support@domain.com
Jl. Sunset Road No.815​
Free Consultation

GDPR Compliance

Effective date: 04-11-2025

This page explains how Hire VA complies with UK GDPR and the Data Protection Act 2018 when delivering VA services in the UK. It covers our roles, legal bases, security measures, sub processors, international transfers, and how we help clients meet their own obligations.

Our Role and Responsibilities

  • Controller: when we collect and use personal data on our website, in sales enquiries, and for our own operations.
  • Processor: when we handle personal data on your documented instructions while providing VA services.

We follow your written instructions, keep data secure, and help you meet your duties as controller.

Lawful Bases We Rely On

  • Contract: to provide quotes, set up accounts, and deliver services you request.
  • Legitimate interests: to run and improve our business, protect security, and prevent misuse where your rights are not overridden.
  • Consent: for optional marketing and non essential cookies where required.
  • Legal obligation: to comply with UK law and regulatory requests.

Request a copy at any time.

Data Processing Agreement

When we deliver VA services, we offer a Data Processing Agreement that includes required UK GDPR clauses.

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Type of personal data and categories of data subjects
  • Confidentiality, security, and breach management
  • Sub processor controls and audit rights
  • Assistance with data subject requests and DPIAs
  • End of contract deletion or return of data

When we deliver VA services, we offer a Data Processing Agreement that includes required UK GDPR clauses.

Sub Processors

We use vetted service providers for hosting, email, storage, project tools, and communications. Each sub processor is bound by written terms that meet UK GDPR standards.

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Type of personal data and categories of data subjects
  • Confidentiality, security, and breach management
  • Sub processor controls and audit rights
  • Assistance with data subject requests and DPIAs
  • End of contract deletion or return of data

Ask us for the current list if you need it.

International Data Transfers

Some sub processors may process data outside the UK.

  • We use approved safeguards such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum.
  • Where appropriate, we apply extra measures like encryption in transit, access controls, and data minimisation.

Details are available in our DPA and sub processor list.

Security Measures

We apply technical and organisational measures appropriate to risk:

  • Access control with least privilege and role based permissions
  • Strong passwords and multi factor authentication where supported
  • Encrypted transport for data in motion
  • Segregated client workspaces and documented handling procedures
  • Regular updates and patching of supported software
  • Staff training on privacy, security, and safe handling
  • Vendor due diligence and contract reviews
  • Incident response plan and change logs for key actions

On request, we can align to your internal policies during onboarding.

Data Minimisation and Retention

We collect and process only what is necessary for the stated purpose. Retention periods:

  • Enquiries and quotes: typically up to 12 months after last contact
  • Client records and project files: typically 6 years after contract end to meet legal and tax requirements
  • Platform logs and analytics: in line with provider settings and your preferences

When acting as processor, we keep data for the term of the agreement and delete or return it at the end, subject to lawful archiving duties.

Data Subject Rights

We assist controllers with requests to exercise rights under UK GDPR:

  • Access, rectification, erasure, and restriction
  • Data portability where applicable
  • Objection to processing
  • Withdrawal of consent for optional marketing

As controller for our own data, we respond directly to rights requests sent to our contact details below.

Cookies and Analytics

We use necessary cookies for core site functions and optional analytics cookies with consent where required. Preferences can be managed through the cookie banner and your browser settings. Disabling cookies may affect some features.

Security:

We use appropriate measures to protect personal data, including access controls, encryption in transit where supported, least privilege access, and staff training. No method of transmission or storage is fully secure. We review and improve controls regularly.

Data Protection Impact Assessments

If a planned activity is likely to result in high risk to individuals, we support your DPIA by providing details about processing, data flows, systems, and mitigations. We will not begin high risk processing until appropriate safeguards are in place.

Breach Response

We maintain an incident response process that includes detection, containment, assessment, and remediation.

If we become aware of a personal data breach while acting as your processor, we will notify you without undue delay, share known details, and help with any reporting steps to the ICO and affected individuals as required by law.

Confidentiality

All staff and contractors sign confidentiality commitments. Access to client systems and data is provided only to people who need it to deliver the service, and it is removed promptly when no longer required.

Your Responsibilities as Controller

When you engage us for VA services, you confirm that:

  • You have a lawful basis for sharing personal data with us
  • You give clear documented instructions
  • You inform individuals where required and maintain your own records of processing
  • You manage consents and marketing preferences that you control
  • You keep your own systems and credentials secure

We can provide templates for instructions and basic records if helpful.

Records of Processing

We keep internal records of processing activities that describe our purposes, categories of data, recipients, transfers, retention, and security measures. These records are available to the ICO on request.

Children’s Data

Our services are for businesses and adults. We do not knowingly process children’s personal data as controller. Any processing of children’s data as processor must be explicitly instructed by you and supported by appropriate safeguards.

Training and Awareness

Team members receive onboarding and periodic training on privacy, security, phishing awareness, and safe use of collaboration tools. Key policies are reviewed at least annually.

Contact Details

For privacy questions, requests, or to obtain our DPA and sub processor list:

Hire VA
Email: [Insert privacy contact email]
Address: [Insert UK address]
You can also contact the UK Information Commissioner’s Office at www.ico.org.uk or by calling 0303 123 1113.
Changes to this Page
We may update this GDPR Compliance page when laws change or when we update our practices. The latest version will always be published here with a new effective date. If changes materially affect your rights during an active contract, we will notify you and discuss options.
Version Control
Version: [Insert version number]
Last updated: [Insert date]

(+62)81 122 4341

Give Us A Call

support@domain.com

Drop Us a Line

Jl. Sunset Road No.815

Office Location

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore.

Quick Links

About Us​
Services​
Pricing​
Contact

Useful Links

Privacy Policy
Terms and Conditions
GDPR Compliance
How It Works
FAQ

Newsletter

Lorem ipsum dolor sit amet, consectetur adipisci elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Virtual Assistant Business  WordPress Theme. Powered by Gutenverse WordPress Blocks Addons.

Copyright © 2025. All rights reserved.