Skip to main content

Work Smarter Solutions Ltd

Work Smarter Solutions Ltd customer privacy notice

This privacy notice tells you what to expect us to do with your personal information.

  • Contact details
  • What information we collect, use, and why
  • Lawful bases and data protection rights
  • Where we get personal information from
  • How long we keep information
  • Who we share information with
  • How to complain

Contact details

Email: info@worksmartersolutions.co.uk

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

  • Names and contact details
  • Addresses
  • Gender
  • Occupation
  • Date of birth
  • Third party information (such as family members or other relevant parties)
  • Payment details (including card or bank information for transfers and direct debits)
  • Transaction data (including details about payments to and from you and details of products and services you have purchased)
  • Information relating to compliments or complaints
  • Records of meetings and decisions

We collect or use the following personal information for the operation of client or customer accounts:

  • Names and contact details
  • Addresses
  • Purchase or service history
  • Account information, including registration details
  • Marketing preferences

We collect or use the following personal information for information updates or marketing purposes:

  • Names and contact details
  • Addresses
  • Profile information
  • Marketing preferences
  • Purchase or account history

We collect or use the following personal information to comply with legal requirements:

  • Name
  • Contact information
  • Identification documents
  • Client account information
  • Any other personal information required to comply with legal obligations

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details
  • Addresses
  • Payment details
  • Account information
  • Purchase or service history
  • Customer or client accounts and records
  • Financial transaction information

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
  • Your right to rectification- You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure- You have the right to ask us to delete your personal information.
  • Your right to restriction of processing- You have the right to ask us to limit how we can use your personal information.
  • Your right to object to processing- You have the right to object to the processing of your personal data.
  • Your right to data portability- You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
  • Your right to withdraw consent– When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We rely on Legitimate Interests as a lawful basis for processing certain personal information. Under the UK General Data Protection Regulation (GDPR), our legitimate interest is the efficient, secure, and effective management of our consultancy business, coupled with the reliable provision and strategic enhancement of our specialist financial automation services to our clients. We have conducted a Legitimate Interests Assessment (LIA) and determined that our interests do not unfairly prejudice the rights and freedoms of the individuals concerned. Specifically, we process Client Contact Details (such as Name, Role, Email, and Phone) and Contractual\/Service History as it is necessary for efficient internal administration, including managing our client relationship, communicating crucial service updates, fulfilling our contractual obligations, and ensuring timely and accurate billing. This provides the benefit of a stable relationship and reliable service delivery, with a low associated risk. Furthermore, we rely on this basis for proactive client relationship management and business development, allowing us to inform existing clients about new software integrations, features, or automation techniques relevant to their business needs, thereby providing added value. These communications are targeted and always include a clear opt-out. Crucially, when resolving complex issues within cloud accounting software (like Xero or FreeAgent) or integrated apps (like Stripe or GoCardless), we may be required to temporarily access or process incidental financial transaction details that belong to our client\’s customers or suppliers (e.g., Transaction ID, Date). This processing is strictly necessary to diagnose and correct critical financial admin errors for our client. The benefit is preventing financial loss or operational disruption, and the risk is mitigated by only processing this data at the client\’s initiation, ensuring minimum necessary access, and promptly deleting the data once the issue is resolved. You have the right to object to any processing of your personal information carried out on the basis of legitimate interests.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We rely on Legitimate Interests for the processing activities that are strictly necessary for the ongoing operation and maintenance of your client account and the services we provide. Our legitimate interest is to ensure the continuity and strategic maintenance of the business relationship and the complex systems we help manage. This processing is essential for delivering the contracted services reliably. We process Client Account Credentials (where temporarily provided to us for system access, setup, or troubleshooting purposes), Client Contact Details, and Integration Status Data (non-log data that indicates whether a connection, like Xero or Stripe, is active and functional). This is necessary to manage your relationship, ensure the systems we configure remain operational, facilitate necessary system maintenance, and provide prompt support when issues arise. The benefit to you is the assurance of a continuously operational, reliable automation environment and the prevention of business disruption. The processing under this basis is limited to what is reasonably expected by a client in a business-to-business relationship. We are satisfied that the benefits of maintaining the integrity and operational status of your financial systems significantly outweigh any potential, minimal risks to your rights and freedoms.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We rely on Legitimate Interests for sending relevant information updates and marketing communications to you, provided you are an existing or former business client. Our legitimate interest is to maintain and grow a professional relationship by offering valuable, relevant information about services that complement or enhance the solutions we have already provided. We process Client Contact Details (such as Name, Role, and Professional Email Address) and your Service History to ensure our communications are targeted, timely, and relevant to the financial automation systems you currently use or have expressed interest in. This may include informing you about significant software updates to Xero or FreeAgent, new compatible integrations (e.g., GoCardless or Syft Analytics), or specialised consultancy services that can further streamline your processes. The benefit to you is that you receive proactive, expert advice on new efficiencies and technologies, allowing you to continually optimise your financial administration setup. The impact on you is minimal as the communications are professional and directly related to our business field, and they are never intrusive. Crucially, we always provide a clear and easy-to-use opt-out mechanism in every electronic communication, allowing you to stop receiving marketing from us at any time. We are satisfied that the high value and relevance of these updates, combined with your absolute right to object and opt-out, mean that our business need does not unfairly override your rights and freedoms.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information to comply with legal requirements:

  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We rely on Legitimate Interests for collecting and processing personal information required to effectively deal with queries, complaints, and potential claims. Our legitimate interest is to provide efficient customer service, maintain professional records of service quality, and protect our business from unwarranted claims. We process Client Contact Details, Specific Service History, and Records of Correspondence (including emails and written communication detailing the query or complaint). This processing is necessary to allow us to fully investigate the reported issue, provide a comprehensive and documented response, and manage our legal risk. The benefit to you is that we can resolve your concerns accurately and thoroughly, relying on the full context of our prior interactions to reach a satisfactory conclusion, thereby maintaining the quality and trust of our professional relationship. The risk to your privacy is low, as the processing is targeted specifically to the relevant correspondence and is a reasonable expectation when engaging a professional consultancy for complex financial and software services. We are satisfied that the benefits of ensuring proper issue resolution and transparent record-keeping significantly outweigh any minimal impact on your rights.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

  • Directly from you
  • Publicly available sources

How long we keep information

  • We are committed to the principle of storage limitation, ensuring that personal data is only retained for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.
  • The applicable retention periods are determined by taking into account the type of data, the purpose of its processing, and statutory obligations under UK law (such as those imposed by HMRC and Companies House).
  • Core Financial and Relationship Data
  • Client Accounting and Financial Records, such as invoices, bank records, and underlying financial documentation, are retained for a period of seven (7) years from the end of the last financial year to which the records relate. This duration is necessary to meet the mandatory requirement of Her Majesty’s Revenue & Customs (HMRC) for maintaining tax-related records for at least six years after the relevant tax year.
  • Personal data held within the Customer Relationship Management (CRM) Data (e.g., contact details, correspondence, and sales history) is retained for the duration of the active client relationship, plus two (2) years thereafter. This two-year extension allows us to effectively manage post-contractual queries, demonstrate regulatory compliance, and pursue legitimate interest for re-engagement within a reasonable timeframe.
  • Compliance and Administrative Records
  • Employee and Contractor Records are retained for a period of six (6) years after the termination of employment or contract. This retention period is necessary for processing final payments, providing references, and complying with various employment and taxation law requirements.
  • Records relating to data protection accountability, such as Data Subject Access Requests (DSARs) and Consent Logs, are retained for six (6) years from the date the instruction or consent was withdrawn. This is required to provide robust evidence of our compliance and accountability under the UK GDPR and the Data Protection Act 2018.
  • Finally, records related to Non-Client Enquiries (e.g., website contact form submissions from individuals who did not become clients) are retained for twelve (12) months from the date of the last communication. This brief period allows us to manage follow-up and internal reporting before the data is securely deleted or anonymised.
  • Exceptions to Standard Retention
  • In certain circumstances, we may be required to retain data for a longer period than the standards listed above. This includes situations where:
  • Retention is necessary to comply with any mandatory legal or regulatory requirements (e.g., anti-money laundering regulations).
  • The data is subject to an active or anticipated legal claim, dispute, or investigation, in which case the data will be retained until the matter is definitively resolved.

Who we share information with

Data processors

Cloud Accounting Software Providers (Financial & Enterprise Resource Planning):

This data processor does the following activities for us: They provide the secure, hosted platforms necessary for recording, processing, and storing all financial transaction data and associated personal information. These processors are generally located in the UK\/EEA, with some processing occurring in adequacy-approved countries like New Zealand.

Payment and Financial Gateway Processors (FinTech):

This data processor does the following activities for us: They process personal information required to initiate, track, and complete automated payment transactions for our clients. These processors are typically located in the UK\/EEA, with potential transfers to the United States under appropriate safeguards (e.g., Standard Contractual Clauses or the UK Extension to the EU-US Data Privacy Framework).

Customer Relationship Management (CRM) and Marketing Automation Platforms (SaaS):

They provide the platform we use to store and manage contact information, sales records, and professional correspondence for the purpose of client relationship management and marketing communications. These processors are generally located in the UK/EEA, with data hosting primarily in the European Union (Germany) and potentially transferred to the United States. Any such transfer is protected by a UK-approved mechanism, such as the UK Extension to the EU-US Data Privacy Framework and/or Standard Contractual Clauses.

Financial Analysis and Reporting Tool Providers (SaaS/FinTech):

They provide integrated services for forecasting, reporting, and data analysis using the data stored in the primary cloud accounting software. These processors are generally located in the UK/EEA.

Others we share personal information with

  • Organisations we’re legally obliged to share personal information with

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated 18/11/2025