Advisory and Solutions Ltd (trading as Overfunded)
Department Campfield
Lower Byrom St
Manchester M3 4FP
United Kingdom
Email: contact@overfunded.co.uk

We aim to respond to all data protection enquiries within 72 hours.