Privacy Policy for Database First Aid Limited

Consent or Legitimate Interest - By making contact with us, whether you buy our products or services, download a free eBook or guide, make an enquiry, meet at a trade or networking event, subscribe to newsletters and such, we are taking this as a legitimate interest to keep you informed via email updates (or whichever medium you provided or contact) about our services. When you make contact, your details will be added into my database. All our emails offer you an easy unsubscribe facility.  Unsubscribing in no way affects the service you receive from us, now or in the future. It just means the email software I use to send out email marketing, CRM and GDPR consent tips, won't send you any emails.

Subject Access Request - You are allowed to request to see the information I store about you.  You will need to provide government approved photo proof of who you are before asking to see a copy of your information.  In general though, I keep your name, job title, organisation, phone, address and email details if you provided them.

Right to be forgotten - If you request to be deleted from our database, we will ensure your contacts details are tagged as ‘do not contact’ and our email software marks you as ‘unsubscribe so that you do not get any more emails from us.  We will also clear out most of your information.  We will keep your basic details, so that if anyone else in our organisation goes to re-add you in the coming months or years, they can see that you have already requested not to be contacted, and so will not re-add you.  This will also stop you from being emailed by our systems again, even if a human manages to re-add you by mistake.  If you do not agree with this safety measure, please explicitly mention our privacy policy rule. Please be aware that if we 100% delete your details from our systems, we will have no record that you have requested no further contact and might one day be re-added (as nobody will be able to have any ‘checks-and-balances’).

Staff and representatives training - Everyone is given an overview of the new rules and how this organisation wants them to act with regards your data and the GDPR.  Re-training is done on a 6 monthly basis.

Unsubscribing from our emails - All marketing emails have an unsubscribe link at the bottom of all our emails.  We don’t want to send you stuff if you don’t read it, don’t want it, or don’t see it (maybe it goes in your junk folder) so we routinely delete emails from our newsletter) and similar email lists if no interaction happens after subscribing. We want you to unsubscribe if you don’t want our emails. Unsubscribing from updates in no way affects the service you receive from us, now or in the future.  

Data accuracy - We are keen to keep the details about you accurate.  You can see the information we store on you by clicking on the relevant link at the bottom of every email we send you.  This link will also be int eh ‘welcome note to all newly added contacts’.  In addition, we send an annual ‘Spring Clean’ email to all contacts - a reminder that their details are in our systems, a reminder to check them, and an easy route to unsubscribe. The information we store depends on who it is.  If you a general contact, we will only store your contact details, and make notes about what we discussed when we met you. 

Data security - If you are a client, we may need to keep more detailed records about you - for instance, the password to any software that we access on your behalf.  Once this is not needed, we delete any references to passwords, and inform the client to remove our access from their account.  Any data stored in our computer systems is password protected, encrypted, and in some cases, hidden.  We have a clear desk policy and no electronic or paper records are left unprotected that could identify an individual. No suppliers have access to the information we store on you.  If we do share your details with suppliers, for instance, if anyone was to admit our data processes, or send our marketing emails for us, we would have an appropriate written contract and policy with them. When we have finished with paper copies, we shred the paperwork.  When we have finished with any eCopies, we securely trash/shred the documents with special software.  If you provide data on your contacts as part of our work agreement, once it has been processed for the intended purpose, it is securely deleted from computers (and backups). Our premises are never left unlocked and our computers are password protected. 

When you make contact with us, your details will be added to our central CRM database, email database, the Outlook accounts of our staff and on staff phones. These are all secured, and are upgraded when any updates and patches are produced by the suppliers. We need to do this to enable any representative of ours to get in touch with you if needed.

Data Breach management - If we were to spot a breach of data (i.e. personal or sensitive details about staff or clients, or personal details about contacts) were to be made available where they should not have been, we have a process to work out if it caused anyone risk and if it should be reported. 

Your details will never be passed onto others in any shape, method or form (unless we run a joint event, and you will be informed at that time that responding to any such event will mean your data will be shared).

I am registered with the ICO as a data controller - Although on completing the ICO questionnaire, I was informed I did not need to register, I chose to.  Database First Aid Limited is registered as a Data Controller with the Information Commissioners Office (Ref: ZA156625)

I do not offer GDPR legal advice. I am not a lawyer.  I do not offer legal advice.  I do not offer GDPR legal advice. I know a few good Data Protection specialists and solicitors who can help you.  Just ask for an introduction and I'll make it.  I offer advice about CRM, database, data and eMail Marketing - within the GDPR as per my understanding of reading the ICO’s website.

What details do I store about you - When you signup to receive any guides or tips by email, I will collect your first name (because I want to be able to address you nicely in your emails from me), your email address (otherwise you are not going to get the email from me), what you want to get (I have automated software which sends you the guides you asked for immediately) and what your CRM issues are, so I know what the key topics are that are popular so my tips will reflect this. If we interact via networking events or you send me emails directly, I may keep your details, like job title, organisation name, phone and other details held within your email you sent to me. 

What happens when you request a guide - When you signup to receive any guides or tips, the software I use (see below for which) wants to check you are you.

What happens to your information I keep about you - Nothing silly or unexpected will happen to the information you give to Database First Aid (DFA).  DFA captures your information in the process of business, and will not store additional and unneeded details about you (e.g. your religion, political party supporting, or sexual orientation for instance). DFA will only capture and store business related information about you - to help improve the level of service you receive from DFA.  DFA does this, not only because that's our promise to you, but keeping loads of non-essential data clean is a complete and utter hassle - so it's easier and good business sense not to get it in the first place.  That would be a good hint for yourself in managing your own database.  Your details will never be passed onto others in any shape, method or form. Your details will never be sold.  Your details won't be used for anything other than for Database First Aid to interact with you - to give you excellent CRM Database advice.  You data is though, stored on a computer, with backups of the compture stored on the 'cloud'.  This in turn could be backed-up anywhere in the world.  If you don't like the idea of this, all you need do is ask us to "take me off your mailing list" whenever you like.  

Where are your details stored - Your details are stored in the back end of the software used to run this website, which is USA based.  It uses google to track where (not who) visitors go on the site - this no doubt will be cookie based.  If you object to this - you can change the settings on your computer to not allow cookies.  I can't turn them off I'm afraid for this website as it's one of those 'small business solutions' where I simply buy space and use their website building tools.  If you are concerned about this, please simply go to my profile in LinkedIn instead of this website - it stores much the same information (details held in the contact us page of the website).  If you need more information about the website supplier, they are  They may or may not track cookies when you visit the sites hosted by their software (as relevant to their region you are operating from).  This really only enhances your experience with their sites, but if you unhappy with this, either tick the 'I do not accept cookies' or jump off the page.

How to ask to see the information I keep about you - You can ask to see the information we store on you at any time. If you would like to see the information that is held about you, where it is in a filed format that I can access, please email with your request to see your information.  The GDPR states that you are not obliged to pay for this service anymore. As a measure of goodwill, and if you were feeling nice, I support two local charities which you may want to send a cheque to (details below). There is no obligation for you pay for this in the slightest, what-so-ever, in any shape or form.  

What type of information do I store on you - The type of information gathered on you will be your name, job title, organisation and email address.  If our dealings become closer, for instance if you instruct me to help your CRM activities, I will also hold information that allows me to contact you - for instance, phone numbers, postal address, website address.  This will be the same for your colleagues who interact with me.  I will also hold information about the CRM topics you are interested in and any business issues you are facing in the next few months or years.  This simply helps me to ensure you receive a better service from me.  You are free to see this information at any time, and a link to your details will be at the bottom of every marketing email I send out.  These emails will of course, also have an unsubscribe option. If I ever need help to fulfil your project, for instance like help merging all your lists and contacts, I will let you know at this time as relevant.  I will also have a NDA (Non Disclosure Agreement with you and them).  

How long will I keep your details - I will keep your data for as long as we both think it relevant.  For instance, if you ask me to help you, I would keep your details for contacting purposes for at least 5 years.  This is so that I can keep you informed about of CRM issues that might help you in your own business operations.  For instance, a few years ago, nobody bothered much about the GDPR.  Any clients I had years ago will need to be informed about their changing legal obligations.  In these cases, it would be bad client service if I didn't warn to let them know.  You can ask to have your details removed at any time and ask me not to contact you again at any time. If the only interact we have is because you signed up to the emails I send you, I you'll see a clear unsubscribe option on every email.  In addition, I will send an annual 'Spring Clean' request (that's the UK Spring) asking you to check your details, or unsubscribe. In addition, if the software I use isn't recording that you are opening or clicking on any of the emails I send you, I'll presume you don't want them anymore, and on a yearly basis (usually after my 'Spring Clean'), I will delete you from my system anyway.

Where I get the information about you - All of the information I store on a person (the data subject) is for them within a business to business context. I do not deal with the general public (consumers).  Some information on people will be taken from their organisation's website, LinkedIn profile, Facebook profile or purchased mailing lists, or business card.

How your data is used by my CRM software - Some of the software I use processes data and activities automatically.  For instance, the sending of the CRM hits and tips is automated to send at a particular time of day and day of week.  Usually, all the CRM hints & tips is stored in the email itself, rather than asking you to click on a link to ready the full story.  I do this for a few reasons.  I get annoyed when I have to click (and all that happens is a click is recorded in the software), so I don't want to do it, and I'm not really bothered if you click on a link to read more each week, if you like the hints I send you, you'll no doubt pick up the phone).  In time, I may use software that automates a scoring process based on how often you open or click in my emails.  But in the emails I send are links to various other sources, like my website or other news stories. The email software I use stores the fact you have clicked on a link, like all email software does.  It also ranks how active you have been in the emails you have received from me. 

What happens to your data when you give it to me - When you first give me your details and I input them into my CRM database, you may receive an automated email from 'me'.  This will state that your details have been added into my database.  I will simply be confirming in writing what we would have spoken about when you gave me your business card / contact details.  The email will let you know how I store your details, what happens to them and will give you an option to opt-into any communications I send. For instance, email about CRM hints and tips, Networking with other business opportunities and easy 'please stop emailing me' links.

How secure is any sensitive data about me that you store - I do not store sensitive data about you. Sensitive data, for instance is information like: Race, Medical History, Religious beliefs, Political opinion, Sexual orientation, etc. I do not try to collect it, and even if you ever tell it to me, I will not keep that information on a computer.  Quite frankly, I am not interested in this type of data as it doesn't help me or you, in any way, shape or form, assist me in sorting out your CRM database or send your marketing emails.

How secure is my personal data that you have - Nobody has the passwords to my computers.  I change my passwords every 30 days.  I do not store sensitive data about you.  I do store basis personal data about you (your name, email address, organisation you work for, phone number) on my computer and phone (so that I can get hold of you when out and without my computer).  My computer is encrypted, and secured to unmoved-able property.  I have a clear desk policy so no personal information can easily be taken off my desk.  I shread any paper that has any information about people on and securely shred digital information rather than just deleting it.

Does Database First Aid Limited have a DPO (Data Protection Officer) - After looking through the GDPR guidelines, it is not mandatory for me to have a separate Data Protection Officer employed as I do not process sensitive data or process enough data on you.  But, for all data protection issues, you should feel free to email

Charity / CSR Policy (Corporate Social Responsibility) - I support two local charities with my time and a monetary contribution. They are my local school's PTA (Parent Teacher Association) and my local Scout, Cub and Beaver's group.  All the contributions they receive go into making local kids lives that little bit nicer.  Absolutely none of the money they receive goes into admin costs etc because everyone involved with these groups gives their time voluntary.  

Facts and Figures

Database First Aid Limited is registered in England & Wales (registration number: 09779518).  

Database First Aid is VAT registrered (VAT reg no: GB223750134).  

Database First Aid is registered with the Information Comissionaries Office (reg no: 223750134).  

Database First Aid's registered office address is based from an office at home in Solihull (West Midlands, UK) and there is no legal obligation publish it here because of this protection of personal data.  For queries, please get in touch. 

For GDPR queries, the firm's DPO (Data Protection Officer) equivalent is Simon McNidder 

For all queries, nice or nasty, contact Simon on