Privacy Policy

Effective Date: 28/04/25

1. Introduction

This Privacy Policy describes how Happytochase Ltd, trading as AJTheFlow ("We", "Us", "Our"), collects, uses, stores, and protects your personal data when you visit our website www.ajtheflow.com (the "Website") or interact with us regarding our virtual assistance services ("Services").

We are committed to protecting your privacy and complying with applicable data protection laws in the United Kingdom, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Happytochase Ltd is the data controller for the personal data collected via this Website.

Our registered office is: 124 City Road, London, England, EC1V 2NX.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at: hello@ajtheflow.com.

2. What Personal Data We Collect

We may collect the following types of personal data:

Contact Information: Your name, email address, telephone number when you provide it to us (e.g., through our website contact form or direct communication).

Inquiry Details: Information you provide in your messages to us regarding your business needs and interest in our Services.

Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website. (This may be collected automatically, partly through cookies - see our Cookie Policy).

Client Data: If you become a client, we will collect additional information necessary to provide the Services and manage our contractual relationship, such as business details and payment information (processed securely, see Section 6). This will be governed by our client agreement as well.

3. How We Collect Your Personal Data

We collect personal data through the following methods:

Direct Interactions: When you fill in forms on our Website (e.g., contact form), correspond with us by email, phone, or otherwise inquire about our Services. We require your explicit consent (e.g., ticking an opt-in box) before you submit personal data via our contact form for the purpose of us contacting you.

Automated Technologies: As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and similar technologies. Please see our Cookie Policy for further details.

Third Parties: We may receive technical data from analytics providers (like Google Analytics, if used) or search information providers. We use third-party payment processors for client payments.

4. How We Use Your Personal Data and Lawful Basis for Processing

We use your personal data only for specific purposes and rely on the following lawful bases under UK GDPR:

Purpose of Processing

Type of Data

Lawful Basis for Processing

To respond to your inquiries via contact form/email/phone

Contact Information, Inquiry Details

Consent (where you opt-in on the form); Legitimate Interests (to respond to business inquiries); potentially Contract (steps necessary before entering a contract)

To provide quotes and discuss potential Services

Contact Information, Inquiry Details, Client Data

Contract (steps necessary before entering a contract)

To provide Services to clients

Contact Information, Client Data

Contract (performance of a contract)

To process payments for Services

Client Data (including payment details)

Contract (performance of a contract)

To manage our client relationship

Contact Information, Client Data

Contract (performance of a contract); Legitimate Interests (effective business management)

To ensure website security

Technical Data (e.g., IP address)

Legitimate Interests (to protect our website and systems)

To improve our Website and Services

Technical Data

Legitimate Interests (to understand usage and improve offerings - often relies on aggregated/anonymised data where possible)

To comply with legal or regulatory obligations

Contact Information, Client Data, Transaction Data

Legal Obligation (e.g., tax records)

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your personal data with trusted third parties in the following circumstances:

Service Providers: Third parties who provide services on our behalf, such as website hosting, email services, IT support, and payment processing (e.g., Stripe, PayPal, or bank transfers which involve banking systems). These providers are only permitted to process your data for the specific purposes we instruct them for and are required to protect your data.

Professional Advisors: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services, where necessary.

Legal Requirements: If required by law, regulation, or legal process (like a court order or subpoena), or to respond to government requests.

Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

6. International Data Transfers

Some of our third-party service providers may be based outside the UK or European Economic Area (EEA) (e.g., cloud hosting, payment processors).

When we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

The transfer is to a country that has been deemed to provide an adequate level of protection for personal data by the UK authorities (under UK Adequacy Regulations).

We use specific contracts approved by the UK authorities which give personal data the same protection it has in the UK (e.g., the UK's International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

7. Data Security

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered, or disclosed. Measures include SSL encryption for data submitted via the website, access controls, and secure storage.

We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator (like the ICO) of a breach where we are legally required to do so.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example:

Data submitted via inquiries that do not lead to a client relationship may be kept for a limited period (e.g., 12-24 months) to handle follow-up questions unless you request deletion earlier.

Client data will be kept for the duration of the client relationship plus a period required by law (e.g., 6 years after the end of the relationship for tax purposes).

Technical data like IP logs for security may be kept for a shorter period (e.g., 30-90 days).

9. Your Data Protection Rights

Under UK data protection law, you have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data where there is no compelling reason for us to keep processing it.

Right to Restrict Processing: Request suspension of the processing of your personal data in certain circumstances.

Right to Data Portability: Request transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format (applies mainly to data processed by automated means based on consent or contract).

Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data (this will not affect the lawfulness of processing before consent was withdrawn).

To exercise any of these rights, please contact us at hello@ajtheflow.com. We may need to request specific information from you to help us confirm your identity. There is usually no fee to exercise these rights, but we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive, or excessive.

10. Right to Lodge a Complaint

You have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK regulator for data protection issues.

We would appreciate the chance to deal with your concerns first, so please contact us in the first instance.

ICO Contact Details:

Website: https://ico.org.uk/make-a-complaint/

Helpline: 0303 123 1113

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11. Cookies

Our Website uses cookies to distinguish you from other users, provide functionality, and help us improve the site. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

12. Children's Data

This Website and our Services are not intended for children under the age of 16, and we do not knowingly collect data relating to children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective Date". We encourage you to review this policy periodically to stay informed about how we are protecting your data. For significant changes, we may also notify you through other means, such as email if we have your contact details.