Privacy Policy
Effective Date: 31 March 2026
Company: Teak, Amber & Oak Ltd.
ICO Registration Number: ZC104925
1. Our Commitment to Your Privacy
At Teak, Amber & Oak Ltd., we operate as an unseen bridge—connecting corporate resources with community nodes to facilitate regional success. We believe that true partnership requires absolute trust and total discretion. This policy outlines how we collect, use, and protect your data within our closed-loop architecture. We are registered with the Information Commissioner’s Office (ICO) and are committed to safeguarding your information under the UK GDPR.
2. The Information We Collect
We operate distinct architectures for our Corporate Partners and our Community Nodes; the data we collect is strictly limited to what is necessary for our operations:
From Corporate Partners (Clients): Company names, registered office addresses, Company Registration Numbers, billing and financial details, and key contact information.
From Community Nodes: Organisation names, primary contact names, email addresses, and operational focus areas.
Special Category Data: Where we facilitate high-value social proxies (e.g., ex-offender or health-related placements), we do not store original criminal records or medical files. We only process the verified status required for the Social Value Portal audit, acting as a "blind" verifier to protect individual privacy.
Audit Data: We maintain automated, timestamped logs of document generation and communication dispatches (such as Service Agreements and Community Memos) to ensure compliance and accountability.
3. Lawful Basis for Processing
Under UK GDPR, we process your data under the following lawful bases:
Contractual Necessity: To fulfill our Service Agreements and provide the "Audit Shield" for our Corporate Partners.
Legitimate Interests: To facilitate social value mapping and provide the clinical evidence required for community impact reporting.
4. How We Use Your Data
Specifically, we use your data to:
Generate bespoke Service Agreements and Invoices for Corporate Partners.
Draft and dispatch "Our Promise" Memos and partnership outlines to Community Nodes.
Maintain accurate "Mapping" of regional resources and introductions.
Provide high-fidelity audit trails required for compliance (e.g., Council, National TOMs, or DWP reporting standards).
Operate our internal "Vault" databases to ensure smooth, automated communication.
5. The Vault Architecture & Data Security
We do not rely on sprawling third-party CRMs. Your data is housed within our proprietary "Vault" architecture—a secure, siloed environment built on enterprise-grade infrastructure.
Separation of Concerns: Our financial/revenue data is completely air-gapped from our Community Node databases.
Access: Data is accessed only by authorized personnel at Teak, Amber & Oak Ltd. for the express purpose of executing our services.
International Transfers: While our operations are UK-based, our secure infrastructure may utilize encrypted cloud servers. We ensure all such transfers are protected by Standard Contractual Clauses (SCCs) to maintain UK-equivalent data protection.
6. Data Sharing and The "Ghost Protocol"
We act as a "Ghost" partner. All public wins and media mentions generated through our work belong solely to the Community Nodes and Corporate Partners involved.
We do not sell your data.
Controlled Sharing: We only share information between a Corporate Partner and a Community Node when an introduction or resource allocation is actively being facilitated, and only with explicit consent.
Legal Obligations: We may share data with legal or regulatory authorities if strictly required to comply with statutory audit or legal obligations.
7. Data Retention
We retain your information only for as long as is necessary to fulfill the purposes outlined in this policy, or as required by UK law and financial auditing standards. Our automated dispatch logs are retained to provide ongoing proof of compliance and partnership integrity.
8. Your Rights
Under UK data protection law, you possess the right to:
Request access to the personal data we hold about you.
Request correction of any inaccurate or incomplete data.
Request erasure of your data (subject to our legal and audit retention requirements).
Object to processing or request restriction of your data.
Right to Complain: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your data correctly (www.ico.org.uk).
9. Contact Us
If you have any questions regarding how we handle your data, please reach out to us directly:
Teak, Amber & Oak Ltd. Email: dpo@teakamberoak.com