Privacy Policy

1. Who we are

GDPR Compliance Centre

Contact details: 

Registered Office: Commercial House, 1105 Christchurch Road, Bournemouth BH7 6BQ

Email:  [email protected]

Telephone: 01202 028484

2. What this notice covers

This notice explains how we use personal information when we provide data protection consultancy, outsourced DPO, legal advice, auditing and compliance support services.
We provide services only to organisations established in the United Kingdom.

3. When we are controller and when we act for a client

We are the controller for personal information we use to run our own business, including enquiries, customer administration, contracts, payments, correspondence, marketing, complaints and website security information.

Where we provide services to a client and access personal information on the client’s behalf, the client remains responsible for that information. In those cases, we process the information under a written agreement and in accordance with the client’s instructions.

This may apply, for example, when we provide outsourced DPO support, CCTV compliance reviews, audits and compliance reviews involving client records.

4. Services we provide

We provide services including:

  • outsourced Data Protection Officer support;
  • GDPR and PECR advisory support;
  • compliance audits and reviews;
  • data protection risk assessments;
  • Data Protection Impact Assessment support;
  • policy and privacy-notice drafting;
  • subject access request and individual-rights advisory support;
  • data breach advice and support;
  • staff training;
  • CCTV compliance reviews;
  • ICO registration support.

5. Personal information we collect

Depending on the circumstances, we may collect:

  • name;
  • business name;
  • job title or role;
  • business email address;
  • telephone number;
  • postal or billing address;
  • service requirements;
  • contract details;
  • invoice and payment reference information;
  • correspondence and enquiry information;
  • complaint information;
  • training attendance information, where needed;
  • publicly available business contact information;
  • technical website information such as IP address, browser information and security logs;
  • limited information contained in client documents, screenshots or records where necessary for an advisory or audit engagement.

We do not receive or store full credit or debit card details.

6. Information from public sources

We may identify business contacts from publicly available sources, including company websites, professional networking platforms, Companies House, and public regulatory registers.

We do not buy or license marketing lists.

7. Special-category and criminal-offence data

We do not ordinarily request or require special-category personal information or criminal-offence information.

If an individual provides such information through a client’s DPO mailbox or as part of a matter we are advising on, we will process only what is necessary and in accordance with the client’s instructions or our legal obligations.

8. How we use personal information and our lawful bases

 

We do not currently rely on consent for our ordinary processing activities.

9. Marketing

We may send occasional service updates or emails to existing customers.

We may contact business prospects using generic business contact details. We do not use bought-in marketing lists, email tracking pixels, link tracking, CRM profiling or automated lead scoring.

Promotional emails will include an unsubscribe option. We maintain a suppression list to ensure opt-out requests are recorded and respected.

10. Website and cookies

Our website does not currently use a contact form. Visitors may contact us by email, telephone or post.

We do not use website analytics, advertising cookies or behavioural tracking. The cookies currently used support essential website security, traffic-routing, bot protection and service availability.

Further information is available in our Cookie Policy.

11. Outsourced DPO services

Where a client appoints us to provide an outsourced DPO service, the client will provide a dedicated DPO email address hosted within its own systems.

Correspondence sent to that address may be accessed and answered by GDPR Compliance Centre on the client’s behalf. The client remains the controller responsible for the underlying personal information, its retention and the handling of the matter.

Information remains within the client’s systems and is processed by us under a written agreement.

 

12. CCTV compliance reviews

As part of CCTV compliance reviews, we may temporarily view live or recorded footage to assess compliance. We do not operate, monitor, record, download, copy or retain CCTV footage.

13. Data breach and SAR advisory support

Our breach and SAR services are advisory. We advise clients on the steps they should take, but we do not ordinarily search client systems, redact records, communicate with data subjects on SARs, submit breach notifications as controller, or notify affected individuals.

14. Who we share information with

We may share personal information with carefully selected service providers, including:

  • secure email and document-storage provider;
  • website and invoicing provider;
  • website security and traffic-management providers for the operation of the website;
  • hosted telephone and voicemail provider;
  • professional or legal advisers if required;
  • We may also disclose information to the ICO, HMRC, courts, law-enforcement bodies, regulators or public authorities only where legally required or necessary to establish, exercise or defend legal rights;

We do not sell your information.

15. International processing

Some of our service providers are based outside the UK or use international infrastructure.

Where personal information is transferred outside the UK, we take reasonable steps to ensure that an appropriate safeguard applies. This may include UK adequacy regulations, the UK Extension to the EU-US Data Privacy Framework, the UK International Data Transfer Addendum, or other recognised contractual safeguards.

16. How long we keep personal information

17. Security

We take appropriate technical and organisational measures to protect personal and confidential business information against unauthorised access, accidental loss, alteration, disclosure or destruction.

These measures include appropriate controls relating to access, authentication, secure communications, encrypted storage, device security, supplier management, data minimisation and secure disposal.

For security reasons, we do not publish detailed information about the configuration of our systems or security infrastructure.

18. Children

Our services are directed at businesses and other organisations. We do not knowingly provide services directly to children or target children through our website or marketing.

19. Automated decision-making and profiling

We do not use personal information to make solely automated decisions that produce legal or similarly significant effects. We do not profile website visitors, score prospective customers or make automated decisions about access to our services.

20. Your rights

You may have the right to:

  • access your personal information;
  • ask us to correct inaccurate information;
  • ask us to erase information in certain circumstances;
  • ask us to restrict processing;
  • object to processing based on legitimate interests;
  • object to direct marketing at any time;
  • request data portability where applicable; 
  • complain about how your information is handled.

To exercise your rights, contact:

Email: [email protected]

or write to: GDPR Compliance Centre, Commercial House, 1105 Christchurch Road, Bournemouth, BH7 6BQ

We reserve the right to request confirmation of your identity to protect customer records.

21. Raising a concern

We take any concerns about the way we handle information seriously. If you have a question or concern about how we use your personal or business information, we encourage you to contact us so that we can look into the matter and respond.

In some circumstances, we may seek independent external support or specialist advice to help us review and address your concern.

You also have the right to raise a concern with the Information Commissioner’s Office about the way we process your personal information.

22. Changes to this notice

We may update this privacy notice from time to time. Where we make a material change, we will take reasonable steps to bring it to the attention of affected individuals.

GDPR Compliance Centre Version 3.6 — July 2026

Essential cookies
We use a small number of necessary cookies to keep this website secure and working properly. We do not use advertising or analytics cookies. [Read our Cookie Policy]