Privacy Policy.
Last updated: May 2026
1. Who We Are
Rodycloud Consulting Ltd is a financial management consultancy specialising in services for churches and charities. We are registered with the Information Commissioner's Office (ICO) as a data controller.
For any questions about this policy or how we handle your data please contact us at
aaron@rodycloudconsulting.com.
2. What Data We Collect
In the course of providing our services we may collect and process the following personal data:
• Names and contact details of church staff, volunteers and trustees
• Financial information including payroll, banking and Gift Aid data
• HMRC and pension related information
• Communication records including emails and messages
3. Why We Collect It
We collect and process personal data for the following purposes:
• To deliver the financial management services described in our engagement letter
• To comply with legal obligations including HMRC, Gift Aid and pension requirements
• To communicate with you about our services
• To fulfil our anti-money laundering obligations including client identification
4. Our Legal Basis for Processing
Under the UK GDPR we process your data on the following legal bases:
• Contract - processing is necessary to deliver the services we have agreed to provide
• Legal obligation - processing is necessary to comply with laws including HMRC
requirements and anti-money laundering legislation
• Legitimate interests - processing is necessary for our legitimate business interests
where these are not overridden by your rights
5. Who We Share Your Data With
We may share your data with trusted third party processors who assist us in delivering our services, including:
• Xero - accounting software
• ChurchSuite - church management software
• Payroll providers - for the processing of staff payroll
All third-party processors are required to handle your data securely and in accordance with
UK GDPR. We do not sell your data to any third party.
Where a church or charity we work with operates internationally, data may occasionally be processed outside the UK as a result of their own operations. In such cases we ensure appropriate safeguards are in place.
6. How We Store and Protect Your Data
Your data is stored both on secure cloud-based systems and on local devices protected by appropriate security measures including:
• Password protection and two factor authentication
• Virus and malware protection
• Restricted access controls
• Secure physical storage where applicable
We retain your data for a minimum of seven years in accordance with HMRC requirements and Charity Commission guidelines, after which it is securely deleted or shredded.
7. Your Rights
Under UK GDPR you have the following rights regarding your personal data:
• Access - you can request a copy of the data we hold about you
• Correction - you can ask us to correct inaccurate data
• Erasure - you can ask us to delete your data where there is no legal reason to retain
it
• Restriction - you can ask us to limit how we use your data
• Objection - you can object to our processing of your data
To exercise any of these rights please contact us at aaron@rodycloudconsulting.com. We will respond within 30 days.
8. Data Breaches
In the event of a data breach we will notify the ICO within 72 hours where required by law.
If the breach is likely to affect your rights and freedoms, we will also notify you directly as soon as reasonably practicable.
9. Complaints
If you are unhappy with how we have handled your data you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.
10. Changes to This Policy
We may update this policy from time to time. The most current version will always be
available upon request by emailing aaron@rodycloudconsulting.com.