Empowr logo

Empowr

EFN Privacy Policy

This Privacy Policy explains how Empowr CIC collects and handles personal data when you join the Empowr Freelancer Network, including what data is collected, why, where it is stored, and your rights under UK GDPR.

Effective date: 2026-05-06Last updated: 2026-05-06Version: v1.0

1. Who We Are

Empowr CIC ("we", "us", "the Company") is the data controller for personal information collected in connection with the Empowr Freelancer Network ("EFN").

If you have any questions about how we handle your data, contact us at admin@empowrcic.org.

2. What Data We Collect

When you join the EFN, we collect the following personal information through the onboarding form:

  • Full name — identity, invoicing, legal agreement
  • Date of birth — identity verification
  • Home address — legal agreement, HMRC records
  • National Insurance number — HMRC-compliant self-billing invoices
  • Unique Taxpayer Reference (UTR) — self-assessment and HMRC records (if applicable)
  • Bank account details (sort code and account number) — payment by bank transfer
  • Email address — correspondence, agreement delivery, payment notifications

We do not collect more data than is necessary for the purposes described in this policy.

3. Why We Collect Your Data and Our Lawful Basis

We process your personal data because it is necessary to perform the freelance engagement between you and Empowr CIC. This is known as contractual necessity under Article 6(1)(b) of the UK General Data Protection Regulation (UK GDPR).

We also process certain data — in particular your National Insurance number, UTR, and financial records — to comply with our legal obligations under UK tax law (Article 6(1)(c) UK GDPR).

We do not rely on consent as the lawful basis for processing your data. This means you cannot withdraw consent to prevent us from processing data that is required to administer your engagement or fulfil our legal obligations. You may, however, request to end your engagement with us at any time.

4. How We Use Your Data

We use your personal data to:

  • create and maintain your record as a freelancer in our accounting system (Xero);
  • prepare and send the Freelance Services Agreement for electronic signature (via BoldSign);
  • raise self-billed invoices on your behalf following timesheet approval;
  • process payments to your bank account;
  • maintain HMRC-compliant financial records;
  • communicate with you about assignments, payments, and any changes to your engagement.

We will not use your data for marketing purposes, sell it to third parties, or use it for any purpose unrelated to your engagement with the EFN.

5. Where Your Data Is Stored

Your data is held in the following systems:

BoldSign — Signed Freelance Services Agreement (including name, address, NI number, UTR). EU-hosted.

Xero — Financial records: contact details, NI number, UTR, bank details, invoices. EU-hosted.

Starling Bank — Payment execution only (no data stored beyond transaction records). UK.

Notion — Workflow reference only — freelancer ID and system links; no personal or financial data. US-hosted (Standard Contractual Clauses apply).

All third-party processors we use are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.

6. How Long We Keep Your Data

We retain your personal data for seven years following the end of your engagement with the EFN. This period is set by HMRC record-keeping requirements for self-billing arrangements and applies to all financial and contractual records.

After this period, your data will be securely deleted or anonymised.

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of access — you may request a copy of the personal data we hold about you.

Right to rectification — you may ask us to correct inaccurate or incomplete data.

Right to erasure — you may ask us to delete your data, subject to our legal obligations (for example, we cannot delete financial records we are required to retain by HMRC).

Right to restriction — you may ask us to restrict processing of your data in certain circumstances.

Right to object — you may object to processing based on legitimate interests (this does not apply where processing is based on contractual necessity or legal obligation).

Right to data portability — you may request your data in a structured, machine-readable format where processing is automated and based on contractual necessity.

To exercise any of these rights, contact us at legal@empowrcic.org. We will respond within one month.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email. The current version is always available on our legal hub. The version number and effective date at the top of this document indicate when it was last updated.

9. Contact

Data controller: Empowr CIC

Address: Crown House, 27 Old Gloucester Street, London, WC1N 3AX

General enquiries: admin@empowrcic.org

Rights requests and legal queries: legal@empowrcic.org