Privacy Policy for

Eliza Filby Associates Ltd

Updated Date: September 2025

1. Introduction

At Eliza Filby Associates Ltd ("we", "our", "us"), we are committed to protecting the privacy and security of personal data. This privacy notice outlines how we collect, use, and protect data provided to us by clients, employees, job applicants, and other individuals in accordance with the UK General Data Protection Regulation (UK GDPR). Our data controller contact is: harriet@elizafilby.com

2. What Information We Collect

We may collect and process the following categories of personal data:

  • Full name, address, email, phone number

  • Employment history, qualifications, Right to Work documentation (for applicants/employees)

  • Professional details (for clients)

  • References and referee contact details

  • Payment and billing information (for clients)

  • Equal opportunities and diversity data (optional and anonymised)

  • Any other data you voluntarily provide to us

  • Engagement data: communications, meeting notes, survey responses

  • Marketing preferences: subscriptions to newsletters, event registrations

  • ScoreApp diagnostic data: answers submitted via our ScoreApp diagnostic tool (see Section 7).

3. How We Collect Your Data

We collect personal data through

  • Direct interactions (e.g. emails, meetings, contact forms).

  • Event and workshop participation.

  • Newsletter sign-ups.

  • ScoreApp submissions.

  • Application forms, CVs, cover letters and interviews.

  • Contracts and business communications.

  • Third-party references or referrals.

4. Why We Collect Your Data

We collect data to:

  • Deliver services to clients

  • Manage employment and HR functions

  • Recruit and evaluate job candidates

  • Comply with legal and regulatory obligations

  • Communicate effectively and maintain records

5. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent (e.g. marketing subscriptions, ScoreApp data).

  • Contractual necessity (e.g. fulfilling client services).

  • Legitimate interests (e.g. improving services, research purposes).

  • Legal obligation (e.g. record-keeping).

6. How We Use Your Data

We use your personal data to:

  • Communicate with you.

  • Deliver services and insights.

  • Send newsletters, updates, or marketing (with consent).

  • Analyse anonymised trends and feedback.

  • Improve our offerings.

  • Generate personalised ScoreApp reports (see 7 below).

7. Use of ScoreApp Diagnostic Tool

We use ScoreApp (https://elizafilbyscorecard.scoreapp.com/) to offer clients and users a free diagnostic tool that provides tailored feedback based on participant responses. By using this tool, participants consent to:

  • EFA using their data to generate a personalised report.

  • Their responses being stored and processed under GDPR guidelines.

  • Their data potentially being used (in anonymised form) for research or market insights.

What is collected:

  • Responses to assessment questions.

  • Demographics (e.g. role type, industry).

  • Email address (if submitted).

Participant rights: Request access to, correction of, or deletion of their ScoreApp data by emailing: harriet@elizafilby.com with the subject line: "Data Request – ScoreApp".

8. Data Sharing

We do not sell your data. Data may be shared with:

  • Our data processors (e.g. ScoreApp, email marketing services), under contract.

  • Approved service providers (e.g., payroll support)

  • internal staff, advisors or contractors under confidentiality agreements.

  • Legal and regulatory authorities (if required)

All third-party providers are GDPR-compliant and only process data on our behalf.

9. How We Store and Protect Your Data

We implement appropriate technical and organisational measures to safeguard personal data, including:

  • Secure digital storage via encrypted platforms

  • Access restricted to authorised personnel only

  • Regular reviews and deletion policies

10. How Long We Keep Your Data

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Data is anonymised and/or deleted securely once retention periods expire.

11. International Transfers

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK regulator.

12. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct or update your data

  • Withdraw consent at any time (e.g. unsubscribe from marketing)

  • Request deletion ("the right to be forgotten")

  • Object to or restrict processing

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact harriet@elizafilby.com.

13. Contact Us

If you have any questions or concerns, please contact us via email: harriet@elizafilby.com.