Data Protection Policy

This page summarises the data protection standards we apply to Maxton Personal and how to raise privacy or GDPR-related queries.

Policy objective

Business Micro Systems Ltd aims to handle personal information lawfully, fairly, transparently, securely, and only for legitimate business purposes connected with Maxton Personal and related customer services.

Core principles

We aim to process personal information in line with the UK GDPR principles, including:

  • lawfulness, fairness, and transparency;
  • purpose limitation;
  • data minimisation;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality;
  • accountability.

What this means in practice

  • we seek to collect only the information needed to provide and support the service;
  • we restrict access to personal information to those who need it for operational, support, security, or legal reasons;
  • we use technical and organisational controls to reduce the risk of unauthorised access, loss, misuse, or disclosure;
  • we may notify an administrator when a new account is registered so the service can be managed and supported;
  • we may send workflow reminders and service alerts by email or text message where a user has enabled those notifications in My account;
  • we may use Google Analytics, if optional cookies are accepted, to understand site usage and improve the service;
  • we may use OpenAI-enabled features with anonymised or minimised workflow data to assist with record categorisation and related content workflows;
  • we may share relevant workflow data with accountants or bookkeepers that a user invites, appoints, or authorises within the service so they can work on the relevant client records and complete the relevant workflow steps;
  • we keep audit and account records where needed to support security, compliance, and evidence requirements;
  • we review retention and access needs periodically and remove or limit data when it is no longer required.

Individual rights and requests

Requests relating to access, correction, erasure, restriction, objection, data portability, or general privacy concerns should be sent to our GDPR contact:

Email: richard@maxtonsoftware.co.uk

Security incidents

We take suspected personal data incidents seriously. Where appropriate, incidents will be investigated, contained, documented, and escalated, and notifications will be made where required by law.

Third-party services

Where we use third-party processors or infrastructure providers, we expect them to support appropriate data protection and security standards for the services they provide to us. This can include email, SMS, hosting, payment, and other operational providers needed to run the service. It can also include analytics and AI service providers where those features are enabled and the user has provided the relevant consent or where processing is otherwise necessary for the service.

Complaints

If you are not satisfied with our response to a data protection concern, you may complain to the Information Commissioner’s Office (ICO).

ICO website: ico.org.uk