Policies

Privacy policy

This privacy notice will help you understand how Diligencia Consulting Limited uses and protects your personal data.  

You can contact our voluntarily appointed Data Protection Officer, Simon Ghent at info@diligenciagroup.com if you have any concerns or wish to exercise your rights.  

If you prefer you can write to us at Summertown Pavilion, 18-24 Middle Way, Oxford, OX2 7LG. 

If you are an EU Data Subject, you can contact our EU Representative at eurep@fifthsquare.eu. Our EU Representative complies with our obligations under GDPR Article 27 and is established in the Republic of Ireland. Please note that our EU Representative is a Third Party. They will process your personal data in accordance with this Privacy Statement. 

Our promises

Diligencia never forgets it is your right to total transparency and control on how we use your data. As such we give you these promises: 

  • We always remember that it is your personal data, not ours. As such we will ensure transparency and openness with you.
  • We will only collect data about you that is relevant and necessary to our purposes.
  • Your data will only be held on systems that meet compliance standards.
  • We respect your rights as outlined in the following sections and will respond to all requests promptly.
  • All clients we share data with accept their legal responsibilities to use your data that meets their obligations.
  • We only process your data and share it if we are required by law or we have legitimate interests or other legal basis to fulfil our service commitments to you or our clients. 

Your rights

You have the following rights over any data we hold about you: 

  • Right to object to processing at any time
  • Right to opt out of marketing at any time
  • Right to have inaccurate data corrected
  • Right to erasure of personal data from our database
  • Right to export of personal data 

You can read more about your rights here

If you would like to uphold your rights then please contact our Data Protection Officer at info@diligenciagroup.com.  

If you are in dissatisfied with our response you also have the right to lodge a complaint with the Data Protection Authority. This can be done at https://ico.org.uk/concerns/ 

How we collect your data

Our service includes the collection, maintenance and sale of publicly available data relating to company ownership – like that maintained by Companies House in the UK. This is delivered on our award winning ClarifiedBy.com platform. We rely on a number of legal basis to process this data including Legitimate Interests and Public Interest. 

  • Passive – you give us information on our website, email us, call us, make a purchase through our websites, meet one of us at events, meetings or approach us on social media. We may use this data to follow up enquiries and market our services to you or use it to fulfil our service to you.  
  • Proactive – this is data about you that we may hold from referrals or proactive marketing activity. We may use this data to market to you.  
  • Research – We search publicly held records in our target markets that we have a legitimate interest in. We also use market intelligence gathering activities to create an accurate and clear picture of the business world in your geographic area. We use this data to build directories that our clients can subscribe to.  

What data we collect 

We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us. Typically, data elements we collect is restricted to: 

  • Your personal contact details – names including aliases that you may be known by, email address, phone numbers, nationality, birth year, gender and source of your data;  
  • Your company details – companies you may be associated with, in particular as a director, major shareholder or employee, relevant addresses, website and other public held information including company type, trading name, trading status, identification numbers, LEI, address, credit rating and invoicing details if relevant. This may include opinions and other insights depending on work we are commissioned to do.  
  • Transmitted information – such as emails, texts, messaging, phone call information and recordings, voice mails, email, meeting notes, CVs and document tracking information.  

Calls may also be recorded for information holding, quality and training purposes.  

How we process your data

Data is processed/stored predominantly on encrypted cloud services such Microsoft Azure, Microsoft 365 and for marketing purposes on Hubspot.  

As a multinational service provider, we operate in several jurisdictions. We use the following safeguards with respect to data transferred outside the UK and European Union where an “adequacy decision” is not in place: 

  • The processing is within the same corporate group as our business or organisation and is obligated to uphold the same standards of Data Protection and Security as our UK entity. For example, our offices in Dubai and Morocco. 
  • The processing is carried out by agents, suppliers or other entities required to process in the course of our contractual obligation with you or when we are carrying out research. These entities are obligated to uphold the same standards of Data Protection and Security as our UK entity.
  • Your data will be made available to entities that are doing searches for the purposes of their legal obligation.
  • Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced. Where this is not possible, we ensure that European Standard Contractual Clauses are entered.  

We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held. 

When one of our clients accesses our subscription site and then processes this data on their own systems, they also become a Controller of that data and should be contacted directly. 

All our processes are subject to various internal policies to ensure that your data privacy and security is upheld. 

Third parties

We may use marketing services from third parties. We also share information where agents, resellers or suppliers are involved in the fulfilment of our services.  

Diligencia uses a Third Party Data Protection Officer (DPO) for compliance purposes. Should you have a data protection query or complaint your details may be passed to him to assist us. In all other cases our DPO does not have access to your data. 

Our website and other materials sent to you may contain links to other third party websites. We may also offer buttons to social media that link to third party services. We are not responsible for the content or your data privacy these sites provide through their tools or sites.  

Data retention

Dependant on the data you provide us and for what purpose it is provided we may need to retain your data based on your journey with us. Typically, our retention periods are as follows: 

  • 36 months for any prospect marketing data unless responded to by the data subject in which case 36 months from the last contact
  • 36 months following the end of any Service Agreement with a client
  • 36 months for all supplier, reseller or other contacts not covered above from point of last contact
  • We constantly update the data that we hold on our ClarifiedBy platform and permanently hold this data 

All the above are carried out during the nearest data review which are typically carried out annually in October. 

If you wish to find out more about your specific data retention, please contact us.  

Data permissions

Every marketing email sent from Us allows you to opt out of receiving emails from us, except for the purposes of fulfilling any contractual arrangements.  

You can also contact us at info@diligenciagroup.com and request to opt out, view, export or delete your data. If you request for your data to be deleted, your name and email address will be added to an exceptions list and all other data removed to the extent possible.  

Legal compliance

We seek to uphold our legal obligations as covered by the Data Protection Act 2018, General Data Protection Regulation 2016 and the Privacy and Electronic Communications Regulations. Our Data Protection Authority is designated as the Information Commissioners Office (UK). 

Due to our global reach, we do not warrant compliance with all legal obligations in countries that we operate in outside of the UK.  

This Privacy Policy is reviewed on a regular basis and was last reviewed in July 2024. We will post the most current version on our website.