Our Privacy Policy

About This Privacy Information

This document has been written to provide you with information about how we are handling or intend to handle personal information.

Introduction to Data Protection

Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (‘GDPR’)) and the Data Protection Act 2018 (referred to as Data Protection law) oblige us to provide you with information about how and why we use personal data. We recognise our obligations and your legal rights set out in the Data Protection Law.

About Us

Data Protection People (“DPP”) is committed to protecting and respecting your privacy and complying with the principles of the GDPR. This policy sets out the basis on which any personal data we collect, create or otherwise obtain from or about you will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the GDPR the data controller Data Protection People of The Round Foundry Media Centre, Foundry Street, Leeds, LS11 5QP. We have appointed a Privacy Officer (PO) to oversee our processing of personal information whose contact details are:

Philip Brining
[email protected]

We aim to process information about you fairly, lawfully, and in a transparent manner and the aim of this document is to provide you with sufficient information so you are able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.

Data Processing Purposes

Your information will be processed by Data Protection People for the following requirements; client management, client relationship, contract performance, sales opportunities, marketing, service delivery, product development and feedback, finance and invoices, help desk support, consultation and compliance services and for audit and regulatory requirements.

Information we hold

In operating DPP, we may collect, create or otherwise obtain and process the following information. The numbers relate to the lawful grounds for processing.

Customer Records

Name, address, telephone number(s), email address(es), job title. We use this information to create and maintain customer records and to keep in regular contact with you. We may also use this information for direct marketing purposes and to raise awareness of new products and services that may be of interest to you.


We collect personal data on our website through a contact us form, the details are then added to our CRM system for follow up and processing as required via telephone and email. Our website uses sessional cookies to enable the website to function correctly. Any information contained within these cookies are deleted when your browser is closed.


We store personal information clients add into the DataWise system which may include, names, addresses, contact details and contracts relating to their unique business operations. This information will be held in compliance with our Data Retention Policy.

Finance System

We store finance contact details, and associated email addresses on our cloud-based finance system.

Social Media

We use social media to promote DPP and its events, and manage twitter, Linked-in and Facebook accounts in such a capacity. We do not collect, store or process any personal data contained on these platforms,

Email Newsletter

We send out a monthly newsletter by email to inform our subscribers about our activities and to provide news and information about DPP and/or the latest news surrounding data protection.


All employees and contractors working on behalf of DPP are under a duty of confidentiality to DPP and our clients. Furthermore, DPP contracts with clients under a Master Service Agreement which contains a Non-disclosure provision to protect you and any data that you may share with us.

Lawful Basis for Processing

The lawful basis for the data processing involved in the above activities is indicated adjacent to each data processing purpose and is as follows:

  1. Steps taken to enter into or in order to fulfil the contract for services that we have with our customers.
  2. Pursuant to the legitimate interests of DPP which are: to promote DPP and our activities; to enable us to administrate and run DPP efficiently and effectively as a commercial business; and to ensure that we remain accountable to our customer and other relevant stakeholders.
  3. On the basis of the consent of the data subject.
  4. On the basis of employment and health and safety law.

Required Information

The provision of some items of personal data is a condition of working with DPP. Mandatory information will be highlighted where necessary and is kept to a minimum. It includes personal data required for identifying customers, legal obligations and other similar purposes. Failure to provide mandatory information will mean that you will be unable to work with DPP.

Sharing/Disclosing Personal Data

We will share personal data that we hold with the following categories of our data processors.

DPP employees

We share the personal data of some of our customers with internal departments to help scope opportunities and hand over for delivery. This is necessary in the provision of our services.

DPP Partners

We share the personal details of some of our clients and prospects with partners to deliver joint marketing events and data protection compliance solutions. Partners of DPP include: resellers, technology partners and approved associates who deliver services on behalf of DPP.

Data Retention

DPP will retain information that it collects for varying periods of time broadly as follows:

Customers / Prospects

We will retain personal data about customers of DPP and prospects for a period of time not exceeding 7 years following their ceasing business with DPP.

Your Rights

You have certain rights set out in the data protection law including the right to request access to, and the rectification or erasure of personal data that we hold about you as well as a right to object to and to a restriction of our processing of your personal data at any given time. You can do this through the contact details provided in this policy. You can exercise the right at any time by contacting us at [email protected]. Where we process your personal data on based on consent you have the right to withdraw your consent at any time. Should you wish to exercise this right please contact us at [email protected].

You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office (ICO) in the UK at www.ico.org.uk), should you feel that we have not handled your information in line with legislative and regulatory requirements.

Further Information

Further information about how DPP processes personal data is available from the Data Protection Officer.

Version Control

Version 1.0. Issued 24th May 2018