Data Protection (GDPR) Statement

Get-Found Ltd

Our Commitment

Get-Found Ltd is committed to the protection of all personal and sensitive data for which it holds responsibility as the Data Controller and the handling of such data in line with the data protection principles and the Data Protection Act (DPA). 

Changes to data protection legislation shall be monitored and implemented in order to remain compliant with all requirements. 

The members of staff responsible for data protection are: Jason Jackson and Alex Davis. 

Get-Found Ltd is also committed to ensuring that its staff are aware of data protection policies, legal requirements and adequate training is provided to them. 

The requirements of this policy are mandatory for all staff employed by or volunteering for Get-Found Ltd and any third party contracted to provide services within the business. For more information on our third-party providers data protection statement please refer to: GoCardless, Stripe, Google, Solna, Quickbooks, Analytics and Google Drive.

Data Protection Principles

The principles of the Data Protection Act shall be applied to all data processed. This means that we will ensure that personal data shall be: 

 processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

  1. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  2. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  3. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  4. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
  5. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

Privacy Notice:

We shall be transparent about the intended processing of data and communicate these intentions via notification to staff and attendees prior to the processing of individual’s data.

Notifications shall be in accordance with ICO guidance and, where relevant, be written in a form understandable by those defined as ‘Children’ under the legislation.  

The intention to share data relating to individuals to an organisation outside of our business shall be clearly defined within notifications and details of the basis for sharing given. Data may also be shared with external parties in circumstances where it is a legal requirement to provide such information. 

Click here for our Privacy Notice

Data Security:

Security of data shall be achieved through the implementation of proportionate physical and technical measures. 

Data Access Requests (Subject Access Requests):

All individuals whose data is held by us, has a number of individual privacy rights which can be exercised by contacting:

The Data Protection Act (GDPR) provides for the following rights: The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object 
  8. Rights in relation to automated decision making and profiling.

Data Disposal:  

Personal data will be retained for the minimum period necessary for the purpose and Get-Found Ltd recognises that the secure disposal of redundant data is an integral element to compliance with legal requirements and an area of increased risk. 

Prepared by:

Jason Jackson, Director of Get-Found Ltd

Reviewed by 

Alex Davis, CEO of Get-Found Ltd

Date of implementation


Date of Review


Signed by

Jason Jackson