Privacy Policy

Last updated: May 10, 2026

Introduction

At cloudy-arc, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.

Information We Collect

We collect information that you provide directly to us, including:

• Name and contact information (email address, postal address)
• National Insurance number (when required for benefit applications)
• Financial information (income, employment status, benefits currently received)
• Health and medical information (for disability-related claims)
• Housing and family information
• Any other information you choose to provide in forms or communications

How We Use Your Information

We use the information we collect to:

• Provide the services you've requested
• Complete benefit applications and appeals on your behalf
• Communicate with you about your case
• Comply with legal obligations
• Improve our services
• Send you service-related updates (not marketing)

Legal Basis for Processing

We process your personal data based on:

• Your consent when you submit a service request
• Contractual necessity to deliver the services you've purchased
• Legal obligations related to benefits law and compliance
• Legitimate interests in operating and improving our business

Data Sharing

We do not sell your personal information. We may share your data with:

• Government agencies (DWP, HMRC, local councils) when submitting applications on your behalf
• Medical professionals when obtaining evidence for your claim
• Legal representatives if your case requires tribunal representation
• Service providers who assist in delivering our services (e.g., secure document storage)

All third parties are required to maintain confidentiality and comply with UK data protection laws.

Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, or misuse. This includes:

• Encrypted data transmission (SSL/TLS)
• Secure storage systems with access controls
• Regular security assessments
• Staff training on data protection

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, typically:

• Active case files: duration of service plus 6 years
• Financial records: 7 years (tax law requirement)
• Communication records: 3 years after case closure

You may request earlier deletion of your data, subject to legal retention requirements.

Your Rights

Under UK data protection law, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal requirements)
• Object to processing of your data
• Request restriction of processing
• Data portability
• Withdraw consent at any time

To exercise these rights, contact us at [email protected].

Cookies

Our website uses cookies to improve functionality and user experience. For detailed information, please see our Cookies Policy.

Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website with an updated "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]
Address: 42 Meadowbank Street, Edinburgh EH8 7DY, United Kingdom

Supervisory Authority

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority.