Develop At Work Ltd customer privacy notice

Develop At Work website is owned by Develop At Work Ltd. This privacy notice tells you what to expect us to do with your personal information. It applies to individuals whose data we process in connection with the services we provide, in accordance with both the UK General Data Protection Regulation (UK GDPR) and the European Union General Data Protection Regulation (EU GDPR).

This privacy notice tells you what to expect us to do with your personal information.

• Contact details

• What information we collect, use, and why

• Lawful bases and data protection rights

• Where we get personal information from

• How long we keep information

• Who we share information with

• Sharing information outside the UK

• How to complain

Contact Details

Company name: Develop At Work Ltd

Telephone: +44 7881 961506

Email: amaia@amaialesta.com

ICO Registration reference: ZB810789

If you have any questions about this notice or your personal data, please contact us using the details above.

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

• Names and contact details

• Addresses

• Occupation

• Business name

• Business financial details

• Transaction data (including details about payments to and from you and details of products and services you have purchased)

• Usage data (including information about how you interact with and use our website, products and services)

• Information relating to compliments or complaints

• Video recordings

• Audio recordings (eg calls)

• Records of meetings and decisions

• Account access information

• Any other information that you directly provide to us whether through our contact form, over the phone, by email or otherwise.

• Photographs of you at events

We collect or use the following personal information for the operation of client or customer accounts:

• Names and contact details

• Addresses

• Purchase or service history

• Account information, including registration details

• Marketing preferences

• Technical data, including information about browser and operating systems

We collect or use the following personal information for information updates or marketing purposes:

• Names and contact details

• Addresses

• Profile information

• Purchase or account history

• Website and app user journey information

• IP addresses

• Any personal data you post on our website

• Data about how you use our website

• Technical data such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website

• Your marketing and communication preferences

When you visit the Develop At Work, we might automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the Site, we might collect information about the individual web pages or products you view, what websites or search terms referred you to the Site, and how you interact with the Site. We refer to this automatically-collected information as “Device Information.” Moreover, we might collect the personal data you provide to us (including but not limited to Name, Surname, email address, etc.) during registration to be able to fulfill the agreement.

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details

• Addresses

• Account information

• Purchase or service history

• Call recordings

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website: Lawful basis for processing | ICO

Which lawful basis we rely on may affect your data protection rights, which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.

  ➡ Read more: Right of access | ICO

• Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

  ➡ Read more: Right to rectification | ICO

• Your right to erasure – You have the right to ask us to delete your personal information.

  ➡ Read more: Right to erasure | ICO

• Your right to restriction of processing – You have the right to ask us to limit how we use your personal information.

  ➡ Read more: Right to restrict processing | ICO

• Your right to object to processing – You have the right to object to the processing of your personal data.

  ➡ Read more: Right to object | ICO

• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

  ➡ Read more: Right to data portability | ICO

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

  ➡ Read more: Right to withdraw consent | ICO

Additional note for individuals located in the European Economic Area (EEA):

We also comply with the EU General Data Protection Regulation (EU GDPR) when processing the personal data of individuals in the EEA. Your rights under the EU GDPR mirror those under UK GDPR and include:

• The right to lodge a complaint with your national data protection authority if you believe we are not processing your data lawfully.

  ➡ Find your authority: EDPB Members – National Supervisory Authorities

We apply the same standards of protection and transparency for both UK and EU-based data subjects.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful ground of processing

Under the UK General Data Protection Data Regulations, we are only legally able to process your personal data if we have a lawful ground for doing so.

Our lawful grounds of processing are:

• In relation to Customer Data that we have obtained in relation to you placing an order with us that we hold for the purpose of fulfilling that contract, informing you about updates to the product or service and keeping records of the contract, the processing is necessary for the performance of a contract to which you are subject and for our legitimate interests in informing you about updates to the product or service, record keeping and to establish, pursue or defend legal claim as responsible business operations

• In relation to Prospect Data that we have obtained when you enquired about our products or services (whether that be through our website or otherwise) and that we process in order to reply to your enquiry and keep records of this, the processing is necessary in order to take steps at your request prior to entering into a contract and for our legitimate interests in record keeping and to establish, pursue or defend legal claim

• In relation to Prospect Data that we have obtained when you signed up for any of our free resources and events and that we process in order to send you those free resources, reply to your communications about the resources and to keep relevant records, you have given consent to the processing for the purposes of us sending you the free resource and it is in our legitimate interests to reply to your communications and to keep records for our business.

• In relation to Marketing Data that we have obtained when you told us your marketing preferences, when you consented to us sending you details of our products and services, for the purposes of us sending you marketing communications, enabling you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising, the processing is necessary for our legitimate interests which in this case are to study how customers and users use our products/services, to develop them, to grow our business and to decide our marketing strategy.

• In relation to User Data that we have obtained through cookies on our website or other online services for the purposes of operating our website, ensuring relevant content is provided to you, ensuring the security of our website, maintaining back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business, the processing is necessary for the purposes of our legitimate interests which in this case are to enable us to properly administer our website and our business.

• In relation to Technical Data (that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website), we process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.

• In relation to your data that we process in order to comply with legal requirements or as required by a government authority, the processing is necessary for compliance with a legal obligation to which we are subject.

• In relation to keeping records, this processing is either necessary for compliance with a legal obligation that we are subject to or for our legitimate interests in responsible business operations or defending, pursuing or establishing a legal claim.

• In relation to obtaining professional advice and insurance, this processing is necessary for our legitimate interests in order to protect and grow our business.

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

We do not collect any information about criminal convictions and offences.

We do not carry out automated decision making or any type of automated profiling.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

• Directly from you

• Publicly available sources

• Suppliers and service providers

• Business partners providing related or complementary services

• Market research organisations

How long we keep information

We only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The retention periods for different categories of personal data are set out below:

• Client and customer data (including contact details, service history, and records of communications) kept for 7 years from the end of the client relationship, to comply with tax, accounting, and legal obligations.

• Prospect or enquiry data (e.g. emails or messages from individuals who have enquired but not become clients) kept for up to 12 months from the last communication, unless you ask us to delete it sooner.

• Marketing data (e.g. newsletter sign-ups, event registrations) — retained until you withdraw your consent or opt out. We regularly review our mailing lists to remove inactive contacts.

• Data relating to complaints or claims retained for 7 years following resolution, to support legal or insurance purposes.

• Technical and website usage data retained for up to 2 years, depending on the type of cookie or analytical data collected.

Where we no longer need to retain personal data, it will be securely deleted or anonymised.

For more information on how long we store your personal information or the criteria we use to determine this, please contact us using the contact details provided above.

Who we share information with

We may need to share your personal data with selected third parties to help us operate our business effectively and deliver our services to you. These include:

• Service providers who support our business operations, such as cloud-based software platforms we use to deliver, facilitate, and manage our services. This includes tools for file storage, collaboration, team facilitation, AI-enabled support tools, and email communications.

• Payment and financial service providers such as invoicing and online payment processing tools, which we use to manage billing and transactions.

• Professional advisers including lawyers, bankers, accountants, auditors and insurers.

• Marketing and client engagement platforms, including platforms used for creating newsletters, running webinars or events, managing customer relationships, and gathering insights to improve our services.

We do not sell, rent or trade your personal data with any third party.

Where we process data within a client’s internal systems or platforms (e.g. uploading materials to a client’s Microsoft Teams, Miro board, or other internal tools), this is done only upon the client’s request and applies solely to their own data, never that of other clients.

All third parties are required to respect the security of your personal data and to process it only for specified purposes, in accordance with the law and under our instructions.

Links to other websites:

Our website may contain links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for such other websites or third parties' privacy practices. We encourage you to be aware when you leave our website and read the privacy statements of each website that may collect personal information.

Legal disclosure:

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Sharing information internationally

Some of our service providers are located, or store and process personal data, outside the United Kingdom. This means your personal data may be transferred outside the UK as part of normal business operations.

We are subject to the UK General Data Protection Regulation (UK GDPR), and where applicable, the European Union General Data Protection Regulation (EU GDPR), and where we transfer your personal data internationally, we take steps to ensure that an adequate level of protection is provided. These steps may include:

• Transferring personal data only to countries that the UK and/or EU have determined provide an adequate level of protection for personal data;

• Using standard contractual clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Agreement (IDTA), where applicable, to safeguard international data transfers;

• Ensuring that our third-party providers implement appropriate security and data protection standards that meet the requirements of UK GDPR and EU GDPR.

If no adequacy decision or suitable safeguards are available, we will request your explicit consent to the specific transfer and you will have the right to withdraw that consent at any time.

For more information on international data transfers please contact us using the details provided in the “Contact Details” section of this notice.

Data Security

We are committed to protecting the personal data we process and have implemented appropriate technical and organisational measures to safeguard it.

These measures are designed to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way. Access to your personal data is limited to those employees, contractors, or partners who have a business need to know such information. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

We regularly review our data handling practices and technology solutions to ensure they remain appropriate for the level of risk associated with the personal data we process.

We also have procedures in place to deal with any suspected personal data breach. Where we are legally required to do so, we will notify the relevant supervisory authority and affected individuals promptly.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

3rd January 2026