• Home
  • Privacy Policy & Cookies
Privacy Policy & Cookies

Providing data protection services for peace of mind

Privacy Policy & Cookies

Privacy Policy

This privacy policy sets out how Dunwell Data Protection collects and uses your personal data. This privacy policy has been updated to reflect the changes introduced by the General Data Protection Regulation which becomes enforceable on 25 May 2018.

When we refer to “we”, “us” or “our” in this privacy policy we mean Dunwell Data Protection.

Dunwell Data Protection provides a specialist data protection consultancy, advice and training service to organisations.  We provide a variety of data protection services to help organisations with their data protection compliance.


Personal data collected

For us to provide our services to you we need to collect and use a small amount of personal data about you, or the individuals who work at your organisation.  The personal data we need is:

  • Your organisation name and postal address;
  • Name and contact details of the individual we are liaising with at your organisation (Full name, email address, telephone numbers, postal address);
  • Information about your business activities;
  • Information about the reason you have engaged our services;
  • Any other information you choose to tell us that is relevant to the enquiry you have.

We do not collect any of the special categories of personal data.

We do not provide our consultancy, advice or training service to children.

This information is gathered from you when:

  • you contact us to either enquire about our consultancy and advice service or to take out our consultancy and advice service. This is may be done via email, telephone or face-to-face; or
  • you book on one of our training events.


What we use your personal data for and the legal basis we rely on

We use your personal data to provide you with our consultancy, advice and training services and for direct marketing.

The legal basis we rely on are:

Contractual obligation (GDPR Article 6(1)(b))

The consultancy, advice and training services we provide to you are done so under contract.  We require certain information from you to enable us to fulfil our contractual obligation.  If you are not able to provide all the information we need we may not be able to provide the service to you and the arrangement may be terminated.

Legitimate interests (GDPR Article 6(1)(f)

GDPR allows us to use legitimate interests for direct marketing purposes.  We have undertaken a legitimate interest assessment, which balances our business purposes for the processing against your right to privacy.  The outcome of the balancing test justifies our use of legitimate interests for this purpose.  For clients who have either enquired about our services with a view to purchasing them, or are existing customers using our services, or are lapsed customers who have used our services, or have booked on one of our training sessions, it would not be an unreasonable expectation to receive information from us about our services.

This also complies with e-Privacy laws, currently the Privacy & Electronic Communication Regulations 2003, which governs how a business can undertake electronic direct marketing.  We can rely on soft opt-in for “individual subscribers” for email marketing to prospective and existing customers.  We do not need either consent or soft opt-in for “corporate subscribers”.

We always give you the opportunity to object to receiving marketing communications from us, when we first collect your personal data and with every marketing communication thereafter.

You can change your marketing preferences at any time by:


Who we will share your personal data with

As a rule, we do not share your personal data with third parties without obtaining your consent to do so.  The exception to this is where:

  • your personal data is accessed and seen by our third-party outsourced website and email host provider, whilst they undertake work on our behalf;
  • your personal data is stored on servers hosted by our back-up cloud providers; and
  • we have to share your personal data if we are required to do so by law.

We do not share, sell or rent your personal data to third parties for them to use for their own marketing purposes.


How we keep your personal data safe

We take the security of your personal data seriously and we have put in place the appropriate organisational and technical measures to safeguard your personal data.  These measures include:

  • Encryption of servers and devices where necessary;
  • Password access to computers and mobile devices;
  • Secure premises;
  • Restricting access to information to only those who need to see it;
  • Internal policies and procedures on data protection and information security; and
  • Staff training

When we use third-party providers to process and/or store personal data we undertake relevant assessments of their business to establish their level of compliance with GDPR and only use those that provide sufficient guarantees to implement appropriate technical and organisational measures to safeguard personal data.

Our website and email host provider only store this data on UK based servers.

If you suspect your personal data has been lost or misused, please report it to us.


Transferring personal data outside of the UK and EU

We use back-up cloud server providers to store our information.  These cloud server providers have UK and EU based servers.  However, there may be occasions when the information needs to be stored on servers outside of the UK and EU.  We therefore ensure that we have the appropriate safeguards in place and comply with the GDPR rules relating to the transfers of personal data to 3rd countries, which includes transferring your data:

  • on the basis of an adequacy decision;
  • to the US under the EU-US Privacy Shield Framework;
  • under an appropriate data transfer agreement, which includes standard contractual clauses adopted by the European Commission;
  • for the conclusion or performance of a contract between ourselves; or
  • when we have obtained your permission to transfer your personal data.


Retention of information

When we have concluded the provision of our service to you we will keep your data for a period of 2 years before it is securely disposed.


Your rights

Unless you are a sole trader or a partnership (in certain cases), it will be the individuals who work for your business that have various rights in relation to how we process their personal data.  Individuals can:

  • access the personal data we keep about them and be given specific information about the processing.
  • ask us to update inaccurate personal data we hold about them.
  • ask us to delete their personal data but only when specific grounds apply.
  • ask us to restrict the processing of their personal data, for example if they are contesting the accuracy of it.
  • object to the processing of their personal data if they do not agree with our legitimate interest grounds and for direct marketing purposes.

We do not undertake any solely automated decision-making, including profiling.

Should you wish to exercise any of your rights please get in touch with us.

If you are not happy with how we have been processing your personal data or have not dealt with one of your rights correctly when you have asked us to you may lodge a complaint with the Information Commissioners Office (ICO).  The ICO has several ways in which you can get in touch with them, including post, email, and online forms.  To find out how click here.


Our Contact Details

You can contact us by:


Cookie Policy

Website Visitors

In operating our website, we use a third party service, Google Analytics, to collect and process standard internet log information about your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data.

Use of Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We gather information about your general internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. Cookies help us to improve our website and the service that we provide to you.

We gather information regarding your computer whilst you visit our website.  This information is non-identifiable statistical information which enables us to improve our services to you.

All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access parts of our website.