Privacy Notice


Our privacy promise to you

At Firebird Data Protection Consultancy Limited, we are committed to protecting and respecting your privacy. 


We will always tell you what data we’re collecting about you and how we use it, and will never ask for more information than we need to. We will not share your data with any third parties, unless you have consented to this; they are a trusted partner working with us to provide the service you have requested; or the law requires us to. We will never sell your data.


We are committed to following industry best practices to ensure your data is stored safely and securely. We will protect the information we process about you, from accidental or unlawful access, disclosure, loss, damage or destruction.


We will always give you control over the communications you receive from us and you can stop or tell us you no longer wish to receive these, at any time.

This notice explains what personal data we process, why we process it, how we keep it secure and your rights:

1. Information we collect about you and how we use your data


We collect contact information about our subscribers, such as their name, email address and the name of the company they work for (where relevant), so we can send them the information they have requested and to keep them up to date with our news. We only obtain and use this information when the person has opted-in and consented to receiving our e-newsletters or information. Subscribers can opt-out from receiving this information at any time by emailing us at  We keep subscriber information for as long as the subscriber wants to stay in touch and receive our communications.


When a person sends us an enquiry through our website, we collect their name, email address and the nature of their enquiry / message. We need this information to pursue our legitimate interests in being able to respond to the enquiry we have received. We do not use this information to send direct marketing communications, unless the person has specifically requested and opted in to receiving this kind of information. We keep a record of our enquiries for up to two years. 

Website users

Our website uses cookies to collect information about our visitors’ navigation around our website, to help analyse how they use it and to improve their experience. The information captured may include the visitor’s IP address. This information is necessary for us to pursue our legitimate interests in monitoring and improving our website and to enable us to provide a better service and source of information to our website visitors. 

Data Protection Officer customers and their data subjects

We offer an outsourced Data Protection Officer service to organisations, to help them meet their obligations under the General Data Protection Regulation (GDPR). Part of this role requires the Data Protection Officer (i.e. Firebird), to be the single point of contact for data subjects exercising their rights, in relation to the personal data held about them by our customers. As a result, Firebird may be sent personal data directly from those data subjects or from our customers, who are seeking support in responding to these requests, complaints or enquiries. The personal data provided to Firebird may include the following:

· Name and contact details of the data subject

· Nature of the data subject’s enquiry, request or complaint

· Personal data held about the data subject, which is the subject of their enquiry, request or complaint

Firebird acts as their customers’ data processor in these circumstances, i.e. it is acting on their customers’ behalf and on their instruction. As such, the processing of this information is necessary for Firebird to fulfil their duties under contract with these customers. 

We will keep personal information about our customers’ data subjects, for the length of time instructed by our customers, or until the contract has ended.

We collect limited personal data about our customers. This may include their name, email address, work address and contact telephone number, along with a description of the service they have purchased or opted-in to receiving. We will only collect relevant information where it is necessary for our legitimate interests to provide effective services to our customers, or where it is necessary for us to enter into a contract or for the performance of a contract with the individual or company they work for. We keep personal information about our customers for the length of their contract and delete this information after the contract has ended.

2. Who we may share your data with

We do not share personal data about our subscribers, enquirers or website users with any other organisation.

Where we are acting as a Data Protection Officer for our customers, we may share the personal data provided to us directly by the data subject with our customer, in order to address the enquiry, request or complaint. This sharing will be necessary for Firebird to carry out their obligations under contract and for the legitimate interests of their customers, to be able to respond to the data subject. 

3. How we protect your data

We take our security responsibilities seriously in order to protect your data from accidental or unlawful access, disclosure, loss, damage or destruction. For example, all our data is held within the European Union; our data is held on encrypted servers; we use up to date virus and malware protection software; we run a paperless office and have a clear desk policy; we shred our confidential waste; employees are subject to Disclosure and Barring Service (DBS) checks; access to data is on a strict need to know basis; we have policies, procedures and training around data protection and security incident management and we regularly back up our data.

4. How long we keep personal data for

We will only keep your personal data for as long as we need to, to fulfil the purposes we collected it for, and where it is necessary to satisfy any contractual, legal, accounting, or reporting obligations. After this period, we will delete or securely destroy your personal data.

5. Your rights

You have the following rights over the way we process your personal data. We aim to comply with requests without undue delay, and within one month at the latest. You have the right to:

· ask us not to use your personal data for direct marketing;

· ask us not to process your personal data where it is processed on the basis of legitimate interests, if there are no compelling reasons for that processing;

· request from us access to the personal data held about you;

· ask for the information we hold about you to be rectified if it is inaccurate or incomplete;

· ask that we stop any consent-based processing of your personal data after you withdraw that consent;

· ask, in certain circumstances, to delete the personal data we hold about you;

· to ask, in certain circumstances, for the processing of that information to be restricted;

For information about how to exercise these rights, please refer to our ‘Contact Us’ section.

Contact Us

If you have any queries about our privacy notice, or would like to exercise any of your rights, please write to our Data Protection Officer at the following address:

Complaints and feedback

We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right.  If you remain unsatisfied, you have the right to complain to the Information Commissioner’s Office (ICO). The ICO’s contact details are available at   

Company information

Firebird Data Protection Consultancy Limited (Firebird) is a private limited company registered in England & Wales under registration number 10841251. Firebird is registered with the Information Commissioner’s Office in compliance with the UK Data Protection Act, under registration number ZA288370. Details about Firebird’s registration are available at

Changes to this privacy notice

Any changes that we make to our privacy notice in the future, will be posted on our website and may be emailed to our customers and subscribers.

This privacy notice was last updated on 18 February 2019

Contact Us

Drop us a line!

Firebird Data Protection Consultancy