Privacy policy

Shoffice Comms

Privacy Policy

Rebecca Crosby Communications Ltd trading as Shoffice Comms



This privacy notice provides you with details of how we collect and process your personal data.


Contact us 

Name: Rebecca Crosby Communications Ltd trading as Shoffice Comms



The type of personal information we collect 

We collect and process the following information:

  • Client information such as personal identifiers and contact details (e.g. name, surname, email address,  telephone number, office address)
  • Prospective client information (e.g. name, surname, email address, telephone number, office address)
  • Client billing information (e.g. bank details, invoices, accounts)
  • Client employee data (e.g. name, surname, job title, length of service, location, email address, survey data) 
  • Marketing permissions, email newsletters and preferences (this includes details linked to the channel in which you have consented to receive marketing, e.g. email, post, telephone, social media
  • IP address.


Special Category Data i.e. Sensitive Personal Data

  • Medical information for the purposes of dietary requirements, making reasonable adjustments and providing appropriate services.
  • Information related to protected characteristics – such as, but not limited to, race, gender, disability, age – may be processed for the purposes of analysis and provision of services. 


How we get the personal information and why we have it

The personal information we process is provided to us directly by you, our clients or prospective clients for one of the following reasons:

  • To enable us to communicate with you.
  • To enable confidential discussions around how we can work together and for the purposes of providing quotes for services.
  • To provide you with the services you have requested, e.g. training courses / workshops or coaching.
  • To learn more about your teams so that we can appropriately tailor training courses, workshops or coaching sessions, and provide you with relevant follow up information and resources, as needed.
  • To send emails or communications, on your behalf, to your employees as part of your outsourced Internal Communications function. 
  • To provide you with any newsletters that you may subscribe to or any resources that you may request.
  • To provide you with billing / invoices / accounting records.
  • To administer and process financial transactions.
  • To enable us to perform a contract with you and process orders, respond to enquiries related to the order and deal with complaints.
  • To reply to any enquiries you make about our services.
  • To ask you to complete surveys.
  • To keep records of communications.
  • Legal defence – i.e. to defend our business or bring legal claims against you if you breach a contract or fail to make payment (we know you won’t!.).
  • To comply with any legal obligations we are subject to or as required by a government authority.
  • To manage our business.


Who we may share your information with

We may share this information with:

  • Suppliers or service providers who support us to deliver the contracted services, e.g. IT, system administration services, marketing support services.. 
  • Professional advisers such as lawyers, bankers, auditors and insurers.
  • Government authorities / agencies, as may be required or allowed by law.
  • Third parties to whom we sell, transfer, or merge parts of our business or our assets. 

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.


International Data Transfers

We are subject to the provisions of the UK data protection laws that protect your personal data. Where we may have to transfer your data to third parties outside of the UK, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:

  • We may transfer your personal data to countries that the relevant regulatory authorities in the United Kingdom have approved as providing an adequate level of protection for personal data by; or
  • Where we use certain service providers who are established outside of the UK, we may use specific contracts or codes of conduct or certification mechanisms approved by the United Kingdom regulators which give personal data the same protection it has in the UK.

If the above safeguards are not available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time. 


The lawful basis we use to process your information

Under the Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”), we process personal data under the following lawful basis of processing:

  1. Contract, i.e. to provide you with the services you have requested.
  2. Legitimate Interest, i.e. where we need to process information in order to manage our business.
  3. Consent. Where we process your personal data for marketing purposes, you can remove your consent at any time by unsubscribing using the link in the email or by emailing

Where you provide us with your employees’ data so that we can contact them directly for the purposes of fulfilling our contract with you, please ensure that you have the correct lawful basis on which to transfer the data to us. We may request to see evidence of the legal basis you are citing and the associated wording presented to your employees.


How we store your personal information

We take the protection of the personal data that we process seriously and have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation.


How long we keep your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any accounting, tax  or legal requirements.

We will then dispose of your information by shredding any paperwork and deleting emails and documents containing personal identifiers from hard drives.

In some circumstances we may anonymise your personal data for reporting, research or statistical purposes in which case we may use this information indefinitely without further notice to you. 


Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information. 

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. 

If you wish to exercise any of these rights, please contact us using the details in the Contact Us section above.



For information relating to cookies, please see our Cookie Policy.


How to complain

If you have any concerns about our use of your personal information, please use the details in the Contact Us section above.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:            

Information Commissioner’s Office
Wycliffe House
Water Lane

Helpline number: 0303 123 1113

ICO website: 


Last updated: 30 April 2024