Case Studies

How we use your personal information …

As Data Protection Specialists you would expect us to take privacy issues very seriously, and you are absolutely right. The Griffin House Consultancy, who I shall now refer to as GHCL, are 100% committed to protecting your personal information and we shall always be transparent with you about how we are using your details. The Data Protection Act, or DPA, states that organisations must be open about what information they collect, and how they intend to use it. This ‘Fair Collection Notice’ also called a Privacy Policy explains how we obtain, collect, process and store information about you.

How do we obtain your information & why?

In 99% of cases you will volunteer your personal details to us. We will always tell you before we capture your information why we need the information and how we will use it.


If you have enrolled onto one of our training courses then we will need to know your name, company address and contact details, and in order to support you in your learning experience we may need to ask for other specific information. We ask if you have any dietary requirements to accommodate your catering requirements on the day, and may ask if you require any particular assistance with Learning materials or additional help in taking the exam. Finally we ask for your ethnicity so that we can provide statistical analysis to the relevant authorities. The last three elements of information, will not be electronically stored against your name, but held anonymously and only referred to in the event of a query. We shall also record details of your pass mark. As we need your information to provide a certified course to you, we shall keep a copy of the data for a minimum of 10 years, but we will remove the entry at time if you so request.

Business Contacts

If you have made contact with us, or us with you, whether that be through networking, via social media or in person we shall add your name, company and contact details to our CRM together with appropriate relevant notes, such as details of our discussions, meetings, marketing contacts etc. If you are a Learner or Business Contact we will ask you if you would like to receive regular communications from us, and we shall do this within any guidelines with the DPA or PECR Regulations. You can change your preferences at any time, and if you ask us to stop communicating with you, we shall action this request immediately.

How we store your information.

All client information and files are retained on cloud servers hosted within the EU, any files containing commercially or personally sensitive information are encrypted before saving to the server. We store our marketing information in a robust CRM system, and ensure that only basic contact information, as stated above, is stored. Only authorised members of the team have access to your personal information, and we back it up regularly to prevent against loss or damage. This CRM is hosted in the USA. Files are encrypted before they are backed up, but backups may be stored in the USA.

Who do we share with?

Let me assure you that we will never sell your information, or share it with any third party, save those detailed below, or with any government agency entitled to this information by law. However, if in the event that the Griffin House Consultancy Limited is ever sold as a going concern, or enters into administration, the database of clients and prospects, shall be deemed an asset of the company, and the consents and permissions provided by the data subject shall be transferred to the new owners. For Learners, we will share your personal details with any awarding body as necessary to facilitate the awarding of your certificate or qualification. We may from time to time sub-contract elements of our operation to data-processors, such as a mailing-house, or market research company, but they will be working as a ‘Data-Processor’ on behalf of GHCL who shall at all times remain responsible for the confidentiality of the data. Any Data-Processor, will be vetted, and sufficient contracts will be in place to protect the integrity and privacy of your data. Where possible data will remain on servers within the EEA, however, we may store data on servers within the United States if the company is part of the approved ‘Safe Harbour’ scheme.

Your Rights

The DPA gives you a number of specific rights, and the legislation tells us what we can, and cannot do, with your information. For example you can ask for a copy of the personal information we hold about you, although we can ask for a small fee of £10.00 to cover the costs of collating and sending this to you. You can ask us to stop sending you direct mail, or emails, or ask us to stop processing your details. Finally, if we do something very bad with your information you can request compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website


Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. see our full cookie policy We do not store any personal data in the cookies that we use, and store the information anonymously to assist us in the running of the site, and also for monitoring the activity and traffic both to and through our website. To do this we use Google Analytics cookies. Depending on the browser you use you should be able to control what cookies are placed on your device through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or To opt out of being tracked by Google Analytics across all websites visit

If you have any questions do not hesitate to contact us

Best wishes
Mike Martin
Data Protection Officer
Data Protection Register Entry Details
Data Controller: Griffin House Consultancy Limited
Griffin House
Tel: 01673 885533
Registration Number: ZA081014