Privacy Notice

This privacy notice explains how Laura Brentnall t/a TrueNorth Data Governance and Compliance Consultancy collects, uses, and protects your personal data. It also outlines your privacy rights under data protection law.

Contact Details
If you have any questions regarding this notice or our data practices, please contact us:

Registered Address: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA.
Email: laurabrentnall@tndgc.co.uk
Telephone: 07305911235
ICO Registration: ZC083818

Scope of this Privacy Notice

This Privacy Notice provides you with information on how we manage your personal data in your interactions with us, regardless of your location. Depending on your relationship with us, we will hold and manage your information differently. We may be in possession of your information as a:

Website visitor; or
Contact for a prospective client; or
Contact for a client; or
Result of us providing a service to you as our client

This Privacy Notice details how we manage your information, and your relationship with us will determine whether we are acting as a Data Controller or a Data Processor for your information.

If you are a website visitor this Privacy Notice should be read alongside our Cookie Policy. We acknowledge that our website is designed for a general audience, however we will not knowingly collect personal data of children under the age of 16. If you believe we may have personal data from any person under the age of 16, please email us using the contact information above.

Data Controller

There are occasions where we will act as the Data Controller for personal data we hold;

Information held on our Clients
Information held on our Prospects

We may have collected your information directly from you when you have:

visited our website
completed a contact us form
contacted us by phone
signed up to our newsletter
responded to a survey
interacted with us on social media
engaged with us at an event

In some circumstances we may collect you information indirectly for example as a referral from an existing or prospective client or from publicly available sources where it is in our legitimate interest to do so.

Data Processor

There are occasions where we will have access to, or hold information as a Data Processor acting on behalf of our Client. In these services, our Client is the Data Controller and we are the Data Processor. Any request made to us, complaints, or requests for information will be reported to our Client and will be processed following their instructions.

Where we are acting as a Data Processor, we will only receive information under instruction from our client.

What is Personal Data?
Personal data is any information relating to a living, identifiable individual. This includes your name, email address, and contact details.

Certain types of information are classified as "special categories" of data (such as health data, race, religious beliefs, or sexual orientation). TrueNorth Data Governance and Compliance Consultancy does not collect or process special category data or information regarding criminal convictions and offences.

How We Use Your Information (Purpose and Legal Basis)

The following summary outlines how personal data is managed across our business operations. This overview details the specific purposes for which data is collected, the categories of information processed, and the applicable lawful bases under the UK General Data Protection Regulation (UK GDPR).

Enquiry Responses: To contact you regarding an enquiry or to reply to questions.
- Data Category: Contact information
- Lawful Basis: Legitimate Interest
Customer Service: To handle suggestions, issues, or complaints.
- Data Category: Contact information; Complaint information; Other information
- Lawful Basis: Legitimate Interest
Data Subject Rights: To manage requests regarding your data rights.
- Data Category: Contact information; Other information
- Lawful Basis: Legal Obligation
Service Fulfilment: To fulfil contracts and provide agreed services.
- Data Category: Contact information; Surveys and opinions
- Lawful Basis: Legitimate Interest
Order Processing: To process your specific orders.
- Data Category: Contact information
- Lawful Basis: Legitimate Interest
Financial Transactions: To process payments, refunds, and associated accounting.
- Data Category: Contact information
- Lawful Basis: Legitimate Interest
Analysis & Feedback: For statistical analysis, service feedback, and case study invitations.
- Data Category: Contact information; Surveys and opinions
- Lawful Basis: Legitimate Interest
Website Security: To ensure the safety and security of the website.
- Data Category: Cookies and website security
- Lawful Basis: Legitimate Interest
Customer Insights: To understand customer behaviour and improve service delivery.
- Data Category: Contact information; Surveys and opinions
- Lawful Basis: Legitimate Interest
Sales & Prospecting: Contacting potential leads for sales purposes.
- Data Category: Contact information
- Lawful Basis: Legitimate Interest
Marketing Activity: Sending newsletters and blogs
- Data Category: Contact information
- Lawful Basis: Legitimate Interest
Marketing Analytics: Using cookies for website marketing and analytics.
- Data Category: Website security
- Lawful Basis: Consent
Business Outreach: Contacting business contacts regarding white papers, toolkits, or assistance.
- Data Category: Contact information
- Lawful Basis: Legitimate Interest

Data Security and Storage
Your personal data is stored securely in both electronic and hard copy formats.

We have in place appropriate security measures to prevent your personal data from being accidentally lost, used, or access in an unauthorised way, altered or disclosed.
We primarily store data within the UK and the European Economic Area (EEA). If we transfer data outside of these regions, we ensure that appropriate safeguards are in place to protect your rights and the security of your information.

Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. This includes satisfying any legal, accounting, or reporting requirements. Typically, financial and contract records are kept for six years to comply with UK tax laws.

We will hold data for prospective clients for two years after our last contact with you, at which point your data will be deleted.

We will hold data for clients for six years from the end of the financial year you are no longer a customer.

There are some circumstances in which we would need to hold your data longer than this, this will be where we need to exercise, establish or defend against legal claims. When personal data is no longer required, we will delete or anonymise the data.

Sharing Your Data
We do not sell or rent your data to third parties. We may share your information with trusted service providers (such as IT hosting or accountancy services) who process data on our behalf under strict confidentiality agreements. We may also disclose data if required to do so by law.

We may disclose your personal data to:

Financial Institutions: Banks and financial entities necessary for processing transactions and maintaining financial records.
Payment Services: Third-party providers utilised to facilitate secure payments and process refunds.
Authorised Service Providers: Third-party vendors acting as Data Processors, such as IT hosting partners.
Regulatory and Tax Bodies: Government and regulatory authorities where disclosure is mandatory, including national tax office.
Legal and Judicial Authorities: Law enforcement agencies, court systems, and other legal tribunals when required by law or to protect legal rights.

Your Legal Rights
Under data protection law, you have the following rights:

Right of Access: You can request a copy of the data we hold about you.
Right to Rectification: You can ask us to correct inaccurate or incomplete information.
Right to Erasure: In certain circumstances, you can ask us to delete your data.
Right to Object: You can object to our processing of your data, particularly for marketing purposes.
Right to Restriction: You can ask us to temporarily stop processing your data.

It is important that the data we hold is accurate and current. Please keep us updated when your personal data changes.

We may need to verify your identity before completing your request.

Automated decision-making

TrueNorth Data Governance and Compliance Consultancy does not use automated decision-making.

Updates and changes to this Privacy Notice

This Privacy Notice was last updated on the 13 January 2026, where changes are made we will publish an update and, where there is a significant change, we will contact you to notify you of this update.

How to complain
If you have concerns about how we handle your data, please contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.

Privacy Notice

Registered Address: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA.

Email: laurabrentnall@tndgc.co.uk

Telephone: 07305911235

ICO Registration: ZC083818​

​

Scope of this Privacy Notice

This Privacy Notice provides you with information on how we manage your personal data in your interactions with us, regardless of your location. Depending on your relationship with us, we will hold and manage your information differently. We may be in possession of your information as a:

​

Website visitor; or

Contact for a prospective client; or

Contact for a client; or

Result of us providing a service to you as our client

​

This Privacy Notice details how we manage your information, and your relationship with us will determine whether we are acting as a Data Controller or a Data Processor for your information.

​​

​

Data Controller

There are occasions where we will act as the Data Controller for personal data we hold;

Information held on our Clients

Information held on our Prospects

We may have collected your information directly from you when you have:

visited our website

completed a contact us form

contacted us by phone

signed up to our newsletter

responded to a survey

interacted with us on social media

engaged with us at an event

​

In some circumstances we may collect you information indirectly for example as a referral from an existing or prospective client or from publicly available sources where it is in our legitimate interest to do so.

​

Data Processor

​

Where we are acting as a Data Processor, we will only receive information under instruction from our client.

​

​

How We Use Your Information (Purpose and Legal Basis)

The following summary outlines how personal data is managed across our business operations. This overview details the specific purposes for which data is collected, the categories of information processed, and the applicable lawful bases under the UK General Data Protection Regulation (UK GDPR).

Data Security and Storage Your personal data is stored securely in both electronic and hard copy formats.

We will hold data for prospective clients for two years after our last contact with you, at which point your data will be deleted.

We will hold data for clients for six years from the end of the financial year you are no longer a customer.

We may disclose your personal data to:

Financial Institutions: Banks and financial entities necessary for processing transactions and maintaining financial records.

Payment Services: Third-party providers utilised to facilitate secure payments and process refunds.

Authorised Service Providers: Third-party vendors acting as Data Processors, such as IT hosting partners.

Regulatory and Tax Bodies: Government and regulatory authorities where disclosure is mandatory, including national tax office.

Legal and Judicial Authorities: Law enforcement agencies, court systems, and other legal tribunals when required by law or to protect legal rights.

Your Legal Rights Under data protection law, you have the following rights:

Right of Access: You can request a copy of the data we hold about you.

Right to Rectification: You can ask us to correct inaccurate or incomplete information.

Right to Erasure: In certain circumstances, you can ask us to delete your data.

Right to Object: You can object to our processing of your data, particularly for marketing purposes.

Right to Restriction: You can ask us to temporarily stop processing your data.

​

It is important that the data we hold is accurate and current. Please keep us updated when your personal data changes.

​

We may need to verify your identity before completing your request.

​

Automated decision-making

TrueNorth Data Governance and Compliance Consultancy does not use automated decision-making. Updates and changes to this Privacy Notice

This Privacy Notice was last updated on the 13 January 2026, where changes are made we will publish an update and, where there is a significant change, we will contact you to notify you of this update.

How to complain If you have concerns about how we handle your data, please contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.

​

ICO Registration: ZC083818

Data Security and Storage
Your personal data is stored securely in both electronic and hard copy formats.

Your Legal Rights
Under data protection law, you have the following rights:

TrueNorth Data Governance and Compliance Consultancy does not use automated decision-making.

Updates and changes to this Privacy Notice

How to complain
If you have concerns about how we handle your data, please contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.