1. About This Notice
JReg Consultancy Ltd (“JReg”, “we”, “us” or “our”) is committed to protecting the personal data of everyone we work with. This privacy notice explains what personal data we collect, why we collect it, the legal basis on which we process it, with whom we share it, and what your rights are under applicable data protection law.
JReg is a UK-based company that works with clients and subcontractors globally. This notice is written to meet our obligations under UK and EU GDPR and applicable regulations. Regardless of where you are based, the same standards and rights apply to you.
This notice applies to three audiences:
- Clients or Partners: organisations or individuals who engage JReg for consultancy services or project delivery.
- Subcontractors: individuals or companies engaged by JReg to perform work or supply services on our behalf.
- Website visitors: individuals who visit http://www.jreg.co.uk.
2. Who We Are
JReg Consultancy Ltd is a company registered in England and Wales under number 11748428, whose registered office is at 85 Great Portland Street, London, W1W 7LT.
For the purposes of UK and EU GDPR, JReg Consultancy Ltd acts as the data controller in respect of the personal data described in this notice. This means we determine the purposes and means by which your personal data is processed.
3. General Principles
Regardless of whether you are a client, subcontractor or website visitor, we process your personal data in accordance with the following principles under applicable data protection law:
- We only collect data that is adequate, relevant and limited to what is necessary.
- We keep data accurate and up to date.
- We do not retain data for longer than necessary.
- We implement appropriate technical and organisational security measures.
- We are transparent about how and why we process your data.
- We do not carry out automated decision-making or profiling using your personal data.
3.1 Data Security
We maintain physical, technical and administrative safeguards proportionate to the risk posed by the processing. Access to your personal data is restricted to staff who genuinely need it to carry out their role. We have procedures in place for dealing with data breaches, including notifying you and/or the relevant supervisory authority where we are legally required to do so.
3.2 Data Storage
Your personal data is stored on servers operated by third-party service providers engaged by JReg Consultancy Ltd, located within the European Union (EU) and/or the United Kingdom. Our website is hosted on WordPress.com, whose servers are located within the EU and UK.
3.3 International Transfers
If we transfer your personal data outside the UK or the European Economic Area (EEA), we ensure it receives equivalent protection through one or more of the following safeguards:
- The transfer is necessary for the performance of a contract between you and JReg (e.g. setting up a new client project or onboarding a Sub-Contractor).
- Use of UK or EU-approved Standard Contractual Clauses with the receiving party.
3.4 Third-Party Sharing
We may share personal data with the following categories of recipient, only where necessary and subject to appropriate safeguards:
- Professional advisors and insurers, for risk management and legal advice.
- IT and technical service providers, for hosting, security and business systems.
- Public authorities, where required by law.
We require all third parties receiving personal data from us to commit contractually to protecting that data to a standard equivalent to applicable data protection law.
3.5 Legal and Contractual Requirements for Providing Personal Data
In some cases, JReg is required to collect and process certain personal data as a matter of legal or regulatory obligation, or because it is a necessary condition of entering into or performing a contract with you. This applies to both clients and subcontractors. Where this is the case, we will make this clear at the point of collection.
Where we share personal data with parties outside the UK or EEA, we do so pursuant to our general contractual practices and in accordance with the safeguards set out in Section 3.3. Where a legal or regulatory obligation requires us to make such a transfer, we will identify and communicate to you the relevant requirement and the safeguard in place.
4. Information for Clients and Partners
This section applies if you are a client or partner of JReg Consultancy Ltd.
4.1 What Personal Data We Collect
We may collect and process the following categories of personal data about you and/or individuals at your organisation:
- Company legal name
- Registered office address
- Company registration number
- VAT registration number (if applicable)
- Key contact person’s name and job title
- Business email address(es)
- Telephone number
- Payment / banking details
- Signed agreements (e.g. NDA, Client agreements, Statement of Work)
4.2 Why We Use Your Data
We process client personal data for the following purposes and on the following legal bases:
| Purpose | Description | Legal Basis |
|---|---|---|
| Service delivery | Processing orders, providing consultancy services, issuing invoices and managing credit control. | Contract performance |
| Relationship management | Communicating with you, managing the client relationship, handling support requests and complaints. | Legitimate interests |
| Record keeping | Maintaining business records, back-ups and compliance documentation. | Legitimate interests |
| Insurance and risk | Obtaining and maintaining insurance coverage, managing risk and obtaining professional advice. | Legitimate interests |
| Legal claims | Establishing, exercising or defending legal claims. | Legitimate interests / Legal obligation |
| Legal compliance | Complying with our legal and regulatory obligations. | Legal obligation |
4.3 Sharing Your Data
In addition to the third parties listed in Section 3.4, we may share client data with our subcontractors and suppliers where necessary to fulfil a contract with you.
4.4 Retention
We retain client personal data for the duration of the client relationship and for a reasonable period afterwards, to fulfil post-contract obligations, manage potential legal claims, comply with statutory record-keeping requirements and to align with the applicable UK and EU law.
When determining the appropriate retention period, we take into account the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we collected and processed it, and any applicable legal or regulatory obligations.
4.5 Prospective Clients
If you are a prospective client, we may collect and process the categories of personal data listed above to the extent it is necessary to carry out our general onboarding processes.
5. Information for Subcontractors
This section applies if you are a subcontractor, independent consultant, freelancer or business engaged by JReg Consultancy Ltd to perform work or supply services on our behalf. It also applies to employees and directors of subcontracting organisations whose personal data we process.
5.1 What Personal Data We Collect
We may collect and process the following categories of personal data, to the extent necessary for our legitimate business and legal purposes:
- Full legal name (individual for sole traders, director / owner for limited companies)
- Company name and number (ltd company) or trading name (sole trader)
- Registered business address (ltd company) or home address (sole trader)
- Business phone number and email address
- Key contact person and job title (ltd company)
- Telephone number
- CV
- Skills matrix
- Payment / banking details (bank account name, sort code and account number, or IBAN)
- VAT registration number (if applicable)
- Signed agreements (e.g. NDA, Subcontractor agreement, Introducer agreement, Statement of Work)
- Insurance certificate and coverage amounts
5.2 Why We Use Your Data
We process subcontractor personal data for the following purposes and on the following legal bases:
| Purpose | Description | Legal Basis |
|---|---|---|
| Service delivery | Entering into and fulfilling our subcontractor agreement, including processing payments and managing the engagement. | Contract performance |
| Record-keeping | Complying with tax, employment, financial and regulatory requirements. | Legal obligation |
| Record-keeping | Managing business operations, maintaining records and protecting against non-compliance or litigation. | Legitimate interests |
5.3 Sharing Your Data
In addition to the third parties listed in Section 3.4, we may share subcontractor data with:
- IT service providers supporting our HR or contract management systems.
- Companies operating in the medical technology (Med-Tech) sector, where required to fulfil a contract in which you are involved.
- Tax authorities where required by law.
5.4 Retention
We retain subcontractor personal data for the duration of the engagement and for a reasonable period afterwards. When determining the appropriate retention period, we take into account the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we collected and processed it, and any applicable legal or regulatory obligations. Financial and tax records are retained in line with EU and UK retention laws.
Where data is no longer needed, it is securely deleted or anonymised in accordance with our internal data retention policy.
6. Information for Website Visitors
This section applies to individuals who visit our website at http://www.jreg.co.uk. For full details of how we use cookies and similar technologies on the site, please see our Cookie Policy.
6.1 What Personal Data We Collect
When you visit our website, we may collect the following personal data:
- Your IP address, collected temporarily for site security purposes and not retained beyond that check.
- Your name and email address, if you contact us by email or via the contact form.
6.2 Why We Use Your Data
We use the IP address collected on site visit solely to perform a security check and do not retain it. We use any contact details you provide solely to respond to your enquiry. We use analytics data, on the basis of your consent, to understand how the site is used and improve it. We do not collect any special category personal data through the website.
6.3 Sharing and Retention
We do not share personal data collected through the website with any third party except our website hosting provider (WordPress.com), Google LLC (where you have consented to analytics), and public authorities where required by law. Contact enquiries are retained for as long as reasonably necessary to manage your enquiry. IP addresses are not retained. Analytics data retention is governed by our Cookie Policy.
7. Your Rights
Under applicable data protection law, including UK GDPR and, where relevant, EU GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to exceptions in specific circumstances. To exercise any of these rights, please contact us using the details in Section 8.
| Right of access | You can request a copy of the personal data we hold about you (a Subject Access Request). |
| Right to rectification | You can ask us to correct inaccurate or incomplete data we hold about you. |
| Right to erasure | You can ask us to delete your personal data where there is no lawful reason for us to continue holding it (the ‘right to be forgotten’). |
| Right to restrict processing | You can ask us to limit the way we use your data in certain circumstances. |
| Right to object | You can object to certain processing activities, including processing based on legitimate interests. |
| Right to object to direct marketing | Where we process your personal data for direct marketing purposes, you have the absolute right to object at any time and we will stop immediately. |
| Right to data portability | Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, machine-readable format. |
| Right to withdraw consent | Where we rely on consent as our legal basis, you can withdraw that consent at any time without affecting the lawfulness of prior processing. |
| Right to be informed of a breach | If a personal data breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay. |
We will respond to all requests within one calendar month. There is no charge, though we may charge a reasonable fee or decline a request that is manifestly unfounded or excessive.
8. How to Contact Us
If you have any questions about this notice, wish to exercise your rights, or have a concern about how we handle your personal data, please contact:
Email: admin@jreg.co.uk
Post: 85 Great Portland Street, London, W1W 7LT
Company: JReg Consultancy Ltd (Reg. No. 11748428)
Alternatively, you can contact us through our website contact page.
9. How to Make a Complaint
We hope to resolve any concerns you have directly. However, if you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority.
9.1 United Kingdom
You may complain to the Information Commissioner’s Office (ICO), the supervisory authority for data protection in the UK:
Organisation: Information Commissioner’s Office
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk/make-a-complaint
9.2 European Union
If you are based in the European Union, you may lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
10. Changes to This Notice
We may update this notice from time to time to reflect changes in our processing activities, legal requirements, or business operations. Where changes are material, we will take reasonable steps to notify you directly.
