GDPR & Data Protection Statement
Our commitment to compliance with UK data protection law.
1. Our commitment
The Proactive Group Limited is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This statement summarises how we meet that commitment. It should be read alongside our Privacy Policy, which describes in detail what data we collect and how we use it.
2. Data protection principles
We apply the principles at the heart of UK GDPR to all personal data we handle:
- Lawfulness, fairness and transparency — we process personal data only on a valid lawful basis and tell people what we do with their data.
- Purpose limitation — data collected for one purpose is not reused for an incompatible one.
- Data minimisation — we collect only what we actually need.
- Accuracy — we keep data accurate and correct it promptly when told it is wrong.
- Storage limitation — we keep data no longer than necessary, applying defined retention periods.
- Integrity and confidentiality — we protect data with proportionate security measures.
- Accountability — we document our processing and our decisions about it.
3. Lawful bases we rely on
Depending on the activity, we rely on: contract (providing services you have asked for), legitimate interests (running and securing our business and website in ways you would reasonably expect), legal obligation (record-keeping required by law) and consent (optional communications and functional cookies). Where we rely on legitimate interests we balance them against your rights, and where we rely on consent you can withdraw it at any time.
4. Client confidentiality
Consulting work necessarily involves access to commercially sensitive information. All client information — personal or otherwise — is treated as confidential, handled on a need-to-know basis within the firm, and protected under the confidentiality terms of our engagement letters.
5. Data subject rights
We maintain a process for handling data subject requests — access, rectification, erasure, restriction, objection and portability — within the one-month statutory timescale. Requests can be made informally by emailing contact@proactivegrp.pro; no special form is required.
6. Data breaches
We maintain procedures to detect, investigate and record personal data breaches. Where a breach is likely to result in a risk to individuals, we will notify the Information Commissioner's Office within 72 hours as required, and affected individuals without undue delay where the risk is high.
7. Questions
Questions about this statement or our data protection practices should be directed to contact@proactivegrp.pro or by post to our registered office.