top of page

Privacy Policy

Last updated: 19th April 2026

Quick summary:

We (Nine Yards PA Services) collect only what we need to provide you with great service.

Your data is secure, never sold, and you control how long we keep it.

Introduction

​​

Nine Yards PA Services is committed to protecting your personal information and using it responsibly. This policy explains what data we collect, how we use it, and your rights under UK data protection law (UK GDPR and Data Protection Act 2018).


Who are we?

Julie Berry, trading as Nine Yards PA Services, is the data controller and is responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). We provide consultancy, administration support, and digital resources under the trading name of Nine Yards PA Services.

Our full contact details are:
 

  • Nine Yards PA Services, 19B The Circle, Dilton Marsh, Westbury, Wiltshire BA13 4BZ.

  • Email address: help@nineyardspa.co.uk


We are registered with the ICO data regulator under reference ZA522835.

You can contact them directly by visiting www.ico.org.uk

It is very important that the information we hold about you is accurate and up to date.

Please let us know if at any time your personal information changes by emailing us at help@nineyardspa.co.uk

Data we collect

We may collect and process the following information when you interact with us:

​​

  • Personal details: name, email, company, job title, contact details, and social media profile handles (when relevant).​

  • Communications: Emails, enquiries, plus newsletter sign-ups and interactions.

  • Purchase and project information: Order details, invoices, service history.

  • Suppliers and partners: Correspondence, contracts, payment details (if applicable).

  • Payment and billing details (processed securely by our payment providers – we do not store card details).

  • Digital interactions (emails, website enquiries, downloads, feedback)


How we use your data (and why)

We only use your data where there is a lawful basis under UK GDPR, such as:

​​

  • To perform a contract - providing consultancy services or resources you’ve requested.​

  • To meet legal obligations - e.g. keeping financial records for HMRC and, where relevant, carrying out identity verification and Anti‑Money Laundering (AML) checks for bookkeeping and related accountancy services.

  • Legitimate interests - managing and improving our services without overriding your privacy.

  • Consent - for marketing communications, which you may opt out of anytime.

Use of software tools (including AI-assisted tools)

  • We may use software tools to support internal tasks such as research, idea development and drafting. This helps us work efficiently while maintaining quality and consistency.

  • We do not input personal or identifiable client data into these tools. Any scenarios used are generalised or anonymised.

  • All outputs are reviewed using professional judgement and human oversight. No automated decision-making takes place. For client-specific services, your consent for the use of AI-assisted tools is obtained via the relevant service agreement.

  • We respect intellectual property rights and adhere to our Privacy Policy and Terms of Use in all AI-related activities.


Cookies and tracking
 

  • Our website uses strictly necessary cookies for functionality, and analytical cookies provided by our hosting platform (Wix) to help us understand how visitors use the site.

  • Analytical cookies are only set if you give your consent via our cookie banner.

  • For more information, please see our Cookie Policy

  • You can manage or withdraw your consent for analytical cookies at any time via the Cookie Settings link on our site or through your browser settings.


Data storage and security
 

  • Data is stored securely using trusted UK and international providers.

  • Access is restricted to only those who need it.

  • We regularly review our systems for security and data protection compliance.

  • We only keep data for as long as necessary (see “How Long We Keep Your Data”).


International transfers

Some of our service providers may process data outside the UK/EEA (for example, in the US). We only use providers that have appropriate safeguards in place, such as:

  • UK adequacy regulations; or

  • Standard contractual clauses approved by the UK.


How long we keep your data

We retain data only as long as needed for the purpose collected:

 

  • Client and project data – for up to 7 years (to comply with accounting rules).

  • Mailing list subscriptions – until you unsubscribe or for 2 years from last interaction if there's been no engagement.

  • Enquiries – for up to 12 months, unless you become a client.

After this, data is securely deleted.

Who we share data with

We do not sell or share your data for marketing. We may share data with:

  • Service providers (e.g., payment processors, cloud platforms) who support our business and compliance activities (such as secure identity verification or Anti‑Money Laundering tools where needed).

  • Invoice or finance partners for billing purposes.

  • Legal authorities if legally required.


Your rights

Under UK GDPR, you have the right to:

  • Access the data we hold about you.

  • Correct inaccurate data.

  • Request deletion of your data.

  • Object to processing of your data.

  • Request restriction of processing.

  • Request transfer of your data

  • Withdraw consent (where processing is based on consent).

To exercise any of these rights, contact us at: help@nineyardspa.co.uk

We will respond to all legitimate requests within one month.

Complaints

 

If you have any concerns about our use of your personal data, you can make a complaint to us at help@nineyardspa.co.uk 

  • We take every concern seriously and we’ll do our best to put things right.

  • We’ll confirm we’ve received your complaint within one month.

  • The acknowledgement will include the name of the person handling your complaint and what you can expect to happen next.

  • We’ll look into what happened without unnecessary delay. The depth of our investigation will depend on the nature and complexity of your complaint.

  • We’ll keep you informed of progress along the way and let you know if we need more time.

  • We aim to provide a full response within three months of receiving your complaint. More complex cases may take longer, but we’ll always keep you updated.

  • Our response will be written in plain English and will explain: what we found, what action we’ve taken (if any), and your right to take the matter further if you’re not happy with our response. 

  • If you feel we haven’t resolved the complaint to your satisfaction, you have the right to take it to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues - www.ico.org.uk/make-a-complaint 

  • Under the Data (Use and Access) Act 2025, we ask that you give us the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. This is now a formal part of the complaints process and the ICO will typically expect to see that you raised your complaint with us first.

Updates to this policy

 

We review and update this policy at least annually, or sooner if our practices or legal requirements change. The most recent version will always be published on our website.

bottom of page