Privacy Notice

8foldGovernance Ltd. is committed to protecting and respecting your privacy.
This Privacy Notice explains what personal information we collect about those who visit our website and communicate with us, how we use it, the circumstances in which we may disclose it to others and how we keep it secure. It covers personal data that is collected through our website, by telephone and through any related social media applications.

If you have any questions regarding this Privacy Notice and our approach to privacy, please contact us.

Who we are

8foldGovernanceLtd. is a provider of consultancy services, specialising in information governance, data protection and privacy law. We are registered as a limited company in the United Kingdom (no.12085647) and our registered address is 17 Northfield Way Brighton BN18EH.

8foldGovernanceLtd. is registered as a data controller with the Information Commissioners Office (ICO) with registration no.ZA546326. As a data controller, 8foldGovernanceLtd. determines what data is collected, how this data is going to be used and how this data is protected.

If you have questions about how we process personal data, or if you would like to exercise your data subject rights please contact us.

Collection of Personal Data

We obtain information about you when you use our website, when you contact us about products and services, for example by email or telephone, or in the course of business with you or an organisation that you represent.

What type of information is collected from you?

Visitors to our website

We use Google Analytics to collect this standard internet log information and details of visitor behaviour patterns. We do this to understand things such as the number of visitors to the different areas the website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. Details of Google’s Privacy Policy can be found here: https://www.google.com/policies/privacy/

If we do want to collect personally identifiable information through our website, we will make this clear at the point personal information is collected and will explain what we intend to do with it.

Use of cookies

Like many other websites, the 8foldGovernanceLtd. website uses cookies. ‘Cookies’ are small pieces of information sent by a website to your device and stored to enable that website to recognise you when you visit in the future. They can also be used to collect statistical data about your browsing activity and patterns of behaviour but do not identify you as an individual. This helps us to understand how people who visit our website use it, enabling us to improve the layout and contents for visitors.

For more information about which cookies are used by the 8foldGovernanceLtd. website, please click here.

It is possible to switch off cookies by setting your browser preferences and settings. Turning cookies of may result in a loss of functionality when using our website.


If you choose to contact us and share your personal information with us, we will use this to respond and communicate with you. We may also use this information to contact you with newsletters, marketing or promotional materials and other information about 8foldGovernanceLtd. You will be able to opt-out of these types of communications at any point and details of how to do so will be included within all such communication. If you choose to opt-out of receiving these communications, we will still contact you in relation to any work we are doing with you.

Lawful basis for the processing of personal data

The table below describes the various forms of personal data we collect and the lawful basis for processing this data. When we process data on the basis of a legitimate interest, we apply the following test to determine whether it is appropriate:

      • Purpose – is the purpose of processing personal data legitimate?
      • Necessity – is the processing necessary to fulfil that purpose?
      • Balance – to the individual’s interests, rights or freedoms override the legitimate interest?

Security measures in place to protect your information

When you give us personal information, we take steps to ensure that it’s treated securely. Whilst we endeavour to use commercially acceptable means to protect the information we hold, we cannot guarantee its absolute security.


We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government and industry best practice. If your email service does not support TLS, you should be aware that any emails sent or received may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.

Storage of personal data

8foldGovernanceLtd. is based in the UK. We use a range of cloud-based service providers to process data on our behalf. Our main cloud providers used to store corporate and personal data are hosted within the EU. We operate a data retention policy in respect of all data held whether in hard copy or digital format.

Your rights

Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have rights as an individual (data subject) which you can exercise in relation to the information we hold about you.

If you wish to exercise any of your rights, please contact us. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

The right to be informed

As a data controller, we must be transparent about our data processing activities and provide data subjects with information about the personal data we collect and how we use this. We achieve this through the use of this privacy policy and within relevant communications we may send to you.

The right of access

You may request a copy of the personal data we hold about you free of charge. Before responding to any request, we will need to verify your identity and, if relevant, the authority of any third-party requestor. We will then provide you with access to the personal data we hold about you within 28 days, as well as the following information:

      • The purposes of the processing
      • The categories of personal data concerned
      • The recipients to whom the personal data has been disclosed
      • The retention period or envisioned retention period for that personal data
      • When personal data has been collected from a third party, the source of the personal data

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

If there are exceptional circumstances that mean we can refuse to provide the information, we will explain what these are. If requests are frivolous or vexatious, we may have grounds to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.

The right to rectification

If we hold information about you which you believe may be incomplete or inaccurate, you can ask us to correct any mistakes or update your information by contacting us. You may also request that your information is not processed until it is updated or corrected (see ‘The right to restrict processing’ below).

The right to erasure (the ‘right to be forgotten’)

You may request that we delete the personal data we hold about you where there is no overriding legal basis or legitimate reason for us to continue processing your personal data. This includes personal data that may have been processed unlawfully. We will take all reasonable steps to ensure erasure.

The right to restrict processing

You may request that we to stop processing your personal data for a particular purpose. Where this happens, we will continue to hold your personal data, but we will not process it any further for those purposes. You can request that we restrict the processing of your personal data where you:
Are contesting the accuracy of the personal data that we hold about you;

      • Believe the processing of your personal data is unlawful;
      • Believe we no longer need to process your personal data, but the personal data is required for part of a legal process;
      • Have exercised your right to object to the processing of your personal data and processing is restricted pending a decision in this respect.

The right to data portability

You may request that your personal data is transferred to another data controller or data processor in a commonly used and machine-readable format. This right is only available if you have provided your personal data to us, the original processing was on the basis of consent or for the performance of a contract, and if the processing is carried out by automated means.

The right to object

You have the right to object to our processing of your data where

      • Processing is based on our legitimate interests;
      • Processing is for the purpose of direct marketing;
      • Processing is for the purposes of scientific or historic research;
      • Processing involves automated decision-making and profiling.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy policies or statements on the other websites you visit.

If you visited our website using a link from another third-party website, we cannot be responsible for the privacy policies and the practices of the owners and operators of that website.

We cannot be responsible for the privacy policies and practices of other websites even if they link to our website or if you access them using links from our website.

Changes to this Privacy Notice

We keep this Privacy Notice under regular review. This Privacy Notice was last updated in August 2019.

How to contact us

For details of how to contact us, please see our contact page.

How to make a complaint

8foldGovernanceLtd. strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we may receive about this very seriously. We encourage people to inform us if they think that any collection or use of information by us is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. You can do this by contacting us.

If you remain dissatisfied, you have the right to make a compliant to the Information Commissioner’s Office (ICO). Please see the ICO’s website for more information: