Privacy Policy
Margo Solutions ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, store, share and protect information you provide through this website and during the course of our services. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
1. Who we are
Email: hello@margosolutions.co.uk
2. The two roles we play with data
Under UK GDPR (Article 4 and Article 28), we act in two different capacities depending on the activity:
- Data Controller — for personal data we collect about you directly (enquiry forms, your contact details as a client, our internal records about our relationship with you). This policy governs that processing.
- Data Processor — when we process personal data on behalf of our clients (for example, managing your clients' CRM, your customer email list, your subscribers). In that capacity, the client remains the Data Controller. We process such data only on documented written instructions and under a separate Data Processing Agreement (DPA), available on request and signed before any such work begins.
3. What personal data we collect
We collect only the data we need. This may include:
- Identity data: name, business name, job title
- Contact data: email address, phone number (if you choose to provide it), postal address (if relevant)
- Enquiry content: the message or brief you send us
- Engagement data: information shared with us during the course of our work together (briefs, login credentials, business documents, contacts)
- Financial data: invoicing details, bank/payment information (for outgoing invoices to you, or as part of bookkeeping work we do for you)
- Technical data: IP address, browser type, device type, approximate location, pages visited — collected automatically via standard web-server logs and the limited third-party services described in our Cookie Policy
4. Special category data
In the normal course of Virtual Assistant work we may incidentally encounter special category data (UK GDPR Article 9) — for example, health-related diary entries when managing a calendar, or information about beliefs / political views in client correspondence. Where this occurs, we process such data only:
- To the minimum extent necessary to perform the contracted services;
- Under the lawful basis of explicit consent or necessary for the establishment, exercise or defence of legal claims / performance of contract; and
- With heightened security and confidentiality.
5. Children
Our services are not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
6. How we collect personal data
We collect data directly from you when you:
- Submit the enquiry form on this website
- Email us at hello@margosolutions.co.uk
- Engage us as a client and share information during our work together
- Connect with us on professional networks (e.g. LinkedIn)
We may also receive data automatically (server logs, basic cookies — see our Cookie Policy) and from third parties such as Formspree when you submit our form.
7. Why we use your data — lawful bases (UK GDPR Article 6)
| Purpose | Lawful basis |
|---|---|
| Responding to your enquiry | Consent (Art. 6(1)(a)) & pre-contractual steps (Art. 6(1)(b)) |
| Providing services you have engaged us to perform | Contract (Art. 6(1)(b)) |
| Issuing invoices, keeping accounting records | Legal obligation (Art. 6(1)(c)) — HMRC, Companies Act |
| Managing the business relationship; communicating about service updates | Legitimate interests (Art. 6(1)(f)) |
| Future marketing emails / newsletter (if we introduce one) | Consent (PECR Reg. 22 & UK GDPR Art. 6(1)(a)) — opt-in only |
| Defending against legal claims, fraud prevention | Legitimate interests (Art. 6(1)(f)) |
8. Direct marketing
We do not currently send marketing emails or newsletters. If we introduce a newsletter in future, it will operate strictly on an opt-in basis. You will be asked to give clear, affirmative consent before we add you, and every message will include a one-click unsubscribe link. You can withdraw consent at any time by emailing hello@margosolutions.co.uk.
9. How we store and protect your data
Your data is stored securely using reputable, UK GDPR-compliant systems (e.g. encrypted cloud storage, password-protected devices, two-factor authentication). We take reasonable technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, accidental loss or destruction. Access is restricted to Margo Solutions only. We review our security practices regularly.
10. How long we keep it
- Website enquiries that do not lead to engagement: deleted within 12 months.
- Client records, contracts and correspondence: retained for the duration of our engagement plus 5 years after the end of the relevant tax year, in line with HMRC's record-keeping requirements for sole traders (s.12B Taxes Management Act 1970).
- Financial records (invoices, receipts): 5 years from the 31 January submission deadline of the relevant tax year, as required by HMRC for sole traders.
- Marketing subscriber data (when introduced): retained until you unsubscribe or 24 months of inactivity, whichever is sooner.
- Server logs and basic technical data: typically 30–90 days (set by our hosting provider).
11. Who we share data with
We do not sell your data. We do not share it with third parties for their own marketing purposes. We share limited data only with:
- Trusted service providers we use to run the business — for example, email hosting, the form processor (Formspree, formspree.io), accounting/bookkeeping software, cloud storage. All are bound by their own UK GDPR obligations and, where appropriate, data processing terms.
- HMRC, regulators or law enforcement where we are legally required to disclose.
- Professional advisers (accountant, solicitor, insurer) where strictly necessary, all under duties of confidence.
- A successor business in the event of a sale or transfer of the business — subject to equivalent data protection commitments.
12. International transfers
Some of the tools we rely on (e.g. Formspree, Google Fonts, certain cloud providers) may process data outside the United Kingdom — principally in the European Economic Area (EEA) and the United States. Where personal data is transferred outside the UK, we ensure one of the following safeguards under Chapter V of UK GDPR is in place:
- A UK adequacy regulation under section 17A of the Data Protection Act 2018; or
- The UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses; or
- The UK Extension to the EU–US Data Privacy Framework, where the recipient is certified under it.
13. Automated decision-making and profiling
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects (UK GDPR Article 22).
14. Your rights under UK GDPR
You have the right to:
- Be informed about how your data is used (this policy)
- Access the personal data we hold about you (Subject Access Request)
- Request correction of inaccurate data (rectification)
- Request erasure ("right to be forgotten")
- Restrict our processing
- Object to processing based on legitimate interests or direct marketing
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent at any time where consent is the lawful basis
- Not be subject to a decision based solely on automated processing
- Lodge a complaint with the Information Commissioner's Office
To exercise any of these rights, email hello@margosolutions.co.uk. We respond within one calendar month (extendable by up to two further months for complex requests, in line with UK GDPR Art. 12(3)). We will not charge a fee unless the request is manifestly unfounded or excessive.
15. Cookies and tracking
This website uses minimal cookies in accordance with PECR. For full details and how to manage your preferences, see our Cookie Policy.
16. Data breaches
In the unlikely event of a personal data breach likely to result in a risk to your rights and freedoms, we will report it to the ICO within 72 hours of becoming aware of it, in line with UK GDPR Article 33. If the risk is high, we will also notify you directly without undue delay.
17. Complaints
If you are unhappy with how we have handled your data, we would appreciate the chance to put it right — please contact us first. You also have the right to lodge a complaint with the UK supervisory authority:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 · ico.org.uk
18. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. Material changes will be communicated to active clients.
19. Contact
Questions about this policy or your data? Email hello@margosolutions.co.uk.