back to homepage

Website Privacy Policy

This notice was last updated on May 25th, 2018

We, the GDPR Institut or GDPR Associates, are committed to protecting your privacy.

As such we have specified in detail what data we are collecting, how we are using your data and all rights you have under the European data protection law.

We may change this notice from time to time to stay aligned current with the changes in the general data protection regulation (GDPR) and E-Privacy Directive (PECR).

Please check back on a regular basis to read the latest version of this notice.

Data controller:

The UK based company, the GDPR Group Ltd, is the data controller for all data related to the GDPR Institut as well as GDPR Associates.
The contact details are:

The GDPR Group Ltd.
Kemp House 160 City Road
United Kingdom

phone: +44 (0)208 133 2545

Data protection officer:

For all inquiries regarding our usage of your postal data as well as executing your rights, please contact our data protection officer Raymond Ford:

phone: +(44) 07989305294

What information we are collecting from you?

We collect and process several bits of your personal information for different reasons, these are depending on the relationship we have with you.
The sections below will list the different relationships and per section list the data we collect and process including our reason for doing so.

GDPR Associates membership:

If you are a member the GDPR Associates, we collect the following data:

  • your name
  • your phone number
  • your e-mail address
  • your login name (in case this is not identical to your e-mail address)
  • payment details, but only for paying members

We collect this data to deliver you your membership benefits and allow you to login to our website.


From our clients, either requesting our one-on-one advisory calls, filling out the contact form on our website and/or entering into a contract with us to deliver various advisory services, we collect the following data:

  • company name
  • company address
  • payment details including company registration number, VAT number and bank details if required
  • name of contact person or persons

Per contact person we register:

  • Job title
  • phone number
  • email address

We collect these details to be able to provide you with our services, send invoices and contact you in relation to your requests and inquiries.

Marketing usage

We only will use your data to market our services to you under the following conditions:

  • You have provided us your consent to do so
  • You are an existing client, in which case we will only market to you related services to the ones you already have obtained which we may believe in good faith are of interest to you

In all cases, you have the right to opt-out of any marketing usage by using the relevant option present in all marketing communications.

Conference call recordings

For our records, to facilitate our services to you and to provide you with valuable insights on your questions and our advice, we will record all conference calls we have with you as our client.


  • at the start of each call we will explicitly request your consent for this recording to take place
    if you don’t give permission, the call will still be recorded but we will delete the recording directly after the call has finished
    – recordings will only be used by the GDPR Group Ltd. as well as shared with yourself as a party on the call

If you, at a later stage, change your mind, please contact us immediately and we will delete your call’s recording from our systems.

Who do we share your data with?

We only share your data with our partner organisations as well as professionals we contract to provide us with the necessary expertise to fulfil your contract.

We will share the following information with them:

  • your name
  • your phone number
  • your e-mail address
  • the conference call recording (if present)

We will inform you to which partner or professional we are sharing your data before we do so.

We will make sure that any party we share data with is held to the same strict data protection procedures as are used by us. Data is only shared for specifically defined reasons and may not be further processed by our partners and professionals for any other reason, except when expressly mandated by us or for the defence of legal claims.

At the moment that we inform you of the fact we will share your data with one of our partners or professionals, we will request you to consent to sharing the conference call recording as well.

Please note you are free to object against us sharing the recording, this will not adversely affect our ability to execute the services you have requested of us.

However, it may provide our professionals with a little more insight into your company and requests which may ease any additional work and may prevent duplicate questions thus saving time. However, the choice is all up to you.

How long do we keep your data for?

Again, this differs somewhat depending on the reason we collected your data for. Generally, the following retention scheme is use:

  • For memberships data is kept until 14 months after the memberships ends
  • Client data is kept for 2 years after the contract ends, unless specific requirements including fiscal law mandates us to keep certain information for a longer term
  • Data from prospects is kept no longer than one year after the last contact with the prospect

Your rights

Under the GDPR you, as a data subject, have the right to access all data we hold of you, correct data which you deem to be incorrect or incomplete, request us to stop processing your data or request us to delete all your data from our systems.

You can execute any of these rights by contacting our data protection officer, contact details can be found to the top of this privacy notice.

We will respond to your requests, where required, within 4 weeks of receiving your request.

Please note: to protect your privacy as well as that of our other members, clients and prospects, we may ask you to provide proof of identity to us. This may be necessary to make sure we do not provide your data to somebody else or provide you with data that is not your own.

Making use of your rights is free of charge, unless we deem your requests to be excessive, repetitive in nature or otherwise manifestly executed with malicious intent, we reserve the right to not respond to your request in full or charge you a reasonable fee based on our administrative costs.
In either case, we will inform you of our decision.

Further complaints

If we can’t agree on a resolution to your complaints, you believe we are handling your personal data incorrectly or we are infringing on any of your rights as listed above and we can’t come to a mutual satisfactory agreement to solve our differences, you are welcome to contact the Information Commissioners Office and register your grievances with them.

Please check for the relevant procedures.