Privacy Policy

About this privacy policy 

This privacy policy has been written to provide you with information about how The Compliance People handles or intends to handle personal information in accordance with the UK General Data Protection Regulation (“UK GDPR”).  This policy relates specifically to our collection and use of personal information for the purposes of providing our services, including our Legislation Update Service and our Consultancy Services.

About us 

We aim to process information about you fairly, lawfully, and in a transparent manner. The aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data.  If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.

Information we collect 

We collect and hold a range of information about you during the course of our relationship.  This includes:  

  • We collect your contact details including name, username, email address, billing address and telephone numbers. 
  • We collect your profile data including your username and passwords and services purchased. 
  • We collect your transaction data which includes details about payments you have made to us and details of the services you have purchased from us. 
  • We collect technical data including your IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website. 
  • We collect and record any information that you provide to us whilst using our services or input into our website. 
  • We collect marketing and communications information including your communication and marketing preferences. 
  • We record information about your needs and requirements to ensure our services are accessible; that we take account of any support needs in our dealings with you; and to improve our communications with you. 
  • We keep financial records about the amount of money you have paid us; any amount(s) outstanding and associated recovery action. Depending on your chosen method of payment, we may hold your bank account details 
  • We may carry out insight and satisfaction surveys to help us to monitor our performance and to improve our services to our customers. 

This list is not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information, so we can deliver our services to you. 

Generally, the information we hold will have been provided by you (e.g. on enquiry forms or when we communicate with you), but we may also hold information provided by third parties where this is relevant to your own circumstances.  As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. 

We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us from doing so.

Purposes for processing 

We have set out below a description of all the ways we plan to use your information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.  We may process your information for more than one lawful ground depending on the specific purpose for which we are using your information. 

Purpose/Activity  Type of Information  Lawful Basis for Processing Information 
To register you as a new client  Contact details 

Profile data 


Performance of a contract with you 
To process and deliver our services to you including managing payments, fees, charges and collecting any money owed to us  Contact details 

Profile data 

Financial records 

Transaction data 


Performance of a contract with you 

Necessary for our legitimate interests to recover any debts due to us 

To manage our relationship with you which will include notifying you about changes to our terms or privacy policy and asking you to leave a review or take a survey 


Contact details 

Profile data 

Marketing and communications information 

Performance of a contract with you 

Necessary to comply with our legal obligations 

Necessary for our legitimate interests to understand how our clients use our services to develop them and grow our business 


To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  Contact details 

Technical data 

Necessary to comply with our legal obligations 

Necessary for our legitimate interests to run our business, provision of IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise 


To use data analytics to improve our website, products/services, marketing, customer relationships and experiences  Technical information  Necessary for our legitimate interests to better understand our clients and their use of our services, to keep our website up to date, to develop our business and to inform our marketing strategy 


To make suggestions and recommendations to you about products or services that may be of interest to you 


Contact details 

Technical information 

Profile data 

Marketing and communications information 


Necessary for our legitimate interests to develop our products and services and to grow our business 
To send you our newsletter because you have requested us to do so or because it forms part of our contract with you 


Contact details 

Profile data 

Marketing and communications information 



Performance of a contract 

Necessary for our legitimate interests to develop our products and services and to grow our business 



Our marketing communications 

We may use your personal information to contact you to inform you about services we believe might be of interest to you via email or text message (we call this marketing communications).  Our clients may receive marketing communications from us unless you have opted out or unsubscribed to receiving that marketing. 

You can ask us to stop sending you marketing communications at any by following the unsubscribe links on any marketing communications sent to you or by contacting us at any time. 

Where you opt out of receiving these marketing communications, this will not apply to personal information provided to us as a result of the provision of our services and we will still be required to contact you in relation to the services we provide.


For further information about our use of cookies, please see our Cookie Policy.

Sharing personal information

Normally, only our employees will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes as outlined above, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of data protection law. 

Where necessary or required, we may share your personal information as follows: 

  • With third party service providers, in connection with services performed on our behalf.  For example, our email provider, our database host and analytics and search engine providers that assist us in the improvement and optimisation of our website. 
  • With local authorities and government departments, as necessary for administering justice, or for exercising statutory, governmental, or other public functions. 
  • With police and other relevant authorities (e.g. Probation Service, Department of Work and Pensions, HM Revenues and Customs) in relation to the prevention or detection of crime and fraud; the apprehension or prosecution of offenders and the assessment or collection of tax or duty. 
  • With our regulator, to comply with our regulatory obligations. 

This list is not exhaustive as there are other circumstances where we may also be required to share information, for example: 

  • To meet our legal obligations. 
  • In connection with legal proceedings (or where we are instructed to do so by Court order). 

Our relationships with third party services providers are governed by contractual provisions with us and they only have access to personal information to perform the described purposes and may not use it for other purposes.

Where we store personal information  

 The personal information that we collect is stored within the UK and European Economic Area (EEA). However, there may be some circumstances where it is necessary to transfer and store personal information at a destination outside the UK or the EEA.  In these circumstances, we will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with data protection law and, in the event that personal information is transferred outside the UK or the EEA, shall ensure that this is carried out subject to the requirements of the UK GDPR. 

How long we keep it for 

We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of personal information are available upon request.  After this period, we will securely destroy or anonymise personal information in accordance with data protection law.

Your rights 

Right of access 

You have the right of access to information we hold about or concerning you.  If you would like to exercise this right, please do so in writing. If you are seeking to obtain specific information (e.g. about a particular matter of from a particular time period), it helps if you clarify the details of what you would like to receive in your written request. If someone is requesting information on your behalf, they will need written confirmation from you to evidence your consent for us to release this and proof of ID (both yours and theirs). We have one month to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible). In response to a subject access request, we will provide you with a copy of the information we hold that relates to you.

Right of rectification or erasure 

If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it.  You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.  Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared your data about your request for erasure.

Right to restriction of processing 

You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.

Right of portability  

You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent or contract and is carried out by automated means called a data portability request.

Right to object 

You have a right to object to our processing of your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.

Right to withdraw consent 

In the circumstances where you may have provided consent to the collection, processing and transfer of personal information for a specific purpose has been provided, you have the right to withdraw consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. 

Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.


If you have a concern about the way we are collecting or using personal information, we would ask that you raise your concern with us in the first instance by using the contact details below. 

You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioner’s Office (ICO) in the UK at, should you feel that we have not handled your information in line with legislative and regulatory requirements. They can be contacted at: 

Information Commissioner’s Office
Wycliffe House
Water Lane
0303 123 1113 |

Further information 

For further information on how to request your personal information and how and why we process your information, you can contact us using the contact details on this page. 

If you would like any further information or have any comments about our privacy policy or any other aspect of our website or service, please contact our web team by either of the methods shown below. 


The Compliance People
Prospect House,
Wharf Street,
BB1 1JD 

Telephone: 01254 265002

Changes to this privacy policy 

We may change this privacy notice from time to time, but if we change it in a way which significantly alters the terms upon which you have agreed, we will post notice of the change on our website. This privacy notice was last updated in October 2021.