Privacy Notice

Privacy Notice: Information Governance Services Limited

Our Contact details

Name: Information Governance Services Limited
Address: Furlong House, 10A Chandos Street, London, W1G 9DQ, United Kingdom
Phone Number: 0208 8106 7939

  1. Overview

This Privacy Notice covers any personal data that Information Governance Services Limited (“we”) process when you have engaged our services as a client, for the cookies that we use on our website, when you have gone through our employment process and engaging us through our bookings request platform.

We take our responsibilities under both the UK GDPR and Data Protection Act 2018 very seriously. You can be assured that your information will always be used appropriately, lawfully and in line with data protection legislation. We will store your data securely with appropriate safeguards in place to protect it against unauthorised or unlawful processing and ensure that we do not store any of your data for longer than it is strictly necessary to do so. This Privacy Notice will set out everything you need to know about how we use your data, what data we may use, and why we use it.

  1. What personal data do we collect and why do we collect it?

As an organisation, we process personal data only where it is strictly necessary to do so. We process different sets of personal data in different circumstances, depending on your relationships and interactions with us. Examples of scenarios where we collect personal data are:

Client Data

If your organisation has, or is intending to procure, a business relationship with us, we may require information (some of which could be classed as personal data) to provide the services that you have engaged us for. We will require this information for functionality of communicating with you and your organisation and to facilitate a business relationship between us and your organisation.

The information we collect which will constitute personal data may include:

  • First Name;
  • Last Name;
  • Gender;
  • Email address;
  • Postal address;
  • Telephone number.

In particular circumstances, we may be required to collect additional information from individuals in order to fulfil our anti-money laundering obligations. In these circumstances, we will be required to collect the following information from you by way of a copy of your passport, which we will obtain directly from you:

  • Nationality (if we hold a copy of your passport);
  • Ethnicity (if we hold a copy of your passport);
  • Photograph (if we hold a copy of your passport);
  • Place of Birth (if we hold a copy of your passport);
  • Signature (if we hold a copy of your passport).  

Booking Requests

If you make an initial consultation meeting request through our website we collect certain pieces of personal data in order to process your request and to ensure that the meeting request is a valid business enquiry which one of our consultants should attend. If you make such a request, we collect the following information from you:

  • Name;
  • Email address;
  • Telephone number;
  • The name of your organisation;
  • The role within your organisation.

Recruitment Data

If you apply for an employment position with us, we may collect the following information in order to process your application and assess you as a candidate. Please note that all information collected from you which will be obtained directly from you:

  • First name;
  • Last name;
  • Email address;
  • Postal address;
  • Telephone number; and
  • Any other personal data included in the body of your CV and/or cover letter (e.g. ethnicity).

All personal data relating to you from your application will be appropriately deleted after the recruitment window has concluded.


If you are browsing our website, we will collect cookies from your device. Cookies are text files with small pieces of data which are used to identify your computer and specific users. When accessing our website, we are required to collect cookies for basic functionality of our site, without which, the site is not able to function. These cookies are known as ‘Necessary Cookies’.

We also use additional cookies for the purposes of tracking and monitoring how users interact with our site. We collect these cookies for the purposes of effectively monitoring our site as a business. These cookies are known as ‘Statistical’ and ‘Analytical Cookies’. Analytical (also statistical cookies) collect information about how a viewer uses a website, such as which pages you visit, and which links a viewer clicked on. Analytical cookies track when a viewer visits a site for the first time, as well as when they are a return viewer to the site. These cookies also track how long a viewer spends on a site at a given time, what link a viewer clicked on to access the site, and what keywords (if any) were used to generate the search. None of the information collected from these cookies are able to identify you as a person. It is all aggregated and, therefore, anonymised. 

Although aggregated, we will not collect any statistical or analytical cookies from you without obtaining your consent to collect first. Please note that wo do not collect any marketing/advertising cookies.

  1. What is our lawful basis for processing your personal data?

We rely on the following lawful bases to process your personal data under the UK General Data Protection Regulation:

Non-special category data:

  • Article 6(1)(a) – Consent (Cookies);
  • Article 6(1)(b) – Performance of Contract (Client Data, Booking Requests, Recruitment Data);
  • Article 6(1)(c) – Legal Obligation (Client Data);

Special Category Data

  • Article 9(2)(b) – employment, social security and social protection (Recruitment and Client Data).
  1. How long will we retain your personal data for?   

Your personal data will be kept in line with our statutory retention schedules and any legal obligation placed on us to keep your records, as well as our own retention schedules.

Broadly, we keep personal data collected for the following periods:

Client Data: The duration of the contract and client engagement, in line with our legal obligations to hold certain financial information.

Booking requests: 6 years.

Recruitment Data: For the duration of and immediately after the recruitment window. We will destroy all personal data held on unsuccessful applicants within 1 year of receiving your application or from the date of last correspondence, save for any information we are required to hold by law.

Cookies: Specific information about each cookie and the duration it is held for can be found within the cookie audit table of our Cookie Consent banner. Broadly, necessary cookies are held for 1 year to remember the consent of users in visiting our site and the consent they have provided, analytical cookies are held for 2 years.

  1. Who do we share your personal data with?    

Where information is shared, it will be done on strictly need-to-know basis and limited to what is necessary.

We do not share or transfer your personal data with anyone outside of the European Economic Area (EEA) area.

The only third parties with whom your personal data may be shared will be third parties with whom Information Governance Services Limited have a contractual relationship with. We will never unnecessarily share personal data with third parties, all personal data will only be shared in order to facilitate or assist with our contractual and legal obligations, or to allow us to undertake our professional services to our clients.

A list of our current processors with whom your data may be shared, and the functions they undertake can be found below:

Third Party Organisation Name

Location of Third Party Data Storage Centre

Third Party Functions

Easy LMS

The Netherlands (EU)

Learning Management System Provider for training modules

Microsoft Limited

United Kingdom

Cloud Storage, Email Service Provider

SumFactors Limited

United Kingdom

Website Hosting and Management Provider


Republic of Ireland (EU)

Google Analytics service for analytical cookies for website analytics

  1. Your personal data Rights

As a data subject, you have various rights about how your personal data is used.

Individual Right

Information about your rights

The right to object

In certain circumstances, as a data subject, you have the right to object to the processing of your data.

In the event that we carry out any direct marketing (which we currently do not, with any personal data), you have the absolute right to object to the processing of your personal data. The method of objection to such processing will appear in the subject of the direct marketing in question.

You also have the right to object to the processing of your data where a data controller processes personal data on for purpose of a public task or under legitimate interests. Please note that we do not carry out any data processing under either of these lawful mechanisms, as such, the right to object in these specific circumstances do not apply.

The right to be informed

As a data subject, you have the right to be informed about how your data is collected and used. This Privacy Notice serves as our transparency material for data subjects as to how your personal data is used, informing you of our uses.

This Privacy notice aims to provide you with information in a concise, transparent, intelligible way which is easily accessible and uses a clear and plain language.

The right of access

As a data subject, you have the right to access and receive a copy of the personal data we hold on you. You can make a subject access request to us for this information.

We will provide the information in an accessible, concise and intelligible format, and it will be disclosed in a secure way.

We have processes to ensure that you will receive it without undue delay and within one month of receipt, with the exception of circumstances in which we can lawfully extend the time limit to respond to your request.

We have the right to refuse such a request where there is a relevant restriction, or where the request is manifestly unfounded or excessive.

The right of rectification

As a data subject, you have the right to rectify inaccurate personal data which we hold on you. You can make a request to us verbally or in writing if you believe that information we hold on you is inaccurate.

We have the right to refuse a request and we are aware of the information we need to provide to you.

We have processes to ensure the response to a request for rectification without undue delay and within one month of receipt. In certain circumstances, we can extend the time limit to respond to a request.

The right of erasure

In certain circumstances, as a data subject you have the right to request verbally or in writing that we erase the personal data we hold about you. You can only request the personal data is erased where: it is no longer necessary for the purposes we collected it, if you provided the information by consent and you withdraw your consent, we have processed the information unlawfully, the erasure is in line with a legal obligation.

The right of restricting processing

In certain circumstances, as a data subject you have the right to request verbally or in writing that we restrict the processing of your data for a period of time. You can only request the processing of personal data is restricted where: you are contesting the accuracy of the personal data and it is being verified, the data has been unlawfully processed, we no longer need the personal data but you require us to keep it in order to establish, exercise or defend a claim

The right of data portability

As a data subject, you have the right of data portability, meaning you have the right to receive a copy of your personal data in a structured, commonly used and machine readable format.

 The right of portability only applies where we have collected this information via consent or the performance of a contract (see lawful bases above) and we are processing the data by automated means (i.e. not paper files)

Rights related to automated decision making including profiling

We do not make any automated decisions or automated profiling about any data subjects.

We regularly update and review this Privacy Notice and we will provide any new uses of personal data to your attention before processing it.

You can find out more about your rights by visiting the Information Commissioner’s Office’s website:

  1. Making a Complaint

Should you have any queries about the how your information is used, or wish to make a complaint about how your data has been used, then please contact our team at:

Alternatively, you can also contact the Information Commissioner’s Office (ICO), who are the UK’s independent data protection supervisory authority, for further information or to make a complaint:

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

The ICO have multiple ways of which they can be contacted, including telephone and live chat. More information about how you can get in contact with the ICO can be found below:

ICO Contact Information

Report a concern on the ICO website

Send Us A Message