Privacy Policy for NW Business Operations

First created: 28 February 2026
Last updated: 28 February 2026

1. Who I Am

NW Business Operations is a UK-based sole trader business providing operational and strategic support services to business clients in the UK, EU and internationally.

For the purposes of data protection law, I am the data controller responsible for your personal data.

Contact details:
Name: Nathalie
Contact form: found here.
ICO Registration Number: ZB948425

2. What Personal data I Collect

I only collect personal data that is necessary for legitimate business purposes.

Information you provide directly

If you contact me through the website contact form, I may collect:

  • Your name
  • Your email address
  • Any information you include in your message

If we enter into a working relationship, additional information may be collected for contractual and invoicing purposes, such as:

  • Business name
  • Billing address
  • Financial details necessary for invoicing

All invoices are issued via FreshBooks.

3. How I Use Your Information

Your data is used only for the following purposes:

  • Responding to enquiries
  • Communicating about potential or ongoing work
  • Providing contracted services
  • Issuing invoices
  • Complying with legal and tax obligations
  • Improving website performance and usability

I do not sell, rent, or trade your personal data.

4. Lawful Basis for Processing

Under UK GDPR, I rely on the following lawful bases:

  • Legitimate interests – responding to enquiries and operating my business
  • Contract – where processing is necessary to fulfil a service agreement
  • Legal obligation – where required for accounting and tax compliance

5. Website Analytics and Third Parties

This website uses certain third-party service providers to operate effectively and securely.

Google Analytics

I use Google Analytics to understand general website usage, such as page visits and traffic patterns.

Google Analytics may collect:

  • IP address (anonymised where applicable)
  • Device and browser information
  • Pages visited
  • Time spent on the site

This data is used only to improve website performance and user experience.
Google may process data outside the UK. Where this occurs, appropriate safeguards are in place in accordance with UK data protection law.

You can view Google’s Privacy Policy here.

Google reCAPTCHA

The contact form uses Google reCAPTCHA to prevent spam and automated abuse.

reCAPTCHA may collect information such as:

  • IP address
  • Device information
  • Browser data

This processing is subject to Google’s privacy policies.

You can view Google’s Privacy Policy here.

Hostinger

This website is hosted by Hostinger. As part of hosting and server management, Hostinger may process technical data such as IP addresses and server logs.

You can view Hostinger’s Privacy Policy here.

These third-party providers act as independent data processors and operate under their own privacy policies.

6. Data Sharing

I do not share your personal data with third parties except where necessary to operate the business. This may include:

  • Hosting provider (Hostinger)
  • Google (Analytics and reCAPTCHA)
  • FreshBooks (invoicing)
  • Professional advisers (accountants or insurers, if legally required)

All third-party providers are expected to handle data securely and in accordance with applicable data protection laws.

7. International Data Transfers

As a UK-based business serving clients in the UK, EU and internationally, some data may be transferred outside the UK.

Where this occurs, transfers are made only where:

  • The country has been deemed adequate by the UK government; or
  • Appropriate safeguards are in place, such as standard contractual clauses or equivalent protections.

8. Data Retention

I retain personal data only for as long as necessary:

  • Enquiries that do not result in work: typically up to 12 months
  • Client records: retained in line with UK accounting and tax requirements (currently 6 years)
  • Contractual documentation: retained for legal compliance

Data is securely deleted when no longer required.

9. Data Security

Reasonable technical and organisational measures are in place to protect your data, including:

  • Secure website (SSL encryption)
  • Password-protected systems
  • Restricted access to business systems
  • Secure cloud-based tools

While no system can guarantee absolute security, appropriate steps are taken to protect information from unauthorised access or disclosure.

10. Your Rights

Under UK data protection law, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure (in certain circumstances)
  • Restrict or object to processing
  • Request data portability (where applicable)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

You can contact me via the contact form to exercise your rights.

You also have the right to lodge a complaint with:

Information Commissioner’s Office
https://ico.org.uk

11. Changes to This Policy

This Privacy Policy may be updated periodically to reflect legal or operational changes. The latest version will always be available on this website.