Data Protection

1. Data Controller
   BSCO uses data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Personal Data Collected
   The Service Provider may collect and process personal data including, but not limited to, names, contact details, property information, student details (where applicable), and payment information for the purpose of providing the agreed services.
3. Lawful Basis
   Personal data is processed on the lawful basis of:
4. Performance of a contract
5. Compliance with legal obligations
6. Legitimate business interests
7. Consent (where required)
8. Data Use
   Personal data shall be used solely for:
9. Delivering agreed services
10. Communication regarding services
11. Processing payments
12. Legal and regulatory compliance
13. Data Sharing
    Personal data may be shared with trusted third parties where necessary to deliver services (such as tutors, contractors, property professionals, accountants, or payment providers). Personal data will not be sold to third parties.
14. Data Retention
    Personal data will be retained only for as long as necessary for contractual and legal purposes, typically up to six (6) years in accordance with UK tax and legal requirements.
15. Data Security
    Reasonable technical and organisational measures are implemented to protect personal data against unauthorised access, loss, or misuse.
16. Client Rights
    Clients have rights under UK GDPR, including the right to access, correct, request deletion, restrict processing, or object to processing of their personal data.

---