Virtual PA Privacy Policy

Data Controller: The Company or organisation or yourself requesting the service of Virtual PA.

Data Processor: Cooke & Mellor Recruitment Limited t/a Virtual PA, One Cathedral Square, Cathedral Quarter, Blackburn, Lancashire, BB1 1FB.

Our Service: We are working in partnership with the Data Controller to offer back of office support and collect your information on behalf of them to assist in the running of their business. The services we can provide our clients with are;

  • Telephone answering service
  • PA and diary management facility
  • Invoicing
  • Credit Control

Virtual PA is committed to being transparent about how it collects and uses data and how it meets its data protection obligations.

This policy sets out the basis on which any personal data we collect from you or that you provide to us, will be processed by us.

We do not intend to process personal data collected from you for marketing purposes. If we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes, we will obtain your prior agreement.

Our legal basis for processing your information

We will process your personal data to provide the services requested in order to fulfil contractual obligations entered into with the Data Controller. Should you decline to provide the requested information, this will affect our ability to provide the required service of our client.

Where information is processed with consent given by you to us, you are entitled to withdraw that consent at any time such that we can no longer rely on it as a basis for continuing to process your personal data.

In order to provide our client’s services, we may process your information without consent when we are legally allowed to do so for example invoicing on behalf of our client. This will only be where it is in our legitimate interests to do so. In some instances, where applicable, we will seek your consent to process your personal information.

What if you do not provide personal data?

You are under no contractual or statutory obligation to provide data to us. However, if you do not provide the information, we may not be able to perform any or some of the requested services.

What information do we collect?

In order for us to carry out our obligation entered into between the Data Controller, and us we will collect a range of information about you. This includes:

  • Your identification information first name, surname;
  • Contact details including your full name/s, phone numbers, addresses, email addresses and billing address;
  • Financial information such as bank account and payment card details;
  • Payment transaction details for invoicing purposes;
  • Marketing and Communications Data to allow us on behalf of our client to inform you about any changes or updates to their service.

How is your data collected?

We may collect this information in a variety of ways.

  • Data will be collected when submitted directly to ourselves by you via online website forms, emails, text messages or collected through telephone communication.
  • Data may also be submitted to us for processing by the company or organisation acting as the Data Controller, but only if you’ve given them permission to share your information.
  • We may collect information about you whenever you interact with us, for example when you:
  • Enquire about our client’s services, visit our client’s website
  • Sign up to receive updates from our client
  • Post content to our client’s social media sites (including Twitter, Facebook and LinkedIn)

By providing your personal data, you agree to us processing your data on behalf of our client. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us will be stored in secure management systems such as secure internal IT and email systems, which are password protected.

We may also gather details of your visits to our client’s website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.

We will use your personal data in the following circumstances;

  • To allow us to perform the contract we have entered into with our client (the Data Controller) to assist them in providing their service to you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Why do we process personal data?

  • Processing this data allows us to manage our client’s service offered to you and ensures we are delivering on what has been arranged between the Data Controller and ourselves.
  • We do not process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief.
  • We may also process your personal data in order to:
    • Update you about any changes to our client’s services;
    • Maintain our records and ensure we have your most up to date marketing preferences;
    • To help us improve our client’s services, campaigns and information offering;

Who has access to the data?

We do not sell, trade or rent any personal information to others. Your information may be shared internally for the purpose of the services being provided. All staff who access personal information have undergone relevant checks and received appropriate training on the handling of confidential data. Access to all information is restricted by usernames and passwords.

Relevant information is shared with our client (the Data Controller) to allow us to fulfil our service to them and IT staff, if access to the data is necessary for the performance of their roles.

We may legally be required to disclose your details if required to by the police or for regulatory reasons. We will only ever share your data in other circumstances if we have your consent to do so.

How do we protect data?

We take the security of your data seriously and will always try to take appropriate precautions to protect it.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our client’s site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We ensure there are appropriate technical controls in place for example secure and monitored internal security features including passwords protected networks and restricted access to our management systems for authorised personnel only.

We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

We do use external third party software to process personal data and distribute marketing materials. Before implementing third party software we ensure they meet all relevant regulations and legislation and that only we can access your data within these systems. Should a third party need to access a system to resolve an error or provide technical support this could only be carried out with our approval and supervision. Access is controlled through secure logins. We seek to provide maximum protection to your personal details.

For how long does the organisation keep data?

We will retain your personal information for as long as the Data Controller deems it necessary for the relevant activity which they carry out for you, this may include service records, warranties etc.

Should we receive an erasure request from you then unless there are other legal grounds and obligations that require us to keep your personal data it shall be deleted.

Keeping up to date

It is of upmost importance that our privacy policy remains up to date and relevant; therefore we regularly review this document. It is also vital that the personal data we store about you is accurate and current. Please make us aware of any changes to your data that may arise which may be relevant to the service we provide to our client.

Your rights

You retain control of how we use your data and you have a number of rights. You can:

  • Require the Company to change incorrect or incomplete data;
  • Require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • Object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing;
  • The “right to be forgotten” if we are processing your data on the basis of consent, unless there are other legal grounds and obligations that require us to keep your personal data. In this case any personal data we hold would be erased and we would be unable to fulfil any requests about the information we had held retrospectively;
  • The right to access and obtain a copy of your data on request. The right to data portability; and

In some circumstances we may legally be required to retain your personal information. However this will be discussed with you depending on your requirements and does not apply if we are processing your data to contact you regarding, or sending you, marketing materials.

For more information of your rights under GDPR please read the relevant guidance issued by the ICO here.

If you would like to exercise any of these rights, please contact Beth Massaro, One Cathedral Square, Cathedral Quarter, Blackburn, Lancashire, BB1 1FB;

Other Websites

This privacy policy only relates to information that we obtain from you or via third parties if you’ve given them permission to share your information. If you visit a website operated by a third party through a link included on our website your information may be used differently by the operator of the linked website. You are advised to read their privacy policy/statement.


If you would like to raise a concern or make a complaint about how we process your personal data, please contact the Data Controller.