We Are Enough Privacy Notice


We respect your privacy and understand that privacy is important to you and that you care about how information about you is used, so this privacy notice sets out details about what data we collect and how we use it. 

This policy applies to everyone we deal with in the provision of our services. 

How to contact us

If you have any questions about how we collect and use your information not covered in this privacy notice, or if you wish to speak to someone about our approach to data protection and privacy, please contact our Data Protection Officer:

Nikola Stanojevic at [email protected]

Data we collect and process

If you contact us

If you send us an email directly, your email will be stored via our email provider. We may also download your email into an email application running on our computers. 

If you use our app

All data collection and processing will take place within our app. As such our in-app privacy policy sets out how we will process this data.

If you are a supplier or one of our contractors

If you are one of our suppliers or contractors, we will collect the minimal information about you and your services as required to make use of your services and deal with invoices and payments for your services. Such information will be stored within our accounting package for the purposes of our accounts and will be retained accordingly.

Individual employees within our business may also retain your contact details within their email application or via business cards that you may provide to us.

If you’re an employee

If you are employed by us we will process the minimal amount of information for the purposes of managing your employment. This means we will typically process:

We may also collect, store and use the following "special categories" of more sensitive personal information:

This information will be used for the purposes of dealing with you as an employee, for example: payroll (so you get paid), managing sick leave, managing your pension, etc.

Recruitment data

If you provide us with information (e.g. your contact details, CVs, etc.) we will process this information as part of the recruitment process, unless otherwise stated.

If you are successful in your application your data will be kept as part of your employee record (see above). If you are unsuccessful, we will keep your information for up to 6 months after your application, unless you provide us with consent to keep it longer (e.g. for future opportunities).

Retention of personal data

Unless stated elsewhere in this document or in our terms of services (where applicable) we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).

Third party processors

Where we may use a third-party cloud-based service for the purposes of effectively running our business and providing our services to you, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements. 

We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply. We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA) is also in place to protect your data.

Your rights

Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website: https://ico.org.uk/for-the-public/

If you would like to exercise your rights, or if you have any questions, please contact our Data Protection Officer (contact details above)

How to withdraw consent and object to processing

Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom or the email or by contacting us.

You should also contact us, if you wish to raise concerns about the way we are processing your data or would like to raise an objection to the processing.

Keeping your data up to date

It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us with your updated details.

Erasure of your data (the “right to be forgotten”)

Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems. If it’s not possible for us to delete your data, we will explain the reasons why.


Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them). If you choose to exercise this right, we will provide you with a CSV file extract of the appropriate data.

Access to your data (a so-called Data Subject Access Request)

You have the right to ask us about what data we hold about you, how we process it and to ask us to provide you with a copy of the information, free of charge and within one calendar month of your request.

To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses above. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.

Sharing your information

We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.


If you feel this privacy notice does not go far enough in explaining how we have used your personal data, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to our Data Protection Officer.

If you want to make a complaint about the way we have processed your personal information, we’d rather you brought it to us in the first instance, but of course you can contact the Information Commissioner’s Office in their capacity as the statutory body that oversees data protection law in the UK – https://ico.org.uk/make-a-complaint/

More information

For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: https://ico.org.uk

Changes to our privacy notice

We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on our website.

Document control








Mark Gracey GDPR


First version