Privacy Notice
Privacy Notice
Effective Date: September 2025
Business Name: Rise Consulting
Business Address: La Saline, 2 Le Jardin Verte Rue, St Lawrence, Jersey JE3 1JL
Contact Email: nina.gomes@riseconsulting.je
Contact Phone: 07797731071
1. Introduction
This Privacy Notice explains how I, Nina Gomes, trading as Rise Consulting (referred to as "I", "me", or "my"), collect, use, store, and protect personal data in the course of my business and also tells you about your privacy rights.
I am committed to protecting the privacy and security of your personal data. If you have any questions about this Privacy Notice, please contact me.
2. Who I Am
I am a sole trader based in Jersey providing strategic Human Resources (HR) consultancy services to businesses and individuals.
I am the "data controller" of the personal data I collect and process in the course of my business.
3. What Personal Data I Collect
I will collect, store, and use many types of personal data. These include:
Identity Information: name, job title
Contact Information: phone number, email address, postal address
Client Information: details about your business, services required
HR Data (if applicable): employee names, job roles, employment records (when acting under your instructions)
Communication Records: emails, notes from calls/meetings
Website Usage Data: IP address, browser type, pages viewed (if applicable)
I do not collect special category data. In the event it becomes strictly necessary to do so, this data will be collected in accordance with a lawful basis.
4. How I Collect Personal Data
I collect personal data through:
Direct contact in the course of my professional relationship with you (e.g. email, phone, meetings)
Through HR documents or systems shared by clients
Contact forms, email links on my website (if applicable) or online tracking and analytics
From clients during service delivery
Occasionally from public sources (e.g. websites or LinkedIn)
5. Purposes for Processing and How I Use Your Data
I will only use your personal data when I have a lawful basis to do so. The lawful basis for each purpose for which I use your personal data is specified below:
Lawful basis for processing Purpose/Use
To perform the contract I have entered into with you. Provide and manage consultancy services.
Determining the terms and conditions on which I am engaged by you.
Communicate with you regarding projects or proposals.
Receiving payment from you.
Administering and fulfilling the contract I have entered into with you including
taking steps at your request.
To comply with a legal or regulatory obligation. To comply with applicable laws, regulations, obligations, policies and procedures.
For my legitimate interests (or those of a third party) and your interests
and fundamental rights do not override those interests. Day to day business activity including business management and planning,
accounting and auditing.
Invoice and manage accounts.
Improve client service and website (if applicable).
Due to you providing consent. For marketing communications.
Some of the above grounds for processing will overlap and there may be several grounds which justify the use of your personal data.
If you fail to provide personal data
If you fail to provide certain information when requested, I may not be able to perform the contract I have entered into with you or I may be prevented from complying with my legal obligations.
6. Who I Share Data With
I only share personal data with external entities or third parties when necessary and with appropriate safeguards including:
Service providers (e.g. cloud storage, accounting software)
Legal or regulatory authorities when required by law
Other professionals or associates involved in your project, only with your knowledge
I ask third-party service providers to take appropriate security measures to protect your personal data. I do not allow third-party service providers to use your personal data for their own purposes. I only permit them to process your personal data for specified purposes and in accordance with my instructions.
7. International Data Transfers
It may be necessary to effect cross-border transfers of personal data, including outside of Jersey or the EEA, primarily for the purpose of storing data using cloud platforms.
In some cases, personal data may be transferred to jurisdictions outside of Jersey and the EEA that are not deemed to have data protection frameworks equivalent to those in place in Jersey and the EEA.
Where necessary, I will seek to put appropriate safeguards in place to maintain the security of your data such as:
I will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. These are countries with an adequacy decision; or
I will use specific contracts approved by Jersey which give personal data the same protection it has in Jersey or the EEA. These are protected by Standard Contractual Clauses approved by the European Commission or the Jersey Office of the Information Commissioner.
Please contact me if you would like to know more about these arrangements.
8. Data Security
Once I have received your personal data, I will use strict procedures and security features to protect your personal data from loss, unauthorised use or access. I take data security seriously and have implemented suitable measures, including:
Password-protected devices
Encrypted cloud storage
Regular backups and secure email systems
Access limited to myself or authorised providers
I have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where I am legally required to do so.
9. Data Retention
I will only retain personal data only for as long as necessary to:
Fulfil the purpose for which it was collected
Comply with legal, accounting, or tax obligations
Defend or exercise legal claims
Typically, I retain client and project data for up to 11 years after the end of our working relationship, unless a longer period is required by law.
10. Your Rights
Under certain circumstances, by law you have the right to:
Access your personal data (commonly known as a data subject access request). This enables you to check that I am lawfully processing it.
Correction of inaccurate data. This enables you to request correction of any incomplete or inaccurate data I hold about you.
Erasure of data in certain circumstances. This enables you to ask me to delete or remove personal data where there is no good reason for me continuing to process it. You also can ask me to delete or remove your personal data where you have successfully exercised your right to object to processing.
Objection to processing of your personal data where I am are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Portability of your data. This enables you to request that I transfer certain of your personal data to you or your chosen third party in a structured, commonly used, machine-readable format.
Restriction of processing of your personal data. This enables you to ask to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Notification of rectification, erasure and restrictions.
Not be subject to decisions based on automated processing.
To exercise these rights, contact me at the email address above. I may need to verify your identity before responding.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact me. Once I have received notification that you have withdrawn your consent, I will no longer process your information for the purpose or purposes you originally agreed to, unless I have another legitimate basis for doing so in law.
11. Complaints and Questions
If you have any questions about this Privacy Notice or are unhappy with how I process your data, please contact me in the first instance.
If you are not satisfied by my response, you also have the right to lodge a complaint with the Office of the Information Commissioner (Jersey):
Website: https://oicjersey.org
Phone: +44 (0)1534 716530
Email: enquiries@oicjersey.org
12. Updates to this Privacy Notice
I reserve the right to update this Privacy Notice from time to time and I will provide you with a new privacy notice when I make substantial updates. The most recent version is available on request or published on my website (if applicable). I may also notify you in other ways from time to time about the processing of your personal data.