Privacy Notice, Cookies & Sub-processors

 1.  When this Privacy Notice applies

 This Privacy Notice (“Notice”) applies whenever The Compliance Office Limited (referred to in this Notice as “The Compliance Office”, “we” or “us”) processes any personal data about you – for example, by collecting it, using it, storing it, or disclosing it to others.  It describes how and why we process your personal data, and what rights you can exercise in respect of your personal data.

Please note that this Notice applies only to the personal data described below, which we process as a controller.  If we process any personal data on behalf of our clients to provide our compliance services to them, we will undertake that processing as a processor in accordance with our clients’ instructions and subject to our data processing terms with our clients.  If you have any questions about personal data we process as a processor, we will direct those questions to the relevant client who is the controller of that data.


2.  About us

The Compliance Office is a limited company registered in England and Wales (company number 09133668).  Our registered address is at 20 Grosvenor Place, London, SW1X 7HN.  Our VAT number is 197 1067 86.

The Compliance Office is registered with the Information Commissioner’s Office under registration number ZA075078.


3.  How to contact us

If you have any questions or concerns about our processing of your personal data, please contact Andrew Donovan (Privacy Manager) using any of the following details:

  • email:
  • phone: +44 (0)1789 868444
  • post: Privacy Manager, The Compliance Office, 20 Grosvenor Place, London SW1X 7HN.


4. What personal data do we collect, why and what is our lawful basis?

We collect and process the following categories of personal data for the following reasons:


Which individuals?

What personal data?


Lawful basis under the UK GDPR

Clients and prospective clients

Name, title, date of birth and other identity information.


Contact information including address, email address and telephone number.


Business information including business name, job, title and profession.

We collect this information from you directly for the purpose of undertaking client identity checks and providing our services to you.



We have a legitimate interest to process personal data necessary to validate client identity prior to providing our services.


We also have a legitimate interest to process personal data necessary to provide our services to you.  In most (if not all) cases, this information will also be contractually necessary for us to provide our services.



Clients and prospective clients

Payment information, including bank account details and card numbers.

We collect this information from you directly for the purpose of invoicing and processing payments for our services.


We need to process this personal data in order to enter and perform our contract with you.  This information is contractually necessary.


We also have a legitimate interest in processing personal data necessary to take payment for our services.


Website visitors, clients and prospective clients

Contact information, including address, email address and telephone number.


We collect this information from you directly for the purpose of sending you occasional marketing communications.  We will only send these communications in accordance with your marketing preferences.


We will only use these details to send marketing communications where we have your consent, or where we have your soft opt-in to receive marketing communications and it is in our legitimate interests to send these communications to you.  You can unsubscribe at any time as explained further below.


Website visitors

Technical information from your device about visits to our website.  This information may include your IP address, device type, cookie ID, browser type and similar technical information.

We and our service providers collect and process this information automatically when you visit our website.  We use this information to understand how visitors use our website and to further develop and improve our website.

Where we use cookies or similar technologies, we will obtain consent in accordance with applicable data protection laws.


In other cases, we have a legitimate interest to collect this information for the purposes described opposite.


5. Disclosures of personal data

We may disclose the personal data we process:

  • to members of our group of companies, who will use your personal information only for purposes set out in this Notice or that are compatible with the purposes described in this Notice;
  • to third parties who provide services on our behalf, such as consultants, professional services advisers, IT hosting providers and email providers, subject to strict contractual terms that protect the personal data in accordance with data protection law;
  • to any competent law enforcement, judicial or regulatory authority if we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Notice; and
  • to any other person if you have consented.

6.  International transfers of personal data

Some of the service providers we use may be based in countries that are outside the United Kingdom.  This means that the personal data The Compliance Office processes may, in some cases, be transferred to and processed in non-UK countries by our service providers.

Where we can, we will use service providers established in countries that are recognised as having adequate data protection laws or who agree to process our data in the UK.  However, where this is not possible, then we implement appropriate safeguards with our service providers in accordance with the requirements of data protection law.  These may include using the International Data Transfer Addendum or International Data Transfer Agreement issued by the UK Information Commissioner. 


7.  Data retention

We will retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.


8.  Your data protection rights

You have the following data protection rights:

  • You have the right to request access to, correction of or deletion of your personal data;
  • You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data;
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.  The Compliance Office does not ordinarily undertake any such automated decisions.
  • If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

You can exercise any of the above rights by contacting us using the details provided under the heading “How to contact us” above.  We respond to all requests received from individuals wishing to exercise their data protection rights in accordance with UK (and any other applicable) data protection laws.

In addition to the rights described above:

  • You can opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.  To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the details provided under the heading “How to contact us” above; and  
  • You have the right to lodge a complaint with a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Contact details for the ICO, the UK’s data protection authority, are available here.


9.  Does your website use cookies?

Yes.  Our cookies policy is below.


10.  Updates to this Notice

We may update this Notice from time to time in response to legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, which will be consistent with the significance of the changes we make.  

You can see when this Notice was last updated by checking the “last updated” date displayed at the end of this Notice. 


Last updated: September 2023


Cookie Policy


  1. This cookie policy relates to your use of our website,
  1. Throughout our website we may link to other websites owned and operated by certain trusted third parties to [insert details (eg make additional products and services available to you). These other third-party websites may also use cookies or similar technologies in accordance with their own separate policies. For privacy information relating to these other third-party websites, please consult their policies as appropriate.

    3. What are Cookies?
    A cookie is a small text file which is placed onto your device (eg. computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past action.

For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.

For further information on our use of cookies, including a detailed list of your information which we and others may collect through cookies, please see below.

For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, or

4. Our use of cookies

Where necessary, we will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have.

5. How to turn off cookies and consequences of doing so

If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.

For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office, or

6. How to contact us

Please contact us if you have any questions about this cookie policy or the information we hold about you.

Email address:

Telephone number: 01789 868444

Postal Address: Compliance Office, 20 Grosvenor Place, London SW1X 7HN

7. Changes to this policy

This policy was last updated in September 2023.


Our sub-processors

As at the time of writing our sub-processors for data protection purposes are as follows:

We may change our sub-processors from time to time, when we do we will publish the relevant details here.