Privacy Policy

View as a PDF: Privacy Policy

Worksmart Limited is committed to respecting your privacy and to complying with applicable data protection and privacy laws. 

This privacy policy will inform you of the types of personal data we collect and process about you when you visit our website and applications, or contact us by telephone, post or email or visit our office in person. It will inform you how we look after your personal data and tell you about your privacy rights and how the law protects you.

Please note: (i) if you are an employee or candidate applying for a job at Worksmart Limited, then additional Privacy Notices will be provided to you specifically dealing with these circumstances; (ii) this privacy notice also does not apply to data that we process on behalf of our customers for their benefit eg when we act as a hosting service provider and (iii) our website is not intended for children and we do not knowingly collect data relating to children.

1. Important Information and who we are

Who we are and contact details

We are Worksmart Limited (Registered No. 6329038 with registered office at 5th Floor, 20 Gracechurch Street, London EC3V 0BG and trading address at Gloucester House Level 2, 399 Silbury Blvd Milton Keynes MK9 2AH, a provider of Regulatory Technology solutions to the Financial Services Industry.

We are part of the Davies Group Limited (Registered No. 06479822 with registered office at 5th Floor, 20 Gracechurch Street, London EC3V 0BG) group of companies.

In this policy ‘Worksmart Limited’, ‘we’, ‘us’ or ‘our’ means: Worksmart Limited or, in circumstances that we have transferred your personal data to a group company in accordance with this policy, such group company, and we (or they) are the controller and are responsible for your personal data.

Our Data Protection Officer is Mark Griffiths and he is responsible for overseeing questions in relation to this privacy policy. If you have any questions regarding this policy and our privacy practices, including any request to exercise your legal rights, please contact him by email at or using our postal address Gloucester House Level 2, 399 Silbury Blvd Milton Keynes MK9 2AH. Alternatively, you can telephone 01908 613 613.

If you think your data rights have been breached, you are able to raise a complaint with the UK’s Information Commissioner’s Office ( We would, however, appreciate the chance to deal with your concerns first.

Links to other websites

Our web site may contain links to other web sites which are outside our control and are not covered by this privacy policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the privacy policy of that third party site.

Changes to this policy and updates to personal information

We keep this policy under regular review. This policy was significantly updated in May 2018 following the introduction of the General Data Protection Regulations with further updates in March 2019 and May 2022. Historic versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2.What type of information is collected from you?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The personal information we collect, store, transfer and use about you might include:

•your name, title (‘Identity’ data) and contact details, including postal address, emailaddress, telephone number, job title and your employer’s name (‘Contact’ data);

•information about your activities on our website or applications and about the deviceused to access it, for instance your IP address, login name and geographical location(‘Technical’ data);

•information gathered via the recruitment process such as that entered into a CV orincluded in a CV cover letter (we have a specific Privacy Policy for candidates that willbe provided to you if relevant);

•operational information obtained in the course of carrying out our business including,but not limited to CCTV footage, recording of phone calls, logs of visitors (‘Operational’data); and

•any other personal information you have shared with us.

Save as set out in our Employee Privacy Policy, we do not collect any SpecialCategories of Personal Data (eg race, ethnicity, religious or philosophical beliefs,sexual orientation, political opinions, health, genetic or biometric data).

3. How do we collect personal information from you?

We obtain personal information about you in the following ways:
Information you give us directly

For example, we may obtain personal information about you when you enter it via our website, write to us, email us, telephone us, take part in one of our events or use our products and services.

When you visit this website or access our hosted services

We or our service providers may automatically collect the following information:

•technical information, including the type of device you are using, the IP address,browser and operating system being used to connect your computer to the internet.This information may be used to improve the services we offer and for security; and

•information about your visit to the website, for example we collect information aboutpages you visit and how you navigate the website, i.e. length of visits to certain pages,products and services you viewed and searched for, referral sources (e.g. how youarrived at our website).We collect this information by using cookies. These cookies areset by Worksmart and its third party service providers including Google, Hubspot andour website hosting provider. Please see our Cookie Policy for further information.

When you visit our office

For example, we may capture CCTV (Closed-circuit Television) footage of you andinformation about you on our visitor’s log when you visit our office.

Public Information and information from third parties

We may supplement or compile information about you from publicly available sourcessuch as the FCA register, corporate websites, social media, electoral role andCompanies House in order to create a fuller profile, so we can tailor and target ourcommunications in a way that is relevant to you. For more information, please see thesection on ‘Building Profiles’ below.

Some of the technical information collected when you visit our website or our hostedservices is received by us from analytics providers, including Google and Hubspot.Hubspot and its sub-data processors also host the contact information that you mayenter via our website or provide to us another way.

4. How and why is your information used?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with your employer.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.


Type of data

Lawful basis for processing including basis of legitimate interest

To provide requested information or perform our contracts with your employer or business

(a) Identity

(b) Contact

(a) Performance of a contract

(b) Necessary for our legitimate interests (to contact our customer)

To manage our relationship with you and your employer which may include:

(a) Notifying you about changes to our terms, services or privacy policy

(b) Asking you to participate in events or asking for your views on our services

(a) Identity

(b) Contact

(a) Performance of a contract with your employer

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and that of the Davies group and our website and applications (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 

(a) Identity

(b) Contact

(c) Technical

(d) Operational

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you or your employer

(a) Identity

(b) Contact

(c) Technical

Necessary for our legitimate interests (to develop our products/services and grow our business)

To detect crime and monitor the safety of our staff and premises


(b) Operational

Necessary for our legitimate interests

Marketing Communications

We may use your Identity and Contact data to provide you with information about our and our group companies’ products and services we think may be of interest to you or your employers. You may opt out of our marketing communications at any time by following the opt-out links on any marketing message sent to you or contacting us in which case your details will be transferred to a ‘do not contact’ list. If you have asked to receive details of our services, events, training / seminars, etc you can contact us at any time to have your details removed from lists used by us for any or all of those purposes.

Building Profiles

We may analyse your personal information to create a profile of your interests and preferences so that we can tailor and target our communications in a way that is timely and relevant to you. We may make use of additional information about you when it is available from publicly available sources to help us do this effectively. This allows us to be more focused, efficient and cost effective with our resources and also reduces the risk of someone receiving information they may find inappropriate or irrelevant.

Automated Decision Making

Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. How long is your information kept for?

We only keep your data for as long as we need it or for any retention periods prescribed by law. Depending on the purpose for which we hold your personal data, retention periods may vary.

We will retain data provided to us for marketing purposes until you notify us that you wish us to stop contacting you. We would then transfer your contact details to a ‘do not contact’ list.

6. Who has access to your personal information and is it transferred internationally?

We may share your personal data with the parties set out below for the purposes set out in the table above:

• Other companies in the Davies Group Limited group of companies as controllers or processors. This may involve your personal data being transferred outside the UK in which case we shall ensure that all relevant data protection laws are complied with. Please contact us if you require further information about this.

• Third party suppliers who perform functions on our behalf under contract eg our website hosting provider, Google and Hubspot (and their respective sub-data processors) and marketing agencies. This may involve your personal data being transferred outside the UK in which case we shall ensure that all relevant data protection laws are complied with. Please contact us if you require further information about this.

• Third parties (including professional advisors) as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us, for example with tax, audit, law enforcement or other regulatory bodies or authorities.

• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. Data security

We have put in place appropriate security measures to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Your Rights

Under certain circumstances, you have the following rights under data protection laws in relation to the personal data we hold on you:

• the right to be informed about the personal data we hold on you and what we do with it;

• the right of access to the data we hold on you;

• the right for any inaccuracies in the personal data we hold on you to be corrected. This is also known as ‘rectification’;

• the right to have personal data deleted in certain circumstances. This is also known as ‘erasure’;

• the right to restrict the processing of the personal data;

• the right to transfer the personal data we hold on you to another party. This is also known as ‘portability’; and

• the right to object to the processing of your personal data.

In addition to the above rights, you also have the right to withdraw consent to our processing of your data at any time where we are relying on consent to process it. Withdrawing your consent means that we will stop processing any personal data that you had previously given us consent to use. However, in some cases, we may continue to use the data where so permitted by having a legitimate business interest for doing so.

If you wish to exercise any of the rights explained above, please contact the Data Protection Officer at Worksmart Limited using the contact details at the beginning of this policy. We will endeavour to respond to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office,

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to the wrong person. We may also contact you to ask for further information to speed up our response.