Client onboarding privacy policy

Last updated: 27 April 2026

This notice explains how PINCH Insight & Strategy Ltd ("PINCH", "we", "our") collects and uses your personal data when you complete our Client Financial Onboarding Form. It supplements our general website privacy policy at wearepinch.com/privacy-policy and applies specifically to the data you provide as part of becoming a PINCH client.

Who we are

PINCH Insight & Strategy Ltd is the data controller for the personal data you provide on this form. We are registered in England and Wales Reg Co No. 16644469. Our registered address is 108 Whyteladyes Lane, Cookham, Sl6 9LE. You can contact us about this notice at hello@wearepinch.com.

What information we collect

The Client Financial Onboarding Form collects:

·       Personal data — the full name, job title, email address and phone number of your primary contact, your billing contact (where different), and the person completing the form;

·       Business data — your organisation's legal name, trading name, country of incorporation, company registration number, VAT or tax identification number, registered and billing addresses, website, and main phone number;

·       Billing-related preferences — your invoicing currency preference, purchase-order requirements, additional invoice-format requirements, and acknowledgement of our payment terms.

Why we collect it, and our lawful basis

We process your data for three purposes, each with its own lawful basis under UK GDPR:

To establish and deliver the services set out in your Statement of Work. Lawful basis: performance of a contract (UK GDPR Article 6(1)(b)).

To raise compliant invoices and meet our record-keeping obligations under UK tax law. Lawful basis: legal obligation (Article 6(1)(c)) — HMRC requires us to retain financial records for at least seven years.

To communicate with you about the project and respond to commercial or billing queries. Lawful basis: legitimate interests (Article 6(1)(f)) — necessary for us to operate effectively as a business and maintain our relationship with you.

Who we share your data with

We do not sell, trade or rent your personal data. We share it only with the following categories of recipient:

·       HM Revenue & Customs and our professional accountants, where required for tax and statutory reporting.

·       Software providers we rely on to deliver our services and maintain records — including our accounting platform (Xero), our productivity and email systems (Google Workspace), and our project-management tools. Each of these processors is bound by contract to handle your data securely and only on our instructions.

·       Banks and payment processors, where necessary to issue or process payments.

International transfers

Some of our processors (such as Google Workspace) may store data on servers outside the United Kingdom. Where this happens, we ensure that appropriate safeguards are in place under UK GDPR — typically the UK Addendum to the EU Standard Contractual Clauses, or reliance on a UK adequacy decision.

How long we keep your data

We retain financial and billing-related data for seven years from the end of our last engagement with your organisation, in line with HMRC record-keeping requirements. Other personal data not required for billing or tax purposes is reviewed annually and deleted when no longer necessary for the purpose for which it was collected. After the retention period expires, your data is securely deleted.

Your data-protection rights

Under UK GDPR you have the following rights in respect of your personal data:

·       The right to access — request copies of the personal data we hold about you.

·       The right to rectification — ask us to correct inaccurate or incomplete information.

·       The right to erasure — ask us to delete your data, subject to our legal record-keeping obligations.

·       The right to restrict processing — ask us to limit how we use your data.

·       The right to object — object to processing based on our legitimate interests.

·       The right to data portability — receive your data in a structured, commonly-used, machine-readable format.

·       The right to lodge a complaint — you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your personal data properly.

To exercise any of these rights, please email us at hello@wearepinch.com. We will respond within one calendar month of receiving your request.

Automated decision-making

We do not use your personal data for automated decision-making or profiling.

Changes to this notice

We keep this notice under regular review and will publish any updates here. The "last updated" date at the top reflects the most recent revision.

How to contact us

If you have any questions about how PINCH handles your personal data, or you would like to exercise any of the rights above, please contact us at hello@wearepinch.com.

PINCH Insight & Strategy Ltd