Privacy Notice

1. About This Notice

JReg Consultancy Ltd (“JReg”, “we”, “us” or “our”) is committed to protecting the personal data of everyone we work with. This privacy notice explains what personal data we collect, why we collect it, the legal basis on which we process it, with whom we share it, and what your rights are under applicable data protection law.

JReg is a UK-based company that works with clients and subcontractors globally. This notice is written to meet our obligations under UK and EU GDPR and applicable regulations. Regardless of where you are based, the same standards and rights apply to you.

This notice applies to three audiences:

2. Who We Are

JReg Consultancy Ltd is a company registered in England and Wales under number 11748428, whose registered office is at 85 Great Portland Street, London, W1W 7LT.

For the purposes of UK and EU GDPR, JReg Consultancy Ltd acts as the data controller in respect of the personal data described in this notice. This means we determine the purposes and means by which your personal data is processed.

3. General Principles

Regardless of whether you are a client, subcontractor or website visitor, we process your personal data in accordance with the following principles under applicable data protection law:

  • We only collect data that is adequate, relevant and limited to what is necessary.
  • We keep data accurate and up to date.
  • We do not retain data for longer than necessary.
  • We implement appropriate technical and organisational security measures.
  • We are transparent about how and why we process your data.
  • We do not carry out automated decision-making or profiling using your personal data.

3.1 Data Security

We maintain physical, technical and administrative safeguards proportionate to the risk posed by the processing. Access to your personal data is restricted to staff who genuinely need it to carry out their role. We have procedures in place for dealing with data breaches, including notifying you and/or the relevant supervisory authority where we are legally required to do so.

3.2 Data Storage

Your personal data is stored on servers operated by third-party service providers engaged by JReg Consultancy Ltd, located within the European Union (EU) and/or the United Kingdom. Our website is hosted on WordPress.com, whose servers are located within the EU and UK.

3.3 International Transfers

If we transfer your personal data outside the UK or the European Economic Area (EEA), we ensure it receives equivalent protection through one or more of the following safeguards:

  • The transfer is necessary for the performance of a contract between you and JReg (e.g. setting up a new client project or onboarding a Sub-Contractor).
  • Use of UK or EU-approved Standard Contractual Clauses with the receiving party.

3.4 Third-Party Sharing

We may share personal data with the following categories of recipient, only where necessary and subject to appropriate safeguards:

  • Professional advisors and insurers, for risk management and legal advice.
  • IT and technical service providers, for hosting, security and business systems.
  • Public authorities, where required by law.

We require all third parties receiving personal data from us to commit contractually to protecting that data to a standard equivalent to applicable data protection law.

3.5 Legal and Contractual Requirements for Providing Personal Data

In some cases, JReg is required to collect and process certain personal data as a matter of legal or regulatory obligation, or because it is a necessary condition of entering into or performing a contract with you. This applies to both clients and subcontractors. Where this is the case, we will make this clear at the point of collection.

Where we share personal data with parties outside the UK or EEA, we do so pursuant to our general contractual practices and in accordance with the safeguards set out in Section 3.3. Where a legal or regulatory obligation requires us to make such a transfer, we will identify and communicate to you the relevant requirement and the safeguard in place.

4. Information for Clients and Partners

This section applies if you are a client or partner of JReg Consultancy Ltd.

4.1 What Personal Data We Collect

We may collect and process the following categories of personal data about you and/or individuals at your organisation:

  • Company legal name
  • Registered office address
  • Company registration number
  • VAT registration number (if applicable)
  • Key contact person’s name and job title
  • Business email address(es)
  • Telephone number
  • Payment / banking details
  • Signed agreements (e.g. NDA, Client agreements, Statement of Work)

4.2 Why We Use Your Data

We process client personal data for the following purposes and on the following legal bases:

Purpose Description Legal Basis
Service delivery Processing orders, providing consultancy services, issuing invoices and managing credit control. Contract performance
Relationship management Communicating with you, managing the client relationship, handling support requests and complaints. Legitimate interests
Record keeping Maintaining business records, back-ups and compliance documentation. Legitimate interests
Insurance and risk Obtaining and maintaining insurance coverage, managing risk and obtaining professional advice. Legitimate interests
Legal claims Establishing, exercising or defending legal claims. Legitimate interests / Legal obligation
Legal compliance Complying with our legal and regulatory obligations. Legal obligation

4.3 Sharing Your Data

In addition to the third parties listed in Section 3.4, we may share client data with our subcontractors and suppliers where necessary to fulfil a contract with you.

4.4 Retention

We retain client personal data for the duration of the client relationship and for a reasonable period afterwards, to fulfil post-contract obligations, manage potential legal claims, comply with statutory record-keeping requirements and to align with the applicable UK and EU law.

When determining the appropriate retention period, we take into account the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we collected and processed it, and any applicable legal or regulatory obligations.

4.5 Prospective Clients

If you are a prospective client, we may collect and process the categories of personal data listed above to the extent it is necessary to carry out our general onboarding processes.

5. Information for Subcontractors

This section applies if you are a subcontractor, independent consultant, freelancer or business engaged by JReg Consultancy Ltd to perform work or supply services on our behalf. It also applies to employees and directors of subcontracting organisations whose personal data we process.

5.1 What Personal Data We Collect

We may collect and process the following categories of personal data, to the extent necessary for our legitimate business and legal purposes:

  • Full legal name (individual for sole traders, director / owner for limited companies)
  • Company name and number (ltd company) or trading name (sole trader)
  • Registered business address (ltd company) or home address (sole trader)
  • Business phone number and email address
  • Key contact person and job title (ltd company)
  • Telephone number
  • CV
  • Skills matrix
  • Payment / banking details (bank account name, sort code and account number, or IBAN)
  • VAT registration number (if applicable)
  • Signed agreements (e.g. NDA, Subcontractor agreement, Introducer agreement, Statement of Work)
  • Insurance certificate and coverage amounts

5.2 Why We Use Your Data

We process subcontractor personal data for the following purposes and on the following legal bases:

Purpose Description Legal Basis
Service delivery Entering into and fulfilling our subcontractor agreement, including processing payments and managing the engagement. Contract performance
Record-keeping Complying with tax, employment, financial and regulatory requirements. Legal obligation
Record-keeping Managing business operations, maintaining records and protecting against non-compliance or litigation. Legitimate interests

5.3 Sharing Your Data

In addition to the third parties listed in Section 3.4, we may share subcontractor data with:

  • IT service providers supporting our HR or contract management systems.
  • Companies operating in the medical technology (Med-Tech) sector, where required to fulfil a contract in which you are involved.
  • Tax authorities where required by law.

5.4 Retention

We retain subcontractor personal data for the duration of the engagement and for a reasonable period afterwards. When determining the appropriate retention period, we take into account the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we collected and processed it, and any applicable legal or regulatory obligations. Financial and tax records are retained in line with EU and UK retention laws.

Where data is no longer needed, it is securely deleted or anonymised in accordance with our internal data retention policy.

6. Information for Website Visitors

This section applies to individuals who visit our website at http://www.jreg.co.uk. For full details of how we use cookies and similar technologies on the site, please see our Cookie Policy.

6.1 What Personal Data We Collect

When you visit our website, we may collect the following personal data:

  • Your IP address, collected temporarily for site security purposes and not retained beyond that check.
  • Your name and email address, if you contact us by email or via the contact form.

6.2 Why We Use Your Data

We use the IP address collected on site visit solely to perform a security check and do not retain it. We use any contact details you provide solely to respond to your enquiry. We use analytics data, on the basis of your consent, to understand how the site is used and improve it. We do not collect any special category personal data through the website.

6.3 Sharing and Retention

We do not share personal data collected through the website with any third party except our website hosting provider (WordPress.com), Google LLC (where you have consented to analytics), and public authorities where required by law. Contact enquiries are retained for as long as reasonably necessary to manage your enquiry. IP addresses are not retained. Analytics data retention is governed by our Cookie Policy.

7. Your Rights

Under applicable data protection law, including UK GDPR and, where relevant, EU GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to exceptions in specific circumstances. To exercise any of these rights, please contact us using the details in Section 8.

Right of access You can request a copy of the personal data we hold about you (a Subject Access Request).
Right to rectification You can ask us to correct inaccurate or incomplete data we hold about you.
Right to erasure You can ask us to delete your personal data where there is no lawful reason for us to continue holding it (the ‘right to be forgotten’).
Right to restrict processing You can ask us to limit the way we use your data in certain circumstances.
Right to object You can object to certain processing activities, including processing based on legitimate interests.
Right to object to direct marketing Where we process your personal data for direct marketing purposes, you have the absolute right to object at any time and we will stop immediately.
Right to data portability Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, machine-readable format.
Right to withdraw consent Where we rely on consent as our legal basis, you can withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to be informed of a breach If a personal data breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay.

We will respond to all requests within one calendar month. There is no charge, though we may charge a reasonable fee or decline a request that is manifestly unfounded or excessive.

8. How to Contact Us

If you have any questions about this notice, wish to exercise your rights, or have a concern about how we handle your personal data, please contact:

Email: admin@jreg.co.uk

Post: 85 Great Portland Street, London, W1W 7LT

Company: JReg Consultancy Ltd (Reg. No. 11748428)

Alternatively, you can contact us through our website contact page.

9. How to Make a Complaint

We hope to resolve any concerns you have directly. However, if you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority.

9.1 United Kingdom

You may complain to the Information Commissioner’s Office (ICO), the supervisory authority for data protection in the UK:

Organisation: Information Commissioner’s Office

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk/make-a-complaint

9.2 European Union

If you are based in the European Union, you may lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.

10. Changes to This Notice

We may update this notice from time to time to reflect changes in our processing activities, legal requirements, or business operations. Where changes are material, we will take reasonable steps to notify you directly.