top of page

PRIVACY NOTICE

This Privacy Notice is provided by the Privacy Protect Group Ltd, hereafter referred to as “PPG” (“we”, “our” or “us”). Privacy Protect Group is registered with the Information Commissioner’s Office (ICO) under reference number ZB698813


This privacy notice tells you how the PPG will use your personal information. It explains what you can expect us to do with your personal information when you use our service or have an interaction with us.


For the purposes of this privacy notice, the PPG is a Data Controller where we collect information for our own purposes, like delivering services to you and collecting payment. 


PPG is a Data Processor at any point we undertake work on your behalf, as instructed by you, for example preparing templates, advising on breach prevention actions, or undertaking compliance checks. 

On this page:

Purposes and Lawful Bases

Whose personal data do we process

What data do we process

How we get your information

What we do with your data 

How long do we keep your data 

Children's privacy 

Where your data is processed

How we protect your data 

Our Sub-Processors 

Your Rights 

Links to other websites

Contact us

Your right to complain

 

Changes to this privacy notice

We keep our privacy notice under regular review to make sure it is up to date and accurate.

It was last updated on 16 June 2025.

Privacy Protect Group Ltd logo - a dark blue shield

#ItsSimple

This Privacy Notice is from a company called Privacy Protect Group (PPG). It explains how PPG uses your personal information when you use their services or interact with them.

 

PPG sometimes collects your information to do their own work, like helping you use their services or handling payments.

 

Other times, they use your information to do specific tasks for you, like giving advice or checking if you're following privacy rules.

 

They follow important rules to keep your information safe and private.

#ItsSimple

We check our privacy notice often to make sure it’s correct and up to date. The last time we updated it was on 16 June 2025.

Purposes and lawful bases

PPG may process your personal information for the following purposes:

  • UK GDPR Article 6(1)(a) – consent, for example when providing services that you have opted into, such as training content updates;

  • Article 6(1)(b) for example when performing a contract or providing services to you, including free consultations, digital products and processing payments where relevant, and facilitating bookings, for training events, key note speeches or similar;

  • Article 6(1)(c), when complying with legal obligations, such as Health and Safety laws, tax obligations, or similar.

  • Article 6(1)(d), when taking action to protecting individual’s vital interests, for example sharing information in an emergency;

  • Article 6(1)(f) – legitimate interests, for example when gathering feedback to improve our service.

Where we process data based on legitimate interests, a legitimate interest assessment has been conducted to ensure the risks and benefits of the processing have been assessed and documented. 

Where we process special category data, such as your learning preferences which may reveal health information about you, we will do so under a lawful basis grounded in Article 9(2) which will be supported by at least one Condition in Schedule 1 of the Data Protection Act 2018. 

#ItsSimple

Sometimes, PPG staff will use your personal information for different reasons, like:

  • If you say “yes” to some services, like updates for training content (this is called consent).

  • If we need to follow through on a contract or provide you services, like helping with bookings or payments for events.

  • If there are laws we have to follow, like health and safety rules or paying taxes.

  • If there’s an emergency and we need to help someone stay safe.

  • If it helps us make our services better, like asking for feedback (this is called legitimate interests).

If we need to use more sensitive information, like your learning preferences that might be linked to your health, we’ll follow special rules to make sure it’s done legally and carefully.

Whose personal data do we process

We process information relating to a range of individuals, including;

  • customers and service users

  • complainants, correspondents and enquirers

  • advisors, consultants and other professional experts

  • suppliers

  • current and former employees, temporary and casual workers, and volunteers

#ItsSimple

We handle information about different people, like:

- Customers who use our services

- People who make complaints or ask questions

- Experts who give us advice

- Suppliers who provide us with things we need

- Employees, volunteers, and workers who help us

What data do we process

The data we collect from you includes:

  • personal data, including your name, email address, telephone number, and address

  • employment details such as your role and the organisation you work for

  • education and training details

  • sound and visual images (e.g. from CCTV)

  • financial details to facilitate payments and invoicing

  • goods or services provided

  • information relating to health and safety

  • complaint, incident, and accident details; questions, queries or feedback you leave, including your email address if you contact us

  • opinions and assessments of staff in relation to matters dealt with

 

The types of personal data we process will vary depending on the purpose. We aim to process the minimum amount of personal data necessary for the relevant purpose. You should not assume that we hold personal data in all of the categories identified for every person whose personal data we process.

The categories identified are not exhaustive. Occasionally, we may gather other personal data for the purposes described.

#ItsSimple

We collect different types of information about people, like your name, address, email, job details, education, and even things like feedback or questions you share with us. Sometimes, we also collect health and safety details, images from cameras, or financial information if it’s relevant.

 

The amount and type of information we collect depends on why we need it, and we only gather what’s necessary. There might be other kinds of information we collect, but it’s always for a specific reason.

How we get your information

Most of the personal information we process is provided to us directly by you through your interactions with our staff, website or digital services.

We may also receive personal information indirectly by someone who has provided your data, for example if your employer is booking a session on your behalf.

We collect personal data from a variety of sources, including:

  • individuals who visit the website and interact with it (including by filling in and submitting forms)

  • businesses (including security companies, and other supplies of goods and services) and other private sector organisations working with us

  • legal representatives

  • auditors

  • current, past or prospective employers of individuals

  • healthcare, social and welfare advisers or practitioners

  • education, training establishments and examining bodies

  • business associates and other professional advisors

  • our employees, agents, and other temporary and casual workers

  • persons making enquiries or complaints

  • financial organisations and advisors, and credit reference agencies

  • survey and research organisations

  • trade, employer associations, and professional bodies

  • the media

  • CCTV systems

#ItsSimple

We collect most of the personal information directly from you when you talk to us, use our website, or fill out forms. Sometimes, we get your information from other people, like your boss if they book something for you or from companies and organisations we work with.

 

We collect this information to help us do things like keep things safe, answer questions, or run our services better.

What we do with your data

PPG may disclose personal information to a range of recipients including those from whom personal data is obtained, for example in response to a data subjects rights request.

Disclosures of personal information are made on case-by-case basis. Only relevant information, specific to the purpose and circumstances, will be disclosed and with necessary controls in place.

The data we collect may be shared with our technology suppliers, for example our hosting provider.

We will share your data if we are required to do so by law, for example, by court order, or to prevent fraud or other crime. This may include:

  • the Home Office

  • courts

  • a regulatory body who can demonstrate that there is a legitimate purpose for the processing of your personal data, such as the Information Commissioner's Office (ICO).

 

We may also disclose personal information on a discretionary basis for the purpose of legal proceedings or for obtaining legal advice.

If we make disclosures outside of the United Kingdom and the European Economic Area to locations which do not have as extensive data protection laws we ensure that there are appropriate safeguards in place to certify that the personal data disclosed is adequately protected.

#ItsSimple

Sometimes, we might need to share your personal information with others, like the people we collect it from or companies that help us with technology, like storing data online. We only share your information when it’s necessary and make sure it’s done safely.

 

If required by law, for example, by a court or to stop a crime, we might need to share your information with the government, the police, or other important organisations. We also share personal information when needed for legal help or advice.

 

If we send your information to other countries where data protection rules aren’t as strong, we make sure there are extra rules in place to keep your information safe.

How long we keep your data

We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to. Our retention periods are determined by a combination of factors, including legal requirements, business needs, industry standards, and risk assessments.

#ItsSimple

We will only keep your personal information for as long as we need it to do what we’ve explained here or if the law says we have to keep it.

 

How long we keep it depends on rules, business needs, and safety checks. When we no longer need it, we safely get rid of it following our rules for handling records.

Children's privacy

In our capacity as a Data Controller, we do not intentionally collect or maintain data about anyone under the age of 13. Our service is not designed for, or intentionally targeted at, children 13 years of age or younger.

PPG may, hold some data on children 13 years of age or younger, when acting as a Data Processor, for example, if a client instructs us to undertake a piece of work involving children’s data.

#ItsSimple

We don’t collect or keep information about kids under 13 on purpose. Our services aren’t made for them.

 

However, if a customer needs us to work on something that involves kids’ data, we might hold some information about them, but only because the client asked us to.

Where your data is processed and stored

We design and run our systems to make sure that your data is as safe as possible at all stages, both while it's processed and when it's stored.

Your personal data is primarily stored in the United Kingdom (UK). Some of our information, especially that hosted by a third party may be stored in the European Economic Area (EEA) or the United States (US).

Amalgamated analytics data and that related to cookies may be stored outside of the EEA, for example in the US and are covered by a separate notice. We will have robust and compliant transfer mechanism in place to conduct international transfers

#ItsSimple

We work hard to make sure that your information stays safe and protected all the time. Most of your data is kept in the UK, and some might also be stored in countries in Europe.

 

Sometimes, information can be stored outside Europe, like in the United States, but we use special rules and checks to make sure it’s handled carefully and legally, no matter where it is.

How we protect your data and keep it secure

We are committed to keeping your data secure. Our systems meet appropriate industry security standards, and we comply with the relevant parts of legislation relating to data security. We have set up systems and processes to as a minimum:

  • prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of access permissions and encryption;

  • have appropriate policies, training, technical and procedural measures in place, to ensure our buildings are secure and protected by adequate physical means, and our policies contain guidelines as to what use may be made of any personal information;

  • regularly monitor and check to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason;

  • ensure that any third parties that we deal with keep secure all personal data they process on our behalf via processing contracts and similar arrangements.

#ItsSimple

We work hard to keep your information safe. Our systems are designed to stop anyone from seeing or using your data without permission.

Here’s how we do it:

•We use passwords and special codes to make sure only the right people can see your data.

•Our buildings are secure, and only people with permission can go inside.

•We train our team on how to protect your information and follow strict rules about using it.

•We check our computer systems regularly to stop things like losing data.

•When we work with other companies, we make sure they follow the same rules to keep your data safe.

 

No matter where your information is stored or who handles it, we make sure it’s protected and used only the right way.

Our Sub-Processors

PPG uses certain sub-processors to provide our services.

A sub-processor is a data processor engaged by PPG, who agrees to process personal data of PPG’s users and customers, on behalf of PPG and in accordance with PPG’s written instructions.

Prior to engaging with a sub-processor, PPG conducts appropriate due diligence, which includes security and legal analysis. Each sub-processor enters into a written contract with PPG that enforces compliance with applicable data protection laws. Cross-border transfers are conducted under applicable approved mechanisms (together with additional measures, where required) to ensure compliance with applicable data protection laws. These measures may include Standard Contractual Clauses (SCC), Data Privacy Framework (DPF) arrangements, International Data Transfer Agreements (IDTA) or similar.​​​​​​​

#ItsSimple

PPG works with other companies, called sub-processors, to help provide services. These companies handle personal data for PPG but must follow strict rules to keep the data safe. PPG checks these companies carefully before working with them and ensures they sign agreements to protect your information.

 

PPG also makes sure that data shared with these companies is transferred safely and meets privacy laws.

Sub-Processor
Service Provided
Location of Processing
Transfer Mechanism
Adyen N.V
Payment collection services
EEA, UK and US
SCC / DPF
QuickBooks (Intuit Ltd.)
Invoice and Accounting Software
EEA, UK and US
SCC / DPF
Google Ireland Ltd
Cloud hosting and content delivery provider
Ireland
N/A
Microsoft Corporation
Software services
UK and other registered entities
SCC / DPF
Stripe Payments Europe Limited
Payment collection services
EEA, UK and US
SCC/ DPF / UK IDTA
Wix.com (UK) Limited
Website platform and related services
UK and other locations (Wix's registered entities)
SCC
Business Works UK Limited
Mail forwarding service
EEA, UK and US
N/A
Zoom Communications, Inc.
Conferencing software services
US
SCC / DPF
Eventbrite UK Limited
Ticketing platform for events
EEA, UK and US
SCC / DPF / UK IDTA

Your rights

Under the data protection legislation, you have a number of rights that you can exercise in relation to personal data we process about you. You do not have to pay to exercise your rights (other than a reasonable fee if a request for access is clearly unfounded or excessive but we agree to fulfil it anyway).

You have the following rights:

  • Right to Withdraw consent - where we have relied on consent as a lawful basis for processing your data, you may opt out and withdraw your consent at any time.

  • Right to be Informed - This places an obligation upon PPG to tell you how we obtain your personal information and describe how we will use, retain, store and who we may share it with. We have written this Privacy Notice to explain how we will use your personal information and tell you what your rights are under the legislation.

  • Right of Access – This is commonly known as subject access and is the right which allows you access to your personal data and supplementary information, however it is subject to certain restrictions. Normally we will provide a response within one month of receipt of your request unless an exemption applies. You can request access to the personal data we hold about you, using the contact details in this privacy notice.

  • Right to Request Rectification – You are entitled to have personal data rectified if it is inaccurate or incomplete. If we hold personal data about you that is inaccurate or incomplete, you have the right to ask us to correct it. You can ask us to correct your personal data using the contact details in this privacy notice. We will reply to you within one month unless the request is complex.

  • Right to Erasure – The right to erasure is also known as ‘the right to be forgotten’. This right enables you to request the deletion or removal of personal data where there is no compelling reason for its continued processing. The circumstances most likely to apply are:

    • where holding your personal data is no longer necessary in relation to the purpose for which we originally collected and processed it;

    • where you withdraw your consent to us holding your personal data if we are relying on your consent to hold it;

The right of erasure does not apply if we are processing your personal data:

  • to comply with a legal obligation;

  • for the establishment, exercise or defence of legal claims;

  • for archiving purposes in the public interest, scientific research, historical research or statistical purposes where erasure is likely to make it impossible to carry out or seriously impair that processing.

If you want to ask us to delete your personal data, you can do so using the contact details in this privacy notice. We will respond to you within one month unless the request is complex.

  • Right to Restrict Processing – Under certain circumstances you have a right to ‘block’ or suppress processing of personal data. This may be in cases where:

  • you are contesting the accuracy your personal data while we are verifying the accuracy;

  • your information has been unlawfully processed and you oppose its erasure and have requested a restriction instead;

  • where we no longer require your personal data, but you need it to establish, exercise or defend a legal claim and do not want us to delete it.

 

When processing is restricted, organisations are permitted to store the personal data, but not further process it. You can ask us to restrict processing of your personal data using the contact details in this privacy notice.

  • Right to Data Portability – You have the right to obtain and reuse your personal information for your own purposes, transferring it from one environment to another. This right only applies to personal data provided by an individual, where the processing is based on their consent or for the performance of a contract and when that processing is carried out by automated means. If you wish to discuss this right, you can do so using the contact details in this privacy notice.

  • Right to Object – You have the right to object to:

    • The processing of your personal data based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);

    • The processing of your personal data for direct marketing (including profiling); and

    • The processing of your personal data for the purposes of scientific/historical research and statistics.

Any objection must be on grounds relating to your particular situation. If you want to exercise your right to object you can do so using the contact details in this privacy notice.

  • Rights Relating to Automated Decision Making – You have the right not to be subject to a decision when it is based on solely automated processing (including profiling) and which produces a legal effect or similar significant effect on you. This right does not apply if the decision is authorised by law, is necessary for entering into or performance of a contract, or is based on your consent.

We are unlikely to carry out automated decision making because our processes involve some type of human interaction and decision-making. Profiling is any form of automated processing of personal data intended to evaluate certain personal aspects about you to predict things about you such as your behaviour, interests, movements or performance at work. We do not currently carry out automated profiling. If you have any questions about automated decision-making or automated profiling you can raise them using the contact details in this privacy notice.

#ItsSimple

You have rights when it comes to how your personal information is used.

 

You can:

- Change Your Mind: If you’ve said “yes” to us using your information, you can always change your mind and say “no.”

- Be Informed: We will always tell you how we use your information and who we share it with.

- See Your Info: You can ask to see the information we have about you.

- Fix Mistakes: If something is wrong with your information, you can ask us to correct it.

-Delete Stuff: You can ask us to delete your information if we no longer need it.

- Pause Processing: If you’re unsure about how your information is being used or if it’s being used incorrectly, you can ask us to stop using it for a while.

- Take Your Information: You can move your information to another company if you want to.

- Say No: You can say no to us using your information for certain things, like ads.

- No Robots Allowed: If a computer is making important decisions about you, you can ask for a real person to review it instead.

If you have questions or want to use any of these rights, just reach out to us through the contact details we’ve provided.

Links to other websites

The PPG website contains links to other websites. This privacy notice only applies to PPG and does not cover other services and websites that we may link to. These websites have their own terms and conditions and privacy policies.

If you go to another website from this one, read the privacy policy on that website to find out what it does with your information.

If you come to PPG from another website, we may receive personal information from the other website. You should read the privacy policy of the website you came from to find out more about this.

#ItsSimple

Some links on the PPG website take you to other websites. This privacy notice only covers PPG, so those other sites might have their own rules about how they use your information.

 

If you visit another site, make sure to read their privacy notice to understand what they do with your data.

 

Also, if you came to PPG from another website, PPG might get some details about you from that site. Check the privacy notice of the site you were on before to learn more about this.

Contact us

We take our data protection responsibilities seriously. We take great care to ensure we process your personal data properly to maintain your trust and confidence. You can contact our Team if you have any questions or concerns about how we process your personal data, using the following methods:

Privacy Protect Group Ltd.

4 Lidgett Lane

Garforth

Leeds

LS25 1EQ
UNITED KINGDOM

 

Email: dpo@privacyprotectgroup.com

#ItsSimple

If you have questions about how we handle your personal data, you can get in touch with us.

 

Here’s how you can reach our team:

Privacy Protect Group

4 Lidgett Lane

Garforth,

Leeds,

LS25 1EQ

United Kingdom

 

Email: dpo@privacyprotectgroup.com

Your right to complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, you can make a complaint to PPG and we'll respond.

If you remain dissatisfied, you can make a complaint to the Information Commissioners Office (the UK supervisory authority) about the way we process your personal information.

The Information Commissioner's Office (ICO) regulates the processing of personal data. You can complain to the ICO if you are unhappy with how we have processed your personal data using the following details:

The Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

Website: www.ico.org.uk/concerns

 

 

Version history of this privacy notice

(Version - ​Date - Update to Privacy Notice - Date of publication)

V1.0 - 11 May 2024 - First publication. - 11 May 2024

V1.1 - 03 June 2024 - Adyen added as sub-processor. - 3 June 2024

V1.2 - 17 June 2024 - Fresh Books added as sub-processor and ICO registration number listed. - 17 June 2024

V1.3 - 11 November 24 - Changes to consent based opt in for training updates added. - 11 November 2024

V1.4 - 25 March 2025 - Updates to accounting software (Change from Fresh books to Quickbooks) and change of mail forwarding services (Your company formations to Business Works UK). Update to registered address. - 25 March 2025

V1.5 - 16 June 2025 - Addition of Eventbrite as a ticketing platform. -  16 June 2025

#ItsSimple

If you have questions about how we use your personal information or feel something isn't right, you can talk to us.

 

If you're still unhappy, you can complain to a group called the Information Commissioner’s Office (ICO). They are in charge of making sure personal information is handled properly in the UK.

 

Here’s how you can reach them:

Address:

Wycliffe House,

Water Lane,

Wilmslow,

Cheshire,

SK9 5AF

 

Helpline number: 0303 123 1113

bottom of page