Privacy Policy

Privacy Policy
Last updated
: October 2020
Previous Version: May 2020

Data Compliant is committed to protecting your personal information and this Privacy Policy tells you how we collect your personal data, how we store it, how we use it, and how we keep it safe.  We shall only use your information in line with all the current data protection laws, including the Data Protection Act 2018 (DPA), the  General Data Protection Regulation (GDPR) and the Privacy and Electronic Communication Regulations (PECR).  We are committed to ensuring that your information is secure. Your information will be held in a secure environment, and access to it will be restricted according to the “need to know” principle. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and protect the information we collect online.

We promise that we shall only use your data in the way you wish, and we shall always respect your privacy.  We process your data for the following purposes, and under the following legal grounds:
Legal Basis for Processing​
To provide you with services, and to deal with enquiries and requests about them.
To contract with you to help us provide or administer our services.
​The processing is necessary to meet contractual obligations into which you have entered as a customer, supplier or worker.  In other words, we use your personal information to fulfil the services you have asked us to provide, or which we have asked you to provide.
To process your online orders. For the avoidance of doubt, we do not collect or process credit card details.
The processing is necessary to meet contractual obligations into which you have entered as a customer.​

To keep you informed and updated on relevant products and services in which you may be interested.

To maintain records of current, past and potential clients, suppliers and workers.

To improve our products and services.

For marketing research purposes, conducting customer satisfaction surveys and responding to your website visits to improve our services.

To invite you to be a guest speaker or sponsor one of our events or webinars.

To provide you with useful data news and information by post and email.

To maintain your contact preferences.

To administer our website and keep it secure.

To provide you with Data Compliant e-newsletters.

For marketing purposes such as prize draws and promotions.

For our legitimate business interests. We have conducted legitimate interest assessments in which our interests and those of our clients, suppliers, workers, business contacts and prospects are balanced.
For sending e-newsletters to sole traders, small partnerships, and private individuals.
We only send e-newsletters to those who have requested them on the legal basis of Consent.
We shall keep your personal data within Data Compliant and our trusted third parties except where disclosure is required by law, for example to government bodies and law enforcement agencies. ​

We do not sell your data to any other company.  Your information will be used by the following parties under our control:

  • To workers and associate consultants who deliver our services
  • Third parties who provide a service to us: 
  • Shopify who hosts our online store
  • Kallidus, who hosts our online training LMS
  • Mailchimp, who distributes our emails
  • SurveyMonkey, who hosts our research questionnaires
  • Microsoft who provides our office and email systems
  • Sharefile who hosts our network
  • Google who provides our website tracking and statistical services

We only keep your personal information for as long as we need to, so that we can use it for the reasons described above.  Where your information is no longer required or is no longer relevant, we will ensure it is disposed of securely.

  • To make sure that you do not receive marketing from us after you have told us to stop sending it, we need to keep a record of that instruction with your contact details. We shall hold that information until you tell us otherwise.
  • CVs and interview notes from unsuccessful applicants will be held for 6 months after notifying you that you have not been successful.
  • Where necessary, we shall keep your personal data for as long as required to do so by law; and where required to establish, exercise or defend our legal rights.

Under the DPA 2018 and the GDPR, you have the right to:

  • Access your personal data by making a subject access request:  You have the right at any time to ask us what personal information we hold about you, and to ask us to update, amend or delete any data that is incorrect or out of date. To protect your privacy and security we may need to verify your identity before disclosing or deleting your data.

  •  Rectification, erasure or restriction of your information where this is justified:  The accuracy of your personal data is important to us. You can rectify/update your personal data, including your address   and contact details at any time by emailing  If you find any inaccuracy in your data at any   time, we will delete or correct it promptly at your request. Proof of identity may be required in some circumstances.


  • Object to the processing of your information where this is justified:   You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future.  You have the right to object to your personal data being processed, for marketing and for research purposes.  From the very first communication from us and every marketing communication we send after you will have the right to object to marketing.  You may unsubscribe from our e-marketing communications at any point by clicking on the unsubscribe link on any email you receive from us.  You may opt out of marketing promotions such as offers and direct mailings by contacting us at the address below, or by emailing
  • The right to make a compliant to the data protection regulator:  If you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office (ICO).   The ICO is the UK's independent body set up to uphold your rights to data privacy.  The ICO can be contacted at The Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.  Tel: +44 (0) 01625 545 745    Website:

Your personal data may be stored, processed, and transferred outside the EEA so that we can use your personal data as described in this policy.  Where this is the case, we will make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us. European data protection laws include specific rules on transferring personal information outside the EEA. When transferring personal information outside the EEA, we will:

  • include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties.  These are the clauses approved under Article 46.2 of the General Data Protection Regulation (GDPR); or
  • ensure that the country in which your personal information will be handled has been deemed "adequate" by the European Commission under Article 45 of the GDPR.

Our website may contain links to and details of other websites that are outside our control and are not covered by this Privacy Policy. If you visit other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours. It will be helpful for you to read their Privacy Policy and Cookie Policy before providing them with your personal data.

We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website.  You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To find out more about cookies, or if you are having problems disabling them, please visit
For more information about how we use Cookies, please see our Cookie Policy.

Contact Us
We are registered as a Data Controller with the UK Information Commissioner’s Office, under registration number ZA162251.
This website is owned and operated by Data Compliant Ltd, registered in England and Wales under company number 8850647, and our registered office is at 22 Friars Street, Suffolk CO10 2AA.