Data Protection and Security Policy

Effective Date: 26th May 2025
Last Updated: 26th May 2025
Policy Owner: Matrix Benefits

1. Purpose

Matrix Benefits (“we”, “us”, “our”) is committed to protecting the confidentiality, integrity, and availability of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy outlines how we collect, store, manage, and protect personal data and the security measures we implement to prevent data breaches or misuse.

2. Scope

This policy applies to:

  • All personal data processed by Matrix Benefits
  • All employees, contractors, and third-party service providers with access to data
  • All systems and platforms used to manage personal information

It covers data collected through our website (https://matrixbenefits.co.uk), via email, and through direct client interactions.

3. Legal Basis for Processing Data

Matrix Benefits processes personal data under one or more of the following lawful bases:

  • Consent (e.g., for email marketing via MailerLite)
  • Contractual necessity (e.g., providing services to clients)
  • Legal obligation (e.g., compliance with HMRC or employment law)
  • Legitimate interest (e.g., website analytics and security)

4. Types of Personal Data Collected

We may collect and process the following data:

  • Names, email addresses, phone numbers
  • Company names and roles
  • Communication history
  • IP addresses and browser information (via Google Analytics and Google Search Console)
  • Subscription details and preferences (via MailerLite)

5. Data Subject Rights

We respect the rights of individuals under UK GDPR, including:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to lodge a complaint with the Information Commissioner’s Office (ICO)

Requests to exercise these rights can be made by contacting:
๐Ÿ“ง contact@matrixbenefits.co.uk

6. Data Storage and Retention

We retain personal data only as long as necessary for the purposes for which it was collected, including for legal, accounting, or reporting requirements.

  • Client records are retained for up to 7 years after the relationship ends
  • Marketing data is retained until unsubscribed or inactive for 24 months
  • Website and analytics data is anonymised and retained per the provider’s policies

All data is stored securely on UK or EEA-based servers or by GDPR-compliant service providers.

7. Security Measures

Matrix Benefits uses appropriate technical and organisational controls to protect personal data, including:

  • SSL encryption for all website traffic
  • Password-protected accounts and user authentication
  • Regular software updates and security patches
  • Access controls and role-based data permissions
  • Staff training on data protection and confidentiality
  • Third-party vendor assessments (e.g., Google, MailerLite)

We review and update our security practices regularly.

8. Data Sharing and Third Parties

We do not sell or rent personal data. We may share data with trusted third parties who support our business operations, including:

  • Google Analytics / Google Search Console (website performance monitoring)
  • MailerLite (email marketing platform)
  • IT and hosting providers under contract
  • Legal or regulatory bodies when required

All third-party providers are contractually obligated to comply with data protection requirements.

9. Data Breach Procedure

In the event of a personal data breach:

  • It will be assessed immediately by the data controller
  • Affected individuals will be notified without undue delay if there is a high risk to their rights and freedoms
  • The ICO will be notified within 72 hours, where required

We maintain a data breach log and conduct post-incident reviews.

10. Training and Awareness

All employees and contractors handling personal data receive training on:

  • Data protection responsibilities
  • Safe handling of data and secure communication
  • Identifying and reporting security incidents

Refresher training is provided annually or as needed.

11. Review and Updates

This policy is reviewed at least once a year or in response to:

  • Changes in legal requirements
  • Security incidents or breaches
  • New data processing activities or tools

12. Contact Information

For questions about this policy or to exercise your rights under UK GDPR, please contact:

Data Protection Officer
Matrix Benefits
๐Ÿ“ง Email: contact@matrixbenefits.co.uk
๐Ÿ“ Address: Matrix Benefits is a trading style of St James Digital Limited, 128 City Road, London, United Kingdom, EC1V 2NX
๐Ÿ“ž Phone: 020 8044 6791