Privacy Policy
Last updated: 13 May 2026
At Octave Resolution Services, we take your privacy seriously. This policy explains how we collect, use, protect, and store your personal information when you use our complaint letter drafting services.
🔒 Your Data is Protected
We use Google Enterprise Security to encrypt and protect all personal information. Your data is stored securely and accessed only by authorized personnel.
1. Who We Are
Company Name: Octave Resolution Services
Company Number: 15695005
Registered Office: 28-30 High Street, Guildford, GU1 3EL
Director: Gary Chapple
Contact: nc.octave@gmail.com
We are a professional complaint letter drafting service. We are not a law firm and do not provide legal advice.
2. What Information We Collect
Information You Provide to Us
When you use our services, we collect:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name | To address your complaint letter correctly | Contract performance |
| Email Address | To send you your resolution letter and updates | Contract performance |
| Phone Number | To contact you if we need clarification | Contract performance |
| Address | To include in your complaint letter | Contract performance |
| Problem Description | To draft an accurate complaint letter | Contract performance |
| Health Information | If your complaint involves health impacts (e.g., mold from spray foam) | Explicit consent |
| Financial Information | If your complaint involves mortgage issues or financial loss | Explicit consent |
| Documents/Photos | Evidence to support your complaint | Contract performance |
Information We Collect Automatically
- Website Usage: Pages visited, time spent, referring website (via Google Analytics)
- Device Information: Browser type, operating system, IP address
- Cookies: See our Cookie Policy below
💡 Special Category Data
We may collect special category data (health information, financial hardship) if it's relevant to your complaint. We only collect this with your explicit consent and handle it with extra security measures.
3. How We Use Your Information
We use your personal information to:
- Provide our services: Draft your professional complaint letter
- Communicate with you: Send updates, request clarification, deliver your letter
- Improve our services: Analyze which types of complaints are most successful
- Comply with legal obligations: Maintain records for tax and regulatory purposes
- Prevent fraud: Detect and prevent fraudulent use of our services
We will NEVER:
- Sell your personal information to third parties
- Use your information for marketing without your consent
- Share your case details publicly
- Contact you for purposes unrelated to your case
4. Where We Store Your Data
Google Workspace (Primary Storage)
Your information is securely stored in:
- Google Sheets: Master lead tracking (encrypted at rest)
- Google Drive: Document storage with restricted access
- Gmail: Email correspondence (encrypted in transit and at rest)
Security Measures:
- Two-factor authentication (2FA) on all admin accounts
- Least privilege access (only authorized personnel)
- Regular access audits
- Automatic encryption (Google Enterprise Security)
- UK/EU data centers (GDPR compliant)
Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Google Analytics | Website usage analysis | Anonymized usage data, IP address (anonymized) |
| Google Ads | Conversion tracking | Anonymized conversion events |
| Vercel | Website hosting | Server logs (IP address, user agent) |
| Make.com | Workflow automation | Form submission data (transient processing only) |
5. How Long We Keep Your Data
We retain your personal information for:
- Active cases: Duration of your case + 2 years
- Completed cases: 2 years after case resolution
- Financial records: 7 years (HMRC requirement)
- Marketing consent: Until you withdraw consent
After the retention period, we securely delete your data unless we have a legal obligation to retain it longer.
6. Your Data Rights (GDPR)
Under UK GDPR, you have the right to:
Right to Access
Request a copy of all personal data we hold about you. We'll provide this within 30 days, free of charge.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your data if:
- It's no longer necessary for the purpose it was collected
- You withdraw consent (for consent-based processing)
- You object to processing and there's no overriding legitimate interest
- The data was unlawfully processed
Note: We may be unable to delete data if we have a legal obligation to retain it (e.g., financial records for HMRC).
Right to Restrict Processing
Request that we stop processing your data (but not delete it) if:
- You contest the accuracy of the data
- Processing is unlawful but you don't want it deleted
- We no longer need it but you need it for a legal claim
Right to Data Portability
Request your data in a machine-readable format (e.g., CSV, PDF) to transfer to another service.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent
Withdraw consent at any time for consent-based processing (e.g., marketing emails, special category data).
📧 How to Exercise Your Rights
Email us at: nc.octave@gmail.com
Subject: "Data Rights Request - [Your Name]"
We'll respond within 30 days and verify your identity before processing your request.
7. Cookies & Tracking
Essential Cookies
Required for the website to function. These cannot be disabled.
- Session cookies: Remember your form progress
- Security cookies: Prevent fraud and abuse
Analytics Cookies
Help us understand how visitors use our website. You can opt out via our cookie banner.
- Google Analytics: Page views, time on site, bounce rate
- Retention: 26 months
Advertising Cookies
Track conversions from Google Ads. You can opt out via our cookie banner.
- Google Ads: Conversion tracking, remarketing
- Retention: 90 days
Manage Cookies: Use our cookie consent banner (bottom of page) or your browser settings.
8. Data Security
We implement industry-standard security measures:
- Encryption in transit: HTTPS/TLS for all website traffic
- Encryption at rest: Google Workspace encryption for stored data
- Access controls: Role-based access, 2FA required
- Regular audits: Quarterly security reviews
- Staff training: GDPR and data protection training for all staff
- Incident response: Data breach notification within 72 hours
9. Data Breaches
In the unlikely event of a data breach, we will:
- Notify the ICO (Information Commissioner's Office) within 72 hours
- Notify affected individuals without undue delay
- Provide details of the breach and steps we're taking
- Offer guidance on protecting yourself
10. Children's Privacy
Our services are not intended for individuals under 18. We do not knowingly collect data from children. If we discover we've collected data from a child, we'll delete it immediately.
11. International Transfers
Your data is stored in UK/EU data centers (Google Workspace). If we ever transfer data outside the UK/EU, we'll ensure adequate safeguards are in place (e.g., Standard Contractual Clauses).
12. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. We'll notify you of significant changes by:
- Updating the "Last updated" date at the top
- Sending an email to active clients
- Displaying a notice on our website
13. Contact Us
For privacy questions, data rights requests, or complaints:
Email: nc.octave@gmail.com
Post: Octave Resolution Services, 28-30 High Street, Guildford, GU1 3EL
14. Complaints to the ICO
You have the right to lodge a complaint with the UK's data protection authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
✅ GDPR Compliant
This privacy policy complies with UK GDPR and the Data Protection Act 2018. We are committed to protecting your privacy and handling your data responsibly.