Privacy Policy.

Last updated: May 2026

1. Who We Are

Rodycloud Consulting Ltd is a financial management consultancy specialising in services for churches and charities. We are registered with the Information Commissioner's Office (ICO) as a data controller.

For any questions about this policy or how we handle your data please contact us at

aaron@rodycloudconsulting.com.

2. What Data We Collect

In the course of providing our services we may collect and process the following personal data:

• Names and contact details of church staff, volunteers and trustees

• Financial information including payroll, banking and Gift Aid data

• HMRC and pension related information

• Communication records including emails and messages

3. Why We Collect It

We collect and process personal data for the following purposes:

• To deliver the financial management services described in our engagement letter

• To comply with legal obligations including HMRC, Gift Aid and pension requirements

• To communicate with you about our services

• To fulfil our anti-money laundering obligations including client identification

4. Our Legal Basis for Processing

Under the UK GDPR we process your data on the following legal bases:

• Contract - processing is necessary to deliver the services we have agreed to provide

• Legal obligation - processing is necessary to comply with laws including HMRC

requirements and anti-money laundering legislation

• Legitimate interests - processing is necessary for our legitimate business interests

where these are not overridden by your rights

5. Who We Share Your Data With

We may share your data with trusted third party processors who assist us in delivering our services, including:

• Xero - accounting software

• ChurchSuite - church management software

• Payroll providers - for the processing of staff payroll

All third-party processors are required to handle your data securely and in accordance with

UK GDPR. We do not sell your data to any third party.

Where a church or charity we work with operates internationally, data may occasionally be processed outside the UK as a result of their own operations. In such cases we ensure appropriate safeguards are in place.

6. How We Store and Protect Your Data

Your data is stored both on secure cloud-based systems and on local devices protected by appropriate security measures including:

• Password protection and two factor authentication

• Virus and malware protection

• Restricted access controls

• Secure physical storage where applicable

We retain your data for a minimum of seven years in accordance with HMRC requirements and Charity Commission guidelines, after which it is securely deleted or shredded.

7. Your Rights

Under UK GDPR you have the following rights regarding your personal data:

• Access - you can request a copy of the data we hold about you

• Correction - you can ask us to correct inaccurate data

• Erasure - you can ask us to delete your data where there is no legal reason to retain

it

• Restriction - you can ask us to limit how we use your data

• Objection - you can object to our processing of your data

To exercise any of these rights please contact us at aaron@rodycloudconsulting.com. We will respond within 30 days.

8. Data Breaches

In the event of a data breach we will notify the ICO within 72 hours where required by law.

If the breach is likely to affect your rights and freedoms, we will also notify you directly as soon as reasonably practicable.

9. Complaints

If you are unhappy with how we have handled your data you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.

10. Changes to This Policy

We may update this policy from time to time. The most current version will always be

available upon request by emailing aaron@rodycloudconsulting.com.