Data Protection Policy

Scope

This policy explains how we handle personal data collected via our website contact form and any follow-up communications about your enquiry.
Data Controller

Resource 5 Limited is the data controller for the personal data described in this policy.
Data We Collect

When you submit our contact form, we collect:
1. First name and last name
2. Email address
3. Company (optional)
4. Phone number
5. Any information you include in your message or subsequent correspondence (which may include business or commercially sensitive details)
Purpose of Use

We use the data solely to respond to your enquiry, to communicate with you about it, and to take steps you request prior to entering into an engagement with us. We do not use your data for marketing unless you give explicit consent.
Legal Basis

We rely on the following lawful bases under UK GDPR:
1. Legitimate interests – to handle and manage your enquiry efficiently.
2. Contract – to take steps at your request prior to entering into a contract, and to perform a contract if created.
3. Legal obligation – where we must retain or disclose information to comply with the law.
Confidentiality and Non-Marketing Commitment
1. We treat all information you share - including personal data and the content/substance of your enquiry - as confidential.
2. We do not use enquiry data for advertising or profiling, and we do not add you to marketing lists without your explicit consent.
Data Sharing
1. We do not sell your data or share it with third parties for their own purposes.
2. We may use carefully selected service providers (e.g., secure email, hosting, document storage) acting as our data processors under written contracts that require them to protect your data and use it only on our instructions.
3. We may disclose information if required to do so by law, court order, or regulatory authority.
International Transfers

Where processing involves transfer outside the UK (or UK-adequate countries), we put in place appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses, together with technical and organisational protections.
Security

We protect personal and business-sensitive information with appropriate technical and organisational measures, including access controls, encryption where suitable, least-privilege principles, and staff confidentiality obligations. We review these measures periodically.
Retention

We keep personal data only as long as necessary for the purposes described above and to meet legal, accounting, or reporting requirements. Typical retention for enquiry records is [retention period, e.g., 24 months] from last contact, after which we securely delete or anonymise the data unless we need to keep it longer to establish, exercise, or defend legal claims.
Your Rights

Subject to conditions and exemptions in UK data protection law, you may:
1. Request access to your personal data
2. Request correction of inaccurate data
3. Request erasure of your data
4. Object to or request restriction of processing
5. Request data portability
6. Withdraw consent where processing relies on consent (this does not affect past processing)
Cookies and Tracking

Our contact form does not require non-essential cookies. Our website may use essential cookies for functionality and security. We do not use cookies for marketing unless you consent via a cookie banner.
Children

Our services are directed to professionals and organisations. We do not knowingly collect data from children.
Automated Decision-Making

We do not use your data for automated decision-making that produces legal or similarly significant effects.
How to Complain

If you have concerns about our use of your data, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
Changes to This Policy

We may update this policy from time to time. Material changes will be highlighted on this page. Please review it periodically.

Last updated: 13 August 2025