1. Who we are
Pactura Ltd is a producer compliance consultancy registered in England and Wales under company number 16745014. Our registered office is 22 Stretton Close, Doncaster, England, DN4 6UE.
The Director is responsible for privacy matters. You can contact Pactura about privacy at info@pactura.co.uk.
Pactura is the controller for most personal data it handles in connection with its website, business contacts, marketing, suppliers, and client relationship management. In some client engagements, Pactura may process personal data on a client's behalf as processor. Where that applies, the relevant client instructions or data processing terms will apply.
2. What personal data we collect
Depending on how you interact with Pactura, we may collect:
- name, organisation, email address, telephone number and information submitted through the website contact form, including service interests and message content;
- job title, business address and professional profile information where collected through correspondence, meetings, public business sources, client projects or supplier relationships;
- emails, meeting notes, call notes and other business communications;
- client project information, which may include personal data contained in spreadsheets, compliance records, evidence packs, supply-chain records, invoices, customer records or regulator correspondence;
- supplier, partner and professional contact information;
- billing and payment contact information;
- marketing preferences and unsubscribe records;
- basic technical information created when you use our website, such as security logs or hosting records.
3. How we collect personal data
We may collect personal data:
- directly from you when you email us, call us, meet us, complete a form, sign up for updates, or become a client;
- from your employer, colleagues, advisers, compliance scheme, regulator, or another person involved in a client project;
- from public business sources, such as company websites, LinkedIn, Companies House, public producer registers, regulator registers and industry sources;
- from website hosting and form-processing systems.
4. Why we use personal data
| Responding to enquiries | To reply to messages, assess whether Pactura can help, and manage prospective client conversations. |
|---|---|
| Providing services | To deliver consultancy, compliance support, data review, brokerage, audit support and related work. |
| Managing clients | To administer contracts, statements of work, invoices, files, meetings and records. |
| Marketing and updates | To send relevant business updates, newsletters and marketing about Pactura services where permitted. |
| Direct outreach | To contact relevant business contacts where permitted by law and where we believe Pactura's services may be of legitimate interest to their organisation. |
| Compliance and records | To meet legal, accounting, tax, regulatory, insurance and professional record-keeping needs. |
| Website operation | To operate the website, receive Netlify form submissions, filter form submissions for spam, maintain security and diagnose technical issues. |
5. Lawful bases
Pactura relies on different lawful bases depending on the purpose:
- Contract: to take steps before entering into a contract and to provide services under an agreed engagement.
- Legitimate interests: to respond to business enquiries, manage client relationships, maintain records, improve services, protect the business, and send relevant B2B communications where lawful and appropriate.
- Consent: for optional newsletter sign-ups or marketing where consent is required or where Pactura chooses to rely on consent, including where a contact ticks the optional marketing checkbox on the website form.
- Legal obligation: for tax, accounting, regulatory, legal and compliance records.
Where Pactura relies on legitimate interests for B2B marketing or outreach, we consider whether the communication is relevant, proportionate, and unlikely to override the recipient's rights and interests. Pactura will also consider the Privacy and Electronic Communications Regulations, including the different rules that may apply to corporate subscribers, sole traders, partnerships and individual contacts. Recipients can opt out at any time.
6. Website contact forms and marketing choices
Pactura uses Netlify Forms to receive website contact forms into its inbox. Contact form submissions are filtered for spam using Akismet. Contact information may then be saved in Pactura's contact database.
Where a website contact form includes a newsletter or marketing checkbox, Pactura keeps that checkbox optional and separate from the enquiry itself. If you tick it, Pactura may use your details to send relevant updates, newsletters and marketing communications.
Pactura may also contact business contacts using publicly available details or existing business relationships where the communication is relevant to their role or organisation and permitted by law. Every marketing email includes a simple way to opt out.
7. Cookies and website analytics
Pactura's current website does not use website analytics, advertising pixels, behavioural tracking, HubSpot tracking, LinkedIn pixels, embedded maps, or similar marketing technologies.
The website uses basic hosting technologies needed for security, availability and form submission, and does not load remote web fonts such as Google Fonts, so visiting the site does not send your IP address to a third-party font service. More detail is set out in Pactura's cookie policy.
8. Who we share personal data with
Pactura may share personal data with:
- Microsoft 365, OneDrive and SharePoint, used for email, document storage and business records;
- Netlify, used for website hosting and contact form processing;
- Akismet, used to filter contact form submissions for spam and abuse;
- email marketing or contact database providers used by Pactura from time to time;
- professional advisers, insurers, accountants, IT support providers and other service providers;
- regulators, compliance schemes, recyclers or other third parties where this is needed for a client engagement and authorised by the client;
- authorities, courts, regulators or third parties where required by law or needed to protect Pactura's rights.
9. International transfers
Some service providers may process data outside the UK. Microsoft, Netlify, Akismet and future email marketing or contact database providers may process data in the UK, EEA, United States or other locations depending on their service configuration.
Where personal data is transferred outside the UK, Pactura will take reasonable steps to ensure appropriate safeguards are in place, such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or equivalent safeguards required by data protection law.
10. How long we keep personal data
Pactura keeps personal data only for as long as reasonably needed for the purpose for which it was collected, including legal, accounting, insurance, regulatory and professional record-keeping needs.
- Enquiry records may be kept for as long as needed to respond, maintain business records, and manage future contact.
- Client records may be kept during the engagement and then normally for up to 6 years after the end of the client relationship for contract, accounting, tax, insurance and professional record purposes.
- Marketing records may be kept until you unsubscribe, object, or Pactura decides the contact is no longer relevant.
- Unsubscribe records may be kept to make sure Pactura does not contact you again for marketing.
- Recruitment information, if received, will normally be kept for up to 6 months after the relevant process unless a longer period is agreed.
11. Security
Pactura uses reasonable technical and organisational measures to protect personal data. This includes using business systems such as Microsoft 365, OneDrive and SharePoint, limiting access to information where appropriate, and keeping client information within controlled business records.
No system is completely secure. If Pactura identifies a personal data breach, it will take appropriate steps in line with data protection law.
12. Your rights
Depending on the circumstances, you may have the right to:
- access your personal data;
- correct inaccurate personal data;
- ask for deletion of personal data;
- restrict or object to certain processing;
- object to direct marketing at any time;
- request data portability where applicable;
- withdraw consent where processing is based on consent.
To exercise your rights, contact info@pactura.co.uk. Pactura may need to verify your identity before responding.
Pactura aims to respond to rights requests within one month, although this may be extended where the law allows.
13. Other privacy points
Pactura does not sell personal data.
Pactura does not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
Pactura's services and website are intended for business users and are not directed at children.
Where Pactura processes personal data on behalf of a client as processor, the data processing terms in Pactura's terms and conditions apply unless the parties agree a separate written data processing agreement.
14. Complaints
You can complain to Pactura using the contact details above. You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.
15. Changes to this policy
Pactura may update this privacy policy as its services, website, systems, or legal requirements change. The latest version should be published on Pactura's website.