Privacy Notice

How we use personal data

This privacy notice explains how Data GRC Ltd (Registered in UK, number 10892418, 27 Old Gloucester Street, London, WC1N 3AX, UK) uses personal data.

We are Data Controllers (ICO registration number ZA284104) for the following processes:

  • Visitors to our websites
  • People we work with
  • Employees

More detail is provided about each process below.

If you visit our website

You can use our contact form to initiate business conversations with us. As a legitimate interest to maintain business relations.

We retain technical data relating to your IP address, device settings, use of our technologies and time stamps to monitor system performance and to prevent and detect cybercrime.

People we work with

We’re strong advocates of long term business relationships. We retain contact and business data of people we have or may work with, as a legitimate interest.

Employment with Data GRC

When individuals apply to work at Data GRC, as staff, contractors or volunteers, we will use the information that is provided to assess the applicant. We will obtain your agreement before reqesting references or other background checks. We will delete data from unsuccessful candidates after 6 months.

For employees, we will maintain employee records for a variety of reasons including legal (e.g. Employment, AML and tax law), contract (e.g. bank details) and legitimate interest (e.g. performance reviews). After their employment, we will retain necessary information that may be required for references or legal reasons.

Your Data Protection GDPR Rights

We fully respect your rights to request that we:

  • Allow you to opt-out of any process that you previously consented to, at any time.
  • Provide a copy of data we hold on you, or to pass it to a third party on your behalf.
  • Amend, delete or restrict processing of your data.
  • Explain and review any automated decision making or profiling.
  • Provide further information about our processing activities.

If you wish to raise a privacy request or contact us about any another matter, please contact our Data Protection Office using the form below or by sending a letter to “Data Protection Office, Data GRC Ltd, 27 Old Gloucester Street, London, WC1N 3AX, UK”.

When we receive a request, we will verify your identity, then normally complete our response within 1 month. We will retain details of your request as a legitimate interest, for quality assurance purposes and to ensure we continue to comply going forward.

Requests for “all data” will be deemed manifestly unfounded unless a reasonable purpose can be ascertained

You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Their helpline number is UK 0303 123 1113 Their website is:

Other Information

We only process personal data in the UK.

We only retain data for long as we believe there to be an appropriate business purpose, related to the reason you provided your data to us.

We only share personal data with third parties if they are processing that data on our behalf under written contract, or if required for legal or regulatory reasons. We will not sell or give away personal data.

If our website provides links to other websites, those websites are beyond our control. We encourage you to read the privacy notices on any other website you visit.

This privacy notice was drafted with brevity and clarity in mind. Please let us know if you would like more details.

We reserve the right to update our privacy notice and cookie notice at any time. We will notify affected Data Subjects of major amendments that affect their data.

Contact our Data Protection Office (DPO)

Scroll to Top