Privacy Policy

Our Privacy Statement

At Wbg, we're committed to protecting and respecting your privacy.  This privacy notice explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights and choices in relation to your information.

We have a separate Privacy Notice for our employees available on request.

Who are we?

Wbg is registered limited liability partnership (Ref: SO301911), with its registered office at 168 Bath Street, Glasgow, G2 4TP.

Wbg takes the issue of security and data protection very seriously, including compliance with the UK General Data Protection Regulation, the UK Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.

We are a registered Data Controller with the Information Commissioner.  Our registration number is Z2617403. 

How do we collect information from you?

We obtain information about you in the following ways:

Information you give us directly

We collect information from you:

  • when you request information from us or arrange a consultation, correspond with us via telephone, email, or letter, engage with us in relation to the provision of our or your services, or otherwise provide us with your personal detail
  • from your arrangements to make payment to us (such as bank details, payment card numbers) or to enable us to make payment to you
  • during visits to our premises
  • when you use our website, using any of our online forms, client portals, or through the use of cookies on our website
  • when you attend an online virtual meeting in platforms such as Zoom and Teams
  • and from your use of any of our other online services, either on our website, such as subscribing to our newsletter, or on other websites, such as engaging with our social media, etc.

If you apply for a job with us, we collect information about you from your job application.  If you are successful in joining our team, we will also collect information from you in relation to your employment. The personal data we use during your employment with us can be reviewed within our employee privacy notice.

We will also collect contact details from our business partners, suppliers and contractors when we begin our business relationship with you.

Information we receive regarding you indirectly

  • Your information may be shared with us by third parties, which might include subcontractors acting on our behalf who provide us with technical, payment or other services, and our business partners.
  • when you visit our website, we place Cookies on your device to run the website. For more information about Cookies and how we use them please see our cookies policy.
  • when you interact with us on social media platforms such as Facebook and Twitter, we may obtain information about you (for example, when you like or post on our Facebook page). The information we receive will depend on the privacy preferences you have set on those types of platforms.  You should check any privacy policy/notice provided to you where you give your data to a third party, for example, when you post to or message our Facebook page.
  • during our employment process, we may contact you using your personal data in relation to employee reference checks;
  • when you are noted as the emergency contact or next of kin of an employee, we may contact you when a situation arises; and
  • when we are contacted by local authorities and law enforcement in relation to ongoing investigations

What type of information is collected from you? Why do we need it, and how will it be used?

The personal information we collect, store and use depends on your relationship with us. We may collect the following information about you:

If you are our customer or client:

  • Name
  • Address
  • Phone number
  • E-mail address
  • Other contact details as deemed appropriate
  • Payment information, including payroll information where we are contracted to provide that service
  • Signature
  • Bank account details
  • Employment details
  • ID, including passport information or driver's license

As an employee of the organisation that is our customer or client, we may also use your personal data to contact you about the work we are doing for your organisation. This personal data will typically be limited to employee contact details such as name, business telephone number and email address, and job title.

Additionally, if you are a potential customer or client, and have expressed an interest in our services, we may contact you in relation to the services which you have requested information about, and in order to enter into a contract with you or your organisation.

We may use this personal information:

  • to undertake and perform our obligations and duties to you in accordance with the terms of our contract/agreement with you
  • to enable us to supply you with the services and information which you have requested
  • to analyse the information we collect so that we can administer, support and improve and develop our business and the services we offer
  • to contact you and send you details of any changes to our services which might affect you, or to provide you with information about our related services
  • to contact you for your views and feedback on our services
  • to respond to any queries or complaints, and to analyse these further in order to continuously improve our service
  • for all other purposes consistent with the proper performance of our operations and business.

If you apply for a job with us:

  • your contact details, previous employment history and qualifications
  • we may collect details of ethnicity and disability – for equalities monitoring and so that we can make any appropriate adjustments to your workplace
  • we may collect references from third parties whose details you have provided

We require this information as part of our recruitment process. If your application is unsuccessful, we will keep your application for six months so that we can contact you if a similar job becomes available.

If you are a business contact, such as a supplier or contractor:

  • we may collect your business contact details such as your name, business address and business e-mail and your company’s bank account details.  If you are a sole trader this may be your personal details.

We need these details in order to provide our services, run our business and pay or invoice suppliers and contractors.

If you are a potential business contact, proposing to offer services to us, we may process your personal data in relation to entering into a contract with you or your organisation.

When you visit our website:

  • If you allow the relevant Cookies, we may collect information about your activities on our website and about the device used to access it, for instance your IP address and geographical location.  For more information, please see our cookies policy.
  • any other personal information shared with us via our website forms, such as our contact us page, or our client portal. We will use this to help provide the service you have requested.
Links to other websites:

Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access those using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the privacy notice of that third party site.

When you visit our premises:

  • we may collect basic information in order verify your identify, ensure the security of our operations, and protect our employees.

If you do not wish to provide your personal data

You have obligations under your contract / potential contract with us to provide us with the necessary data.  If you do not provide this information, this may prevent the Association’s ability to enter into or maintain a contract with you.

Who has access to your information?

The information you provide to us will be treated in accordance with data protection law. Depending on your type of contract or other business relationship with us, we may disclose your personal data to any of our employees, officers, contractors, insurers, professional advisors (including legal advisers and our Data Protection Officer), agents, suppliers or subcontractors, selected third parties, government agencies and regulators and healthcare providers for the purposes set out in this notice, or for purposes approved by you, including the following:

  • if we enter into a joint venture with, or merge with, another business entity,
  • if required by law, we will disclose your information to statutory bodies such as HMRC, auditors or solicitors;
  • if we are conducting a survey of our products and/ or service, your information may be disclosed to third parties assisting in the compilation and analysis of the survey results;
  • we may pass your information to our third-party service providers, suppliers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example Software providers and IT Technical services providers). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing or any other purposes.

Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.

Lawful processing

Data protection law requires us to rely on one or more lawful grounds to process your personal information. We may process your personal data under the following lawful basis:

Performance of a contract

Where we are entering into a contract with you or performing our obligations under it, such as provision of our services

Consent

Where you have given your explicit consent for us to process your data, for example, to receive marketing emails from us.

Legal obligation

Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like HMRC.

Vital Interests

Where it is necessary to use your data to protect your own, or someone else’s, life.

Legitimate interests

Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights).

We consider our legitimate interests to be:

  • enhancing, modifying, personalising or otherwise improving our services for the benefit of our clients
  • better understanding of how people interact with our website, and for the security, troubleshooting and analysis of our website;
  • sending you direct marketing by email or text, where you have previously shown an interest in our products or services, and where we have provided you with a choice to opt-out. This may also include requests for feedback or survey responses.
  • contacting you in relation to applicant reference checks.

When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

Processing special category personal data

Special categories of personal data means information about your racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; health; sex life or sexual orientation; criminal convictions, offences or alleged offences; genetic data; or biometric data for the purposes of uniquely identifying you. 

The special categories of personal information require higher levels of protection. We need to meet additional legal requirements for collecting, storing, and using this type of personal information.

Where we process your special category data, our legal basis for processing this will be one of the following UK GDPR Article 9 lawful bases:

(a)    Explicit consent
(b)    Employment, social security and social protection
(c)    Vital interests
(e)    Made public by the data subject
(f)     Legal claims or judicial acts
(g)    Reasons of substantial public interest (with a basis in law) (includes equality of opportunity)
(h)    Preventative and occupational medicine, provision of health and social care
(i)     Public health (with a basis in law)
(j)     Archiving, research, and statistics (with a basis in law)

We may process your special category data when:

  • carrying out our obligations as an employer, including during the application process
  • providing our core services to clients, such as payroll, insolvency, and auditing.

How long is your information kept for?

We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with you. Our full retention schedule is available by contacting our Data Protection Lead. Contact Details are mentioned at the end of this privacy notice.

We review our retention periods on a regular basis, which are maintained within a data retention policy and schedule.

Where do we keep your data? 

Your information will only be stored within the United Kingdom except where international transfers are authorised by law.

How do we keep your data safe?

When we are provided with personal data, we take steps to make sure that your personal information is kept secure and safe. All data is held in accordance with both Wbg’s data protection policies and procedures, and our IT security policies. This includes controls such as access management, data encryption at rest and in transit, back-up management, and a number of network security controls, working to keep the personal data that we process safe and secure.

Keeping your information up to date

We take reasonable steps to ensure your information is accurate and up to date; however please help us keep our records updated by informing us of any changes to your email address and other contact details.

Your Rights

Under UK data protection law, you have certain rights over the personal information that we hold about you.

Right of access

You have a right to request access to the personal data that we hold about you and to request a copy of it, and we will provide you with this unless legal exceptions apply.  If you want to access your information, please send a description of the information you would like to see to the contact details above. We may ask for proof of your identity before proceeding with your request.

Right to have your inaccurate personal information corrected

You have the right to have inaccurate or incomplete information we hold about you corrected.

Right to restrict use

You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we're not lawfully allowed to use it.

Right of erasure

You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to.

Right for your personal information to be portable

If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, for example, via you completing a form on our website, you may ask us to provide it to you or to another service provider in a machine-readable format.

Right to object

You have the right to object to processing where we are using your personal information for (1) our legitimate interests, (2) direct marketing or (3) for statistical/research purposes.

If you want to exercise any of the above rights, please contact our Data Protection Lead at the details above.  We may be required to ask for further information and/or evidence of identity.  We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances.  For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office.

Queries and complaints

We seek to directly resolve any queries or complaints about how we handle information and would request that they be directed, in the first instance, to dataprotection@wbg.co.uk or by telephoning 0141 566 7000.


Our Data Protection Officer is provided by RGDP LLP and can be contacted either via 0131 222 3239 or info@rgdp.co.uk

You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information.  The Information Commissioner’s contact details are noted below:

Telephone: 0303 123 1113 

Online: https://ico.org.uk/make-a-complaint/  

Changes to this privacy notice

Any changes we may make to this Privacy Notice in the future will be posted on this website so please check this page occasionally to ensure that you're happy with any changes. If we make any significant changes to the way we process your personal data, we'll make this clear on this website.

This Privacy Notice was last updated on 28/04/2025.