top of page

Terms and Conditions

Introduction
These Terms and Conditions explain how we provide our services and calculate our fees. We are committed to delivering expert, cost-effective data protection solutions tailored to your needs. Once we accept your instructions, we will provide a Client Agreement; please read these Terms alongside that Agreement as they together form our contract with you Agreement. 

 

Definitions 

In these terms: 

  • “Additional Services”: Any tasks beyond the initial scope agreed upon in writing between the Consultant and the Client.

  • “Agreement”: The complete legal contract between the Consultant and the Client, formed by these Terms and the specific Client Agreement.

  • “Applicable Laws”: All laws, regulations, and codes of practice applicable to the Services in the UK, including the Data Protection Laws.

  • "Breach Intelligence Lab": The proprietary data analysis environment where anonymised incident data is processed to generate Predictive Resilience Alerts and Network Effect intelligence.

  • “Business Day”: Monday to Friday, excluding public holidays in England when clearing banks are open for business.

  • “Client Agreement”: The document (e.g., proposal or statement of work) specifying the bespoke services, fees, and timelines for a specific project.

  • “Client Materials”: All data, documentation, and assets provided by the Client to the Consultant for the performance of the Services.

  • “Client Personal Data”: Personal Data provided by the Client that the Consultant processes solely to deliver the Services.

  • "Confidential Information" Any non-public information, including trade secrets and technical data, disclosed by either party during the engagement.

  • “Data Protection Fee”: The annual fee paid to the Information Commissioner’s Office (ICO). (As a sole trader, you must confirm you are registered and have paid this fee).

  • “Data Protection Laws”: All applicable data protection and privacy legislation in force in the UK, including the UK GDPR and the Data Protection Act 2018 (as amended).

  • “Digital Records”: The electronic records the Consultant is required to maintain from April 2026 under Making Tax Digital (MTD) for income tax purposes 

  • “EEA”: The European Economic Area.

  • “GDPR”: The UK GDPR or the EU GDPR, whichever applies to the specific processing activity.

  • “Initial Triage Period“ (ITP): Defined as the first 30 minutes of expert advise provided immediatey following the reporting of a suspected incident via the Rapid Resilience Link.

  • “Instructions”: The written directions from the Client detailing how the Consultant should process Client Personal Data.

  • “Professional Indemnity Insurance”: The insurance policy held by the Consultant to cover professional negligence, as required by many consultancy frameworks.

  • Rapid Resilience Link": The 24/7/365 emergency access service providing priority communication with a Senior Data Protection Consultant for the purpose of the ITP.

  • "Reportable Incident": Any suspected or confirmed personal data breach that meets the threshold for notification to the Information Commissioner’s Office (ICO) or other relevant regulatory bodies.

  • “Services”: The consultancy and data protection services, including deliverables, as defined in the Client Agreement.

  • "Strategic Advisory Blocks": Pre-paid increments of professional time (5, 10 hour blocks) used to fund work within the Tactical Response Bridge or for proactive consultancy.

  • “Sub-processor”: Any third party (excluding the Consultant’s direct employees) engaged by the Consultant to process Client Personal Data.

  • "Tactical Response Bridge": The period of active incident management occurring after the ITP and within the 72-hour regulatory window, primarily focused on containment and mandatory filings.

  • “UK GDPR”: Has the meaning given in section 3(10) of the Data Protection Act 2018.

  • “Consultant/Us/We/Our”:True North Data Governance and Compliance Consultancy Ltd
    , whose primary place of business is Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA. 

  • “You/Your”: The individual or organization identified as the "Client" in the Client Agreement.

 

Our services 

When we are instructed to act for you, we will issue a Client Agreement detailing the specific services, deliverables and fees. This Agreement must be read alongside these Terms; together, they form our complete contract. In the event of any conflict or inconsistency between these Terms and the specific Client Agreement, the terms of the Client Agreement shall take precedence. 

​

Our Agreement officially begins on the date you provide written confirmation of the details and the fees set out in the Client Agreement (the "Commencement Date"). 

​

We will perform the services as instructed in our Client Agreement. All quoted prices and schedules are estimates and may be adjusted if the scope of work changes or if additional tasks are requested. We will always confirm significant variations with you in writing. 

​

Opening Times 

We are contactable on Business Days between 08:00 and 19:00 (United Kingdom time). 

​

We will respond to all telephone calls as soon as possible and within the same day the call is received. All other correspondence will be responded to within 2 Business Days. We will respond to all communications electronically, unless other communication methods are specified. 

​

Responsibilities 

We are responsible for: 

​

  • delivering the services with reasonable care and skill, and in full compliance with relevant established professional standards

  • delivering the services in line with agreed timescales outlined in the Client Agreement

​

We provide specialist consultancy, regulatory guidance and guidance on legal frameworks as an unregulated provider. We are not solicitors, nor are we regulated by the Solicitors Regulation Authority (SRA). 

Our services do not include 'reserved legal activities' (as defined by the Legal Services Act 2007), such as the conduct of litigation or the preparation of court documents. Our professional relationship is that of Consultant and Client; therefore, advice is not subject to legal professional privilege. As such there is no client compensation fund or access to the Legal Ombudsman."

You are responsible for: 

  • Accuracy of Information: You shall provide all documents, data, and information required for the Services in a timely manner. You warrant that all information provided is accurate, complete, and not misleading. We shall not be liable for any advice given based on inaccurate or incomplete information provided by you.

  • Access and Cooperation: You shall provide us with such access to your personnel, premises, and data systems as is reasonably required to perform the Services.

  • Legal Basis for Sharing Data: You warrant that you have a valid lawful basis (under UK/EU Data Protection Laws) to share any personal data with us for the purposes of this consultancy.

  • Final Responsibility for Compliance: You acknowledge that while we provide specialist guidance and regulatory advice, the ultimate responsibility for your organisation’s legal and regulatory compliance rests solely with you. Our advice does not absolve you of your statutory duties as a Data Controller.

  • Timely Feedback: You agree to review deliverables and provide feedback or approvals within 5 working days. Delays in your response may result in an adjustment to the timeline and/or the final quote.

  • Security and Health & Safety: You shall inform me of any security protocols or health and safety requirements applicable to your premises or systems before the commencement of work.

​

Confidential information

  • During this agreement, we may share confidential information with each other. This could include technical details, business plans, or personal information about customers, suppliers, or employees.

  • We both agree to keep this information private, not share it with anyone else, and only use it to carry out our responsibilities under this agreement—unless the law or a court requires us to disclose it.

  • Information isn’t considered confidential if it’s already public, becomes public without fault, or is received legally from someone else without a duty of confidentiality.

  • We can talk about the fact that we’re working together and the type of services being provided, but only with each other’s permission.

  • We will follow all relevant data protection laws when storing and processing any personal information you give us.

​

Fees and Charges

Our fees are calculated based on the rates set out in your Client Agreement. Quoted fees exclude external costs. These ill be agreed upon separately and invoiced at cost. 

​

We will maintain a digital record of all time spent on work with all work being recorded in 10-minute units (e.g. a 5-minute call is recorded as one unit). 

We reserve the right to charge you for reasonable and evidenced expenses incurred as a result of our obligations to you in relation to the Services. These will be pre-approved in writing by you, except for cases where we have made reasonable endeavours to obtain this approval. 

We will provide at least 90 days written notice before increasing standard rates. 

​

If work is delayed by yourselves or a third-party supplier working for you, we reserve the right to charge for the additional time required to manage the rescheduling, regardless of any initial fixed estimate. 

All fees are subject to applicable UK taxation (VAT is only charged if our turnover exceeds the threshold. 

Cancellation and Rescheduling

​

We reserve a specific time in our schedule to deliver your consultancy. Should you need to cancel or postpone a scheduled session, the following provisions apply:

  • Virtual/Remote Meetings: No fee will be charged if written notice is received at least 2 Business Days in advance of the scheduled time.

  • On-site/Full Day Sessions: No fee will be charged if written notice is received at least 5 Business Days in advance of the scheduled time.

  • Late Cancellation: If notice is received later than the periods stated above, we reserve the right to charge 50% of the scheduled fee. We will always endeavour to use that allocated time to progress other tasks on your behalf to minimize any loss to your project.


Billing and Payment Terms

To ensure consistent service delivery, we apply the following payment structures based on the total value of the Client Agreement:

  1. Projects up to £2,500: A fee equal to 100% of the total cost will be invoiced upon signing the Client Agreement. Work will commence once payment is received.

  2. Projects £2,501 – £7,500: Payment is due in two stages. 50% of the total fee is invoiced upon signing (immediate payment). The remaining 50% is due upon completion of the project or 6 months from the Commencement Date, whichever is sooner.

  3. Projects over £7,501: Payment is due in three stages. 40% is invoiced upon signing, 30% at the project midpoint, and the final 30% upon completion.

 

Standard Terms: Unless otherwise agreed in the Client Agreement, our standard payment terms are 14 days from the date of the invoice.

 

Payment Method: Payments should be made via direct bank transfer to the account details displayed on our invoices.

 

Project Stalls: Where we have submitted work for your comment or approval, we request a response within 14 days. After this period, we reserve the right to invoice for any remaining balance due for that stage of work.

 

Late Payment: In accordance with the Late Payment of Commercial Debts (Interest) Act 1998, we reserve the right to charge interest on overdue amounts and suspend all Services until the account is settled.


Invoice Queries: Any queries regarding an invoice must be submitted in writing within 7 days of the invoice date.

Agreements for a fixed term of 12 months start from the Effective Date. The Service will automatically terminate at 23:59 on the 365th day. No service will be provided after this time unless a new 12-month term is purchased.

Any hours remaining unused at the expiry of the term are forfeited and hold no cash value, at the Consultant’s discretion these can be converted into a one-off Resilience Audit report in any service area. 

Notices

All important messages about this agreement must be in writing. You can send them by hand, email, or first-class post to the contact details we’ve given each other. 

​

A message will count as received:

  • By hand: when it’s delivered.

  • By email: when it’s sent (unless you get an error message).

  • By post: two working days after posting in the UK, or five working days if sent internationally.
     

If a message arrives after 5:00 pm, it will count as received the next working day.

If either of us changes our contact details, we must let the other know in writing. The new details will take effect either on the date we say in the notice or, if we don’t say, five working days after we send the notice.

Intelectual Property 
You can use the materials we create for you for the purpose they were prepared for.


We keep ownership of all copyright and intellectual property rights in any documents, reports, advice, or other materials we provide, unless we agree otherwise in writing. If you want to use these materials for a different purpose, you’ll need our written permission.


Any content we create specifically for you and that relates only to your business will belong to you once we’ve delivered it.


You keep ownership of all intellectual property in any materials you give us. You give us permission to use those materials while we’re working with you, but only for providing the agreed services.

Personal Data and Data Protection 
If we handle personal data for you as part of our services, we will follow all applicable data protection laws, including UK GDPR.


We will only use personal data as instructed by you and as needed to provide the agreed services.


You confirm that you have a lawful basis for sharing personal data with us and that it is accurate and up to date.


We will keep personal data secure and confidential, and only share it with trusted third parties (such as subcontractors) where necessary to deliver the services. If we do this, we will ensure they follow the same data protection standards.

 

We will not transfer personal data outside the UK or EEA unless appropriate safeguards are in place.

 

If there is a data breach affecting personal data we process for you, we will let you know promptly and work with you to resolve it.


You are responsible for informing individuals about how their data will be used and for responding to any requests from them. We will assist you where reasonable.


For more details on how we handle personal data, please see our Privacy Notice

Document Storage and Retention 
We may store your documents electronically. Please keep all documents related to the work we do for you, including emails and other electronic data. If this agreement ends and you still owe us money, we can keep your documents until payment is made. We will keep our files for at least six years after the agreement ends (or longer if we tell you in writing), after which they may be securely destroyed without notice.

Termination of this Agreement 

This agreement starts on the Commencement Date and will continue until the services are completed, it is terminated under this agreement, or any drawdown arrangement expires.

You can end this agreement at any time by giving us written notice. If you do, all outstanding payments, including any unused contracted time, become immediately payable, and we will have no further obligation to provide services.

​

Either party can end this agreement immediately by written notice if the other party commits a serious breach and does not fix it within 30 days of being asked to do so. We may also end this agreement immediately if you stop or threaten to stop your business, become insolvent, make arrangements with creditors, or persistently breach this agreement. This agreement can be ended at any time by mutual written consent.
 

If we cannot complete the services for reasons caused by you and this continues for more than three months after we notify you, we may terminate the agreement. In that case, all outstanding payments, including unused contracted time, become immediately payable.

When this agreement ends, our obligations stop. You must return any property or documents belonging to us on request or by the termination date, unless the law requires you to keep them.

Limitation of Liability 

Neither party shall be liable to the other for any indirect or consequential loss or damage, including but not limited to loss of profits, loss of contracts, loss of reputation or goodwill, increased costs of working, or claims by third parties.
 

To the fullest extent permitted by law, and except as expressly stated in this Agreement, we shall not be liable, whether in contract, tort (including negligence), or otherwise, for any loss arising from any person acting or failing to act in reliance on any advice, information, or materials provided as part of the Services or Additional Services, whether given orally or in writing, nor for any loss resulting from any failure to ensure that any document or form generated from the Services is appropriate or complete for its intended purpose.

All triage and advisory services provided via the Rapid Resilience Link are based solely on the information provided by the Client at the time of the Incident. The Client acknowledges that such advice is preliminary and contingent upon the accuracy and completeness of the data disclosed by the Client during the Initial Triage Period. 

The Consultant is an advisory service provider and is not an insurer. The Consultant does not provide any indemnity, express or implied, against any regulatory fines, penalties, or third-party claims arising from a Data Breach. The Client remains at all times the Data Controller and holds ultimate legal responsibility for regulatory compliance and any associated financial liabilities. 
 

Nothing in this Agreement shall limit or exclude liability for death or personal injury caused by negligence. Subject to this, the total liability of either party under this Agreement shall not exceed the total fees paid under this Agreement or £10,000, whichever is lower.

Force Majeure 

If something happens that is outside either party’s reasonable control, such as war, fire, pandemic, epidemic, industrial disputes, or civil unrest, that party must let the other know. While that situation continues, the affected party’s obligations under this agreement will be put on hold until they notify the other party that the situation has ended.

Dispute Resolution

If there is any disagreement about the meaning or effect of this agreement, or any dispute connected to it, we will first try to resolve it by talking and negotiating. This does not apply to payments that are due under this agreement.

If a dispute arises, both parties agree to try to resolve it amicably through discussion before considering legal action, with consideration given to mediation. 

Legal Status

Our relationship is that of independent contractor and client, not employer and employee. This agreement is non-exclusive, so either of us can work with other businesses. Nothing in this agreement creates a partnership or joint venture, and neither of us can make commitments or enter into agreements on behalf of the other unless this agreement specifically allows it.

General 
This agreement is the entire agreement between us and overrides any other terms in your documents. If any part of it is found invalid by a court, the rest will still apply. It can only be changed in writing and signed by both of us. If we don’t enforce any part at any time, that doesn’t mean we waive our right to enforce it later. You cannot transfer this agreement or your rights without our written consent. No one other than you and us has any rights under this agreement under the Contracts (Rights of Third Parties) Act 1999.

​

Applicable Law and Jurisdiction 

Our relationship with you will be governed by English law and will be subject to the exclusive jurisdiction of the English courts.

Acceptance of Terms

To confirm you want us to go ahead and that you accept our terms and conditions, please print, sign, and date a copy of the Client Agreement and return it to us. This confirms the agreed fees and limits your right to challenge the terms or rates later.
 

If you don’t return the signed agreement within 5 Business days but we start work, you will be treated as having accepted our terms and conditions unless you end the agreement in writing or we stop acting for you.
 

If anything in this agreement is unclear, please contact us.

​

bottom of page