Privacy Statement 

For the purpose of data protection legislation[i] “the data controller is De’Leigh Ltd. 1 Five Rise Bingley BD16 4DT. Registered with the Information Commissioners Office. Our registration no. ZB5 41443 our registration date: 27.04.2025 to 28.04.2026.

Our Commitment to you

Your privacy is important to us. To enable us to undertake our business objectives we collect and use personal data about individuals. We recognise the trust placed in us by individuals whose data we are entrusted with. This policy together with any other documents referred to in it, sets out the basis on how any personal data collected, how it is used, how it stored and how and when it is destroyed. It also sets out how individuals can request it to be changed / corrected or removed. In other words, it tells you how we will “process” your data in a way which is lawful whilst also protecting and respecting your privacy. It will also tell you what we do not do with your personal data.

Please take some time to read the following carefully to understand our approach and practices. We take complaints we receive very seriously. If you think our collection or use of your personal data is unfair, misleading, or inappropriate, please bring this to our attention and we look at your concern and provide a response within 14 working days. We always welcome suggestions for improving our procedures.

If, on receiving our response you remain unhappy you can contact the Data Commissioner’s Office at ICO, www.ico.org.uk or write to:

• Address: ICO   Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF
• Telephone: 0303 123 1113 for advice or to make a complaint.

Our data protection principles

• Private: We will never sell, give, or trade information about you to other companies. Your data will not be supplied to anyone except as described in this policy unless we are obliged by law to disclose it.
• Secure: In accordance with the UK Data Protection Act and EU General Data Protection Regulations (GDPR) we will follow strict security procedures in the storage and disclosure of information that has been given to us, to prevent loss, theft, or unauthorised access.
• Necessary: We will not collect information unless it is needed for the purposes, we have told you about in this policy, to be able to deliver a better service or to share useful or relevant information.

What personal date do we hold?

The data we collect and receive about you depends on the type of interaction /purpose you have with us.

• For business interest: We will require contact details of the person making the call.
• For training purposes: We will require details of people attending the courses, this is for attendance records, health and safety and certificate references.
• For 1:1 Individual representation or support: Contacting us by telephone we will take your name, contact details and we may ask you for your email address or postal address if you are requesting, we send something to you.
• For projects/investigations where 3rd parties are referred to: Where people cannot give authority themselves / or where the issues are particularly sensitive, we will use anonymised references.
• For legitimate Interest: We will only collect information for legitimate interest.

What we will ask for and why

For website visitors: When you visit our website, we receive information about you in two ways:

1. Directly from you: Usually this is your contact details and any other information you provide by completing the on-the line contact form. We use this information to enable us to provide you with information, products of services we feel may be of interest to you where you have agreed to be contacted for such purposes. If you no longer wish to receive information from us, and we are not under contract with you, then please request to be unsubscribed.
2. Automatically from the website: This will include your IP address, and your browsing behaviour. Understanding the way, you interact with our site enables us to improve services. Our cookies policy explains our use of cookies and Google Analytics to collect and analyse this information. We use this information for our legitimate interest in ensuring that content from our site is presented in the most effective manner for you and for your computer.

Accessing our Training Programme: If you are attending training, workshops, away-days, conferences facilitated by De’Leigh Ltd. OPUS Centre of Excellence, we will ask you for completion of the following details. We hold this information for administration and health and safety reasons.

• Name, Address, Phone number, Email, Gender, Nationality, Ethnicity, Disability.

For Business-to-business Contacts / Projects we ask for:

• Contact name, Email address, Job title, Phone number.

We will use this information to:

• Provide you with information, updates and current work project about services and products
• Signpost content of interest to you, based on the information you entered into our online tools.
• Administer your membership (including follow up renewals, or upgrades) and provide you with services within your membership (retainer) agreement.
• Notify you about changes in our services

Statutory Retention:

We retain information about our members and subscribers for the duration of their membership or contract agreement, except as required by law of Limitations or to protect our legitimate interests of those of third parties.

Open-Source Intelligence:

For the purpose of due diligence, we may also access information that is publicly available this is called “Open-Source Intelligence” (OSI) We will always provide full citation and reference where we use OSI. 

Recruitment: Anybody applying to work with De’Leigh as a Partner or an Associate will be required to submit two forms of identification taken from the government approved list, this is to prevent money laundering. We will also ask for details of current role, CV, and record of CPD, and evidence of professional accreditation and insurance certificate. We may also access Open-Source Intelligence (OSI) i.e., social media in support of your application. This data will be used for the purpose of completing projects. The request will be renewed on the anniversary of the start of the contracting relationship.

Who we share personal data with

De’Leigh shares your personal information with the following categories of recipients.

• Regulators: Where necessary i.e., as evidence for criminal / regulatory investigation.
• Training Body accreditors: for example: CPD, Institute of Occupational Safety and Health.
• Your employer (as appropriate) in the case of employment related issues / development purpose.

Safeguards and Security

De’Leigh systems are managed and maintained in accordance to the UK Government Cyber Essentials Standard and AI Governance.

• We undertake a Data Impact Assessment for each contract.
• We do not operate out of the UK, and we do not transfer date outside of the UK.
• Where we plan to use external platforms to undertake parts of our business we ensure that a Data Impact Assessment is undertaken before a decision is made.

You can manage your De’Leigh communication preferences or unsubscribe at the bottom of any non-essential emails you may receive from us.

• You have the right to update, to correct any information we hold about you.
• You have the right to request all personal information relating to you that we hold.
• You have the right to request restrictions of the processing of that data.
• You have the right to request that we delete that data or ask that is not used for the purpose for which it has been collected.
• You may also have the right to data portability

Where you are requesting copies of the information we hold about you, this is called a “Subject Access Request” (SAR) We may request a nominal administration charge for supplying copies of data, and we may also require you to provide us with appropriate identification before we comply with the request. You can also find out more information about your privacy rights on the Information Commissioner’s Office website; www.For the public | ICO

If you have any questions, please contact us:

• Write to us at: De’Leigh Ltd. Lock Keepers Cottage 1 Five Rise Bingley BD16 4DT
• Email: hello@deleigh.co.uk
• Call: 07714 68310
• Through our website: www.deleigh.co.uk

Making a “Subject Access Request” *

Data Protection legislation requires us to respond to your request within one month of verifying your identity (or within 3 months for more complex cases). You’ll receive a full response as soon as we can reasonably provide one, but our aim to resolve all subject access requests within 30 calendar days. In more complex cases where we cannot provide a full substantive response within that time frame, we will write to you within 30 calendar days to explain why an extension is needed.

 [i] Data protection legislation means the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018., the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000(SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, and all other applicable laws and regulations relating to processing of personal data and privacy in any applicable jurisdiction as amended and replaced, including where applicable the guidance and codes or practice issued by the UK Information Commissioner or such other relevant data protection authority.

V. 2 – 2025.09