Privacy Policy

(last reviewed 30 April 2025)

We are committed to safeguarding the privacy and security of personal data. This notice explains what personal information we collect, why we use it, how long we keep it and the rights you have in relation to it.

1. Who we are

Nosduo Limited (registered in England & Wales, Company No. 10996554), trading as Nosduo Consultancy Services.
Registered office: 7 Spring Road, St Osyth, Essex, CO16 8RN Data-protection contact: The Director (Data Protection Manager) – info@nosduo.co.uk | +44 7976 725850

As a controller we decide why and how personal data is processed; where we act for clients we may instead be a processor and will identify the relevant controller.

2. Our legal framework

We comply with:

UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (A guide to the data protection principles | ICO, Data Protection Act 2018 - Legislation.gov.uk)
Privacy and Electronic Communications Regulations 2003 (PECR) for electronic marketing and cookies (Cookies | ICO, [PDF] Guidance on the rules on use of cookies and similar technologies)
ICO guidance on accountability, breach reporting and individual rights (Guide to accountability and governance | ICO, 72 hours - how to respond to a personal data breach | ICO, A guide to individual rights | ICO)

The seven UK GDPR principles—lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity/confidentiality; and accountability—underpin everything we do (A guide to the data protection principles | ICO).

3. Your rights

You may at any time: access, rectify, erase, restrict or port your data, or object to certain processing. You also have the right to complain to the Information Commissioner’s Office (ICO) (ico.org.uk | 0303 123 1113) (Make a complaint | ICO - Information Commissioner's Office, Contact us | ICO - Information Commissioner's Office). We would appreciate the opportunity to address concerns first.

HOW WE COLLECT & USE PERSONAL DATA

3.1 Providing consultancy services

Data collected: names, business contact details, job titles, identification documents, project material.
Purpose & lawful basis: to perform our contract with you, comply with legal duties, and pursue legitimate interests in delivering and improving our services.
Disclosure: limited to third-party suppliers, professional advisers or partner firms where required to provide or recommend services, always under appropriate safeguards.
Retention: normally six years from the end of our engagement, aligning with ICO retention guidance and statutory limitation periods (72 hours - how to respond to a personal data breach | ICO).

3.2 Events, newsletters & marketing

Data collected: name, email/IP address, employer, interests; for events, dietary/access needs (may reveal health or belief data).
Purpose & lawful basis: with your consent, or our legitimate interest in keeping you informed of relevant insights.
Opt-out: you can stop marketing at any time via the unsubscribe link or the contacts above.
Retention: we keep data solely for marketing until you withdraw consent.

3.3 Our people

Data collected: identification, contact, CV, references, background checks, payroll, performance, CCTV/IT logs; special-category data where necessary (e.g., health).
Purpose & lawful basis: employment contract, legal obligations (e.g., right-to-work), legitimate interests in managing the business, safeguarding employees and clients.
Retention: applicants – six months; employees – duration of employment plus six years.

DATA SECURITY & INTERNATIONAL TRANSFERS

We employ technical and organisational measures to protect data, limiting access to authorised personnel only and logging all incidents. Any breach meeting the reporting threshold will be notified to the ICO within 72 hours (72 hours - how to respond to a personal data breach | ICO).

Where suppliers are outside the UK, transfers take place only under an ICO-approved International Data Transfer Agreement (IDTA) or Addendum (International data transfer agreement and guidance | ICO).

KEEPING YOUR DATA ACCURATE

Please tell us if your details change so we can keep records up to date. Inaccurate or incomplete data will be rectified promptly (A guide to individual rights | ICO).

CHANGES TO THIS PRIVACY NOTICE

We review this notice at least annually or whenever relevant legislation or our processing activities change. The latest version will always be available on our website.

For any questions, comments or requests regarding this policy, please contact the Data Protection Manager using the details above.

Quick reference of key legislation & guidance cited

Topic

Source

UK GDPR Principles

ICO Guide to Data-Protection Principles ([A guide to the data protection principles

Individual Rights

ICO Guide to Individual Rights ([A guide to individual rights

Accountability & Records

ICO Accountability Guidance ([Guide to accountability and governance

Data Breach 72-hr Rule

ICO Breach Response Guide ([72 hours - how to respond to a personal data breach