This privacy notice explains how we collect, use and protect personal information. It applies to:
Visitors to our website and individuals making enquiries; and
Personal data we process on behalf of our clients when delivering data protection services (for example, managing Subject Access Requests or Data Breach investigations.
Who are we?
Data Protection Enterprise Ltd (‘we’, ‘us’,‘our’) provides a data protection consultancy and Data Protection Officer (DPO)service to our clients.
Our contact details
info@dpenterprise.co.uk
07853091905
We are registered with the Information Commissioner as a data controller. Our registration number is: ZA735236
How we use personal data
Website visitors and enquiries
When you visit our website, contact us by email, or complete an enquiry form, we collect and use your personal information to respond to your query and manage our relationship with you.
We collect:
Name and contact details
Organisation name (if provided)
Any information you include in your enquiry
Lawful basis:
Legitimate interest – to respond to your enquiry and maintain business relationships
Consent – where you ask to receive updates or marketing communications
Retention:
We keep enquiry information for up to 12 months after our last contact, unless you become a client.
Clients and service delivery
When acting as a Data Protection Officer or data protection consultant, we may collect, receive or process personal data on behalf of our clients (the Data Controllers).
This may include:
Name, contact details and other identifying information
Health or education information (including dietary requirements, allergies, health conditions and safeguarding information)
Photographs or video recordings
Records of meetings, correspondence and decisions anddecisions
Identification documents
Information relating to complaints or disciplinary matters.
Lawful bases
When acting as a data controller (for our own business records), we rely on:
Performance of a contract – delivering services to clients
Legal obligation– compliance with data protection law
Legitimate interests – maintaining records of professional advice and decisions\
When acting as a data processor (on behalf of our clients):
We process personal and, where necessary, special category data strictly under our client’s written instructions and in accordance with an agreed Data Processing Agreement(DPA).
Special category data
When processing data revealing health, ethnicity or other sensitive details, we rely on Article 9(2)(g) (substantial public interest) or Article 9 (2)(f)(establishment, exercise or defence of legal claims), depending on the context of the work.
Retention
We retain client data and related records for up to two years after the end of the client contract, unless otherwise agreed in writing or required by law.
Where we get personal information from
We may receive personal information from:
Clients (organisations we support)
Individuals exercising their data rights (for example, through a Subject Access Request)
Other professionals or agencies involved in a case
Publicly available sources
Your data protection rights
Under data protection law, you have the following rights:
Right of access - You have the right to ask us for copies of your personal data.
Right to rectification - You have the right to ask us to correct inaccurate or incomplete data.
Right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Right to data portability - You have the right to receive your data in a usable format.
Right to withdraw consent – When we use consent as our lawful basis, you have the right to withdraw your consent.
You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details stated in this privacy notice.
International transfers
We store and process personal data within the UK. If we use secure cloud or AI-based systems hosted outside the UK (for example, for anonymised document review), we ensure appropriate safeguards are in place, such as UK-approved International Data Transfer Agreements.
How to complain
If you have any concerns about our use of your personal data, please contact us first.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
We maintain a suite of policies and procedures to ensure compliance with data protection law. Copies of relevant policies, including our Data Protection and Information Security Policy, are available on request.
