Privacy Policy
Last updated: [insert date]
Version: 1.0
This Privacy Policy explains how Janusz (Yanni) Derdoski, trading as TinkerForce ("we", "us", "our"), collects, uses, stores, and protects personal data in accordance with:
- the UK General Data Protection Regulation (UK GDPR)
- the Data Protection Act 2018 (DPA 2018)
- the Privacy and Electronic Communications Regulations 2003 (PECR)
1. Who We Are (Data Controller)
Data Controller: Janusz (Yanni) Derdoski
Trading as: TinkerForce
Address: [insert full business address, postcode, UK]
Email: info@tinkerforce.co.uk
Phone: [insert +44 phone number]
ICO registration: [we are / we are not] registered with the Information Commissioner's Office (ICO). ICO Registration No.: [ZB XXXXXXX] (if applicable)
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity Data: name, username, title
- Contact Data: email address, telephone number, postal address
- Technical Data: IP address (via server logs)
- Communications: emails, enquiry forms, messages you send us
[Add or remove categories as applicable to your business.]
3. How We Collect Personal Data
We collect data through:
- Direct interactions (contact forms, email, phone, in-person)
- Automated technologies (server logs)
- Third parties (e.g. referral partners, social media platforms)
4. Lawful Basis For Processing (Article 6 UK GDPR)
We process your personal data on the following lawful bases:
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries | Legitimate interests (Art. 6(1)(f)) |
| Performing a contract | Contract performance (Art. 6(1)(b)) |
| Legal and tax obligations | Legal obligation (Art. 6(1)(c)) |
[Adapt this table to reflect your actual processing activities.]
5. How We Use Your Personal Data
We use your personal data to:
- Respond to your enquiries and provide our services
- Send administrative communications (e.g. invoices, receipts)
- Improve our website and services
- Comply with legal and regulatory obligations
We will not sell, rent, or trade your personal data to third parties.
6. Data Sharing And Third-Party Processors
We may share your personal data with trusted third parties acting as data processors, including:
| Provider | Purpose |
|---|---|
| [hosting provider] | Website hosting |
| [accountant name] | Bookkeeping / tax compliance |
All processors are contractually required to process data only on our instructions and in compliance with the UK GDPR.
7. International Transfers
[If applicable:] Some of our third-party providers are based outside the UK. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place (e.g. UK Adequacy Regulations, standard contractual clauses, or ICO-approved transfer mechanisms).
[If not applicable:] We do not transfer your personal data outside the United Kingdom.
8. Data Retention
We retain personal data only as long as necessary for the purposes set out in this Policy, or as required by law:
| Type of data | Retention period |
|---|---|
| Client and contractual records | 6 years from end of contract (Limitation Act 1980) |
| Tax and financial records | 6 years (HMRC requirement) |
| Marketing and consent records | Until withdrawal of consent or 2 years of inactivity |
| Website analytics | [e.g. 26 months] |
9. Your Rights Under The UK GDPR
You have the following rights regarding your personal data:
- Right of access (Subject Access Request - SAR)
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing (including direct marketing)
- Rights related to automated decision-making and profiling
- Right to withdraw consent at any time (where consent is the lawful basis)
To exercise any of these rights, contact us at info@tinkerforce.co.uk or [postal address].
We will respond within one calendar month (extendable by a further two months for complex requests, with notice given).
10. Cookies
Our website does not use cookies.
11. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no transmission over the internet is completely secure.
12. Complaints
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: https://ico.org.uk/make-a-complaint/
Helpline: 0303 123 1113
We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at info@tinkerforce.co.uk.
13. Changes To This Policy
We may update this Privacy Policy from time to time. Any material changes will be notified on this page with an updated "Last updated" date. We encourage you to review this Policy periodically.