Privacy Policy

for Data Protection Audits Limited

Data Protection Audits Limited treats the privacy of its clients, customers and website (“Site”) users very seriously and we take appropriate security measures to safeguard your privacy. This Privacy Notice explains how we protect and manage your Personal Data you share with us and that we hold about you, including how we collect, process, protect and share that data.

Personal Data means any information that may be used to identify an individual, including but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.

Who we are

Data Protection Audits Limited (“we”). We are registered in England and Wales under company number 10117616 and have our registered office situated at 71-75 Shelton Street, London, England, WC2H 9JQ

We provide consultancy services to UK based entities and individuals. As part of conducting these services you or the UK institutions and entities that we act on behalf of, provide us with information about you to enable us to conduct services either for them or on their behalf.

In instances where you are not our client, for example where we are instructed by a UK institution or entity, they will be the ‘Controller’ of this information and we will be a ‘Processor’. In such cases this Privacy Notice is therefore supplemental to the Privacy Notice provided by the UK institution or entity.

In instances where you are our client (non-exclusive examples include where we are instructed by yourself to be your data protection officer), we will be the ‘Controller’ of the personal data.

How we obtain your Personal Data

Information provided by you

When you decide to use our services you may provide us with your Personal Data via our Site, through a written letter, email or text message, over the telephone or similar mediums. This Personal Data includes name, address, email address and bank account details. We use this information in order to fulfil the agreed services that we provide to you.

We may also keep information contained in any correspondence you may have with us by post or by email and we also record telephone conversations.

Information we get from other sources

We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.

This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR). You will already have submitted your Personal Data to the companies and specifically given permission to allow them to pass this information to other companies that provide similar or complementary products and services to those we offer.

How we use your Personal Data

We use your Personal Data to fulfil the agreed services on your behalf and to keep a record of the services we provide you for example for accounting, payment and legal requirements. We endeavour, at all times to protect your Personal Data in a manner which is consistent with our requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your Personal Data in storage.

Do we use your Personal Data for marketing purposes?

Any information that you choose to give us for the provision of services will be used by us for that purpose only or to comply with associated legitimate interests (as described in the paragraph above) and will not be used for marketing purposes by us or third parties.

If you use our Site we may use this information to conduct marketing activities but only with your consent.

We never use or share any personally identifiable information provided to us online in ways unrelated to the ones described on our Site, this Privacy Notice or our Cookie Policy

What is our Legal Basis for processing your information

The main legal basis for processing your information will be to perform the services as agreed between us and yourself.  Therefore the main reason for us processing your Personal Data will be for the performance of a contract between us or, for us to take steps at your request prior to entering into a contract with you

We will also need to process your Personal Data for our own internal record keeping activities:  in this instance your Personal Data will be processed for keeping a record of what services we have provided to you, what payments we have requested from you and what payments you have made.  In this instance we will be processing your Personal Data on a legitimate interest basis.

Additionally, we may be required to obtain Personal Data from you in order to comply with our regulatory and legal obligations, for example to comply with anti-money laundering legislation, accounting practices or legal requirements, court orders or conduct fraud prevention. In these instances, our legal basis for processing information will be to fulfil a legal obligation.

Sharing information

We will keep information about you confidential.  In order to fulfil the performance of the contract, to carry out our legitimate interest  or to satisfy a legal obligation we may be required to disclose your information to third parties. Examples of the types of third parties used include:

  • any third parties with a legitimate interest to the data in order to effect the performance of the contract
  • any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential, for example professional advisors or representatives,
  • anyone to whom we may transfer our rights and duties under any agreement we have with you;
  • any legal or crime prevention agencies and/or to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so.

In the event that Data Protection Audits Limited is sold or integrated with another business, your anonymised details may be disclosed to our advisers and any prospective purchasers’ advisers and your personal details will be passed on to the new owners of the business.

Transfer of your Personal Data outside of the European Economic Area (EEA)

We do not currently transfer your Personal Data outside the EEA. If in the future we transfer your Personal Data outside the EEA, in accordance with the terms of this Policy, we will make sure that the receiver agrees to provide the same or similar protection as we do and the they only use your Personal Data in accordance with our instructions.

How long do we keep this information about you

We retain your personal data as follows: we will keep your Personal Data for a period of six years after the last piece of work or service we have provided to you e.g. if we provided a service in 2018 to you then we would only retain your Personal Data until 2024. This retention period is in line with the length of time we need to keep your Personal Data in order to meet or take any legal action (e.g. debt collection, claim for breach of contract) for financial statutory or legal requirements and the handling of any insurance claims.. In all cases our need to use your Personal Data will be reassessed on a regular basis and information which is no longer required will be disposed of.

What if I choose not to give you my personal information

If you do not wish us to process your Personal Data we will not be able to provide you with any services.

Will you process my information for purposes I may not be aware of

If you use our Site, we may also use aggregate information and statistics for the purposes of monitoring Site usage and to help us develop our Site and our services, and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.

We may use sign up form data to assist with providing downloads, newsletters and enrolling on events. Such use does not result in any personally identifiable data, other than contact details, being collected, stored or transferred to such agencies. We, or our agents and sub-contractors, may contact you by post, e-mail or telephone to ask you for your feedback and comments on our services.  We will only do this with your consent that you can give on our Site

One way in which we gather this information is by using cookies. Please see our Cookie Policy for more information.

Data Subject Rights

Right to be informed

You, the Data Subject, shall have the right to be informed of how your Personal Data is used. This Privacy Notice provides you with this explanation in relation to the information processed by us when providing services to you.

Subject access requests

The General Data Protection Regulation (GDPR) grants you (the Data Subject) the right to access particular Personal Data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the Personal Data we hold about you.

You may also request the following:

  • sources from which we acquired the information;
  • the purposes for processing the information; and
  • persons or entities with whom we are sharing the information.

Right to rectification

You, the Data Subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data we hold concerning you. Taking into account the purposes of the processing, you, the Data Subject, shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

Right to erasure

You, the Data Subject, shall have the right to obtain from us the erasure of Personal Data concerning you without undue delay.

This right does not apply if processing is necessary:

  1. for the exercise of the right of freedom of expression and information;
  2. for compliance with a Union or Member State legal obligation;
  • for performance of a public interest task or exercise of official authority;
  1. for public health reasons;
  2. for archival, research or statistical purposes (if any relevant conditions for this type of processing are met); or if required for the establishment, exercise or defence of legal claims.

Right to restriction of processing

You, the data subject, shall have the right to obtain from us a restriction of processing where one of the following applies:

  1. the accuracy of the Personal Data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
  2. the processing is unlawful and you, the data subject, oppose the erasure of the Personal Data and instead request the restriction in its use;
  3. we no longer need the Personal Data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims;
  4. you, the data subject, have objected to processing of your Personal Data pending the verification of whether there are legitimate grounds for us to override these objections.

The right will not apply where the processing is necessary for:

  1. the establishment of legal claims
  2. the protection of another; or

iii)        reasons of important public interest

Notification obligation regarding rectification or erasure of Personal Data or restriction of processing

We shall communicate any rectification or erasure of Personal Data or restriction of processing as described above to each recipient to whom the Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.

Right to data portability

You, the data subject, shall have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.

Right to object

You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the processing, which overrides the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.

Right to not be subject to decisions based solely on automated processing.

We do not carry out any automated processing, which may lead to an automated decision based on your Personal Data.

Invoking your rights

If you would like to invoke any of the above data subject rights with us, please submit a written request to

Accuracy of information

In order to provide the highest level of customer service possible, we need to keep accurate Personal Data about you. We take reasonable steps to ensure the accuracy of any Personal Data we obtain. We ensure that the source of any Personal Data is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.

Important information

Questions and queries

If you have any questions or queries which are not answered by this Privacy Notice, or have any potential concerns about how we may use the Personal Data we hold, please write to Data Protection Audits Limited, 71-75 Shelton Street, London, England, WC2H 9JQ or email

Policy changes

This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update, modify or amend this Policy. We suggest that you review this Privacy Notice from time to time to ensure you are aware of any changes we may have made, however, we will not significantly change how we use information you have already given to us without your prior agreement. This privacy notice was last updated on 08 April 2018.

If you have a complaint

If you have a complaint regarding the use of your Personal Data  then please contact us writing to  Data Protection Audits Limited, 71-75 Shelton Street, London, England, WC2H 9JQ or email and we will do our best to help you.

If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your Personal Data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.

We’ll call you

or call us on 0207 477 2045

You currently have JavaScript disabled!

This site requires JavaScript to be enabled. Some functions of the site may not be usable or the site may not look correct until you enable JavaScript. You can enable JavaScript by following this tutorial. Once JavaScript is enabled, this message will be removed.