Last updated: May 2025

Introduction

At Inbervel Ltd we are committed to protecting personal data and to fair and transparent processing. Please read this privacy statement: it will help you to understand how we collect and use personal data from individuals, our clients, suppliers or others during the course of our business. We will only use personal data for the purposes described in this privacy statement or as stated at the point of collection.

We regularly review this privacy statement and may make changes at any time without giving notice.

Who we are

Inbervel Ltd (registration number 15907992) is a company who provide professional services, registered in England and Wales. Our registered address is ; Inbervel Ltd , Third Floor Connexions, 159 Princes Street, Ipswich, Suffolk, England, IP1 1QJ

A full list of their members/owners is available from the registered office or on the Companies House website ; Inbervel Ltd. Inbervel Ltd are registered as a data controller with the Information Commissioner’s Office with registration number  ******** .

We rely on several lawful basis of processing when we collect and use personal data to operate our business and provide products and services to our clients. These include:

• Public interests – where the processing of data is necessary for      providing certain services to clients (e.g. statutory audit) or for      certain requirements we are subject to.
• Legal obligations – in order to comply      with the legal and regulatory obligations we are subject to as a provider      of regulated services and as a commercial business.
• Contract – in order to perform      contractual obligations, we may have with an individual or to take steps      to enter into a contract with an individual.
• Consent – where an individual has freely      given consent at the time their personal data was provided to us.
• Legitimate interests – the legitimate interests can be ours, our      clients or other third parties (e.g. to provide our services, to develop      or protect our business, or to keep people informed about relevant      products and services) and we always balance the rights of individuals      with ours’ and others’ legitimate interests.

We only ask our clients to share personal data with us where it is necessary in order to provide our services or other agreed purposes. We rely on our clients providing any necessary information to the individuals whose data is shared with us regarding its use.

In providing a range of services to our clients, we need to process many categories of personal data about individuals associated with them (such as employees, directors, senior management, trustees, members and their beneficiaries, professional advisors, suppliers), which could include personal identification and contact details, employment related information or financial data.

Generally for our services we do not expect our corporate and business clients to share special categories of personal data (defined as race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sex life or sexual orientation) and criminal records. Where this is the case, we rely on our clients having gained the explicit consent of individuals, it being a legal obligation or other lawful basis.

Typically, we collect personal data directly from our clients or from third parties acting on their instructions (eg their suppliers, professional advisors or former service providers). 

We use such personal data collected for the following purposes:

· Providing professional services: we offer many different services to our clients (see dropdown list at the top of this page) and many of these services require us to process personal data in order to give advice and deliver reports to our clients.

· Managing our business: in order to run our business effectively we need to process personal data for multiple reasons, including managing our client relationships, developing our business and services, hosting events, and to manage and administer our website, IT systems and applications.

· Quality, risk and security management systems: to protect our information and our clients’ information (including personal data), we use security measures that involve detecting, investigating and resolving security threats. As a part of the security monitoring, we do personal data will be processed (eg automated scanning of emails to identify threats). We monitor the services we provide to our clients for quality purposes this involves processing personal data held on the relevant client file. As a part of our client take-on procedures we will process personal data obtained from publicly available sources (eg sanctions lists, criminal convictions databases, and internet searches) to identify any risks relating to organisations and associated individuals that may prevent us from working with a client or providing a particular service.

· Providing information about our services: we will use business contact details to provide information about us, our services and activities, including events that we believe will be of interest.

· Complying with legal, regulatory or professional obligations: as a regulated business, we are subject to various legal, regulatory and professional obligations that require us to keep records which will contain personal data.

Security is of the upmost importance to us. Whilst no data transmission over the internet or any other network can be guaranteed as 100% secure, we take all reasonable steps to safeguard the personal data we hold, and we have in place appropriate technical and organisational measures. These include detailed policies, procedures and training of our people relating to data protection, confidentiality and information security. These are regularly reviewed to ensure they are effective and fit for purpose.

We only share personal data with others when necessary for the purposes for which we hold it and where appropriate contractual arrangements and security mechanisms are in place.

We will pass your personal data to:

• Partners associated with Inbervel Ltd where needed to provide      services to our clients and for administrative purposes.
• Suppliers that support us and help      provide services to our clients, such as providers of cloud-based      software, IT systems, security, archiving storage and destruction,      recruitment, due diligence and background checks, marketing and payment      services.
• Professional advisors, auditors or      insurers, where we are required by law or as reasonably required in the      management of our business.
• Law enforcement or other government and      regulatory agencies or to other third parties, where we are required by      law, the courts or any legal or regulatory authority we are subject to. We      will only provide personal data in these circumstances where permitted or      there is a legal requirement.

A separate notice regarding our use of cookies on our website and other digital platforms is available through our website; Cookies Notice 

We keep personal data only for as long as necessary and this will reflect the requirements of:

• the activity or service for which it is      being processed
• any legal, regulatory or contractual      requirements
• the time in which any litigation or      investigations might arise from providing a service.

Your individual rights 

You have several rights in relation to how Inbervel Ltd uses your information. 

They are: 

• Right to be informed -You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with – we do this in our Privacy Notice and privacy policy. 
• Right of access -You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR). 
• Right to request that your personal information be rectified If your personal information is inaccurate or incomplete, you can request that it is corrected. 
• Right to request erasure -You can ask for your information to be deleted or removed if there is not a compelling reason for Inbervel Ltd to continue to have it. 
• Right to restrict processing -You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted. 
• Right to data portability -You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your service to another service provider. 
• Right to object -You can object to Inbervel Ltd processing your personal information where it’s based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics. 
• Rights related to automatic decision-making including profiling You have the right to ask Inbervel Ltd to: 

• give you information about its processing of your personal information 

• request human intervention or challenge a decision where processing is done solely by automated processes 

• Carry out regular checks to make sure that our automated decision making and profiling processes are working as they should. 

If you wish to exercise any of your rights, please contact us.

If you have any questions about this privacy statement, wish to complain about our use of personal data or exercise one of your rights, please send your correspondence to our Data Protection Officer:

Data Protection Officer
Inbervel Ltd
Foulden Hall, Foulden, Thetford, Norfolk, IP26 5AG

Email: DataProtectionOfficer@Inbervel.co.uk

You also have the right to report concerns or make complaints to the Information Commissioner's Office (ICO). For more information on your rights and how to contact the ICO, please refer to their website.