top of page

Terms and Conditions

Introduction
These Terms and Conditions explain how we provide our services and calculate our fees. We are committed to delivering expert, cost-effective data protection solutions tailored to your needs. Once we accept your instructions, we will provide a Client Agreement; please read these Terms alongside that Agreement as they together form our contract with you Agreement. 

 

Definitions 

In these terms: 

  • “Additional Services” means any additional tasks which we may agree on in writing from time to time.

  • “Agreed DSAR Notification Response Service Elements” means the agreed DSAR notification response service elements as set out in the Client Agreement.

  • “Agreement” means the Agreement between us and you which shall be deemed to incorporate these Terms and the terms on any individual Client Agreement.

  • “Applicable Laws” means, to the extent applicable, UK Data Protection Laws and EU Data Protection Laws.

  • “Business Day” means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.

  • “Client Agreement” means our document or other communication to you headed Client Agreement, setting out the basis on which we will work with you in relation to our Services.

  • “Client Materials” means all documents, information, items and materials in any form, whether owned by you or a third party, which are provided by you to us in connection with the Services and any Additional Services.

  • “Client Personal Data” means any Personal Data processed by us on your behalf pursuant to or in connection with the provision of the Services and any Additional Services.

  • “Data Protection Laws” means, to the extent applicable, UK Data Protection Laws, EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country.

  • “DSAR” means data subject access request.

  • “EEA” means the European Economic Area.

  • “EU Data Protection Laws” means the law of the European Union or any member state of the European Union to which you are subject, which relates to the protection of personal data as amended, replaced or superseded from time to time.

  • “EU GDPR” shall mean the General Data Protection Regulation ((EU) 2016/679).

  • “GDPR” shall mean the UK GDPR or the EU GDPR, whichever is applicable.

  • “Instructions” means the processing activities you are requesting that we provide as part of the Services and/or Additional Services, as more specifically defined in clause 13.f below.

  • “Lead DPO” means the data protection officer assigned to you by us to act as lead data protection officer in respect of the Services.

  • “Response Officer(s)” means the person or persons assigned to you by us to assist the Lead DPO in respect of the Services.

  • “Response Rates” means the rates applicable to the Services as set out in the Client Agreement.

  • “Response Service Elements” has the meaning given in the Client Agreement.

  • “Services” means the data subject access request response services, detailed in these terms and the Client Agreement to be supplied by us and including, for the avoidance of doubt, any Additional Services.

  • “Sub-processor” means any person (other than any employee of us) appointed by us or on our behalf to process Client Personal Data.

  • “UK Data Protection Laws” means any data protection legislation from time to time in force in the UK including the Data Protection Act 2018 as amended, replaced or superseded from time to time.

  • “UK GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.

  • “Us, we, our” means True North Data Governance and Compliance Consultancy Ltd, whose primary place of business is Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA and includes where relevant our employees, agents, representatives and third party suppliers.

  • “You/your” means you the client as detailed in the Client Agreement.

  • The terms “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR save where UK GDPR is applicable to this Agreement a reference to “Supervisory Authority” shall mean a reference to “the Commissioner” pursuant to UK GDPR.

 

Our Services 

When we are instructed to act for you, we will issue a Client Agreement detailing the specific services, deliverables and fees. This Agreement must be read alongside these Terms; together, they form our complete contract. In the event of any conflict or inconsistency between these Terms and the specific Client Agreement, the terms of the Client Agreement shall take precedence. 

​

Our Agreement officially begins on the date you provide written confirmation of the details and the fees set out in the Client Agreement (the "Commencement Date"). 

​

We will perform the services as instructed in our Client Agreement. All quoted prices and schedules are estimates and may be adjusted if the scope of work changes or if additional tasks are requested. We will always confirm significant variations with you in writing. â€‹

​

Responsibilities 

We will carry out the Agreement according to your instructions, noting that all dates and prices are estimates subject to change based on your requests. To receive assistance, you must send a DSAR Notification and any relevant correspondence to dsar@tndg.co.uk or another address we provide in writing. We will then contact you within two Business Days of receipt to acknowledge your notification and arrange an initial call to discuss the service requirements.

Our responsibilities:

  • Professional Skill: We are responsible for delivering services with reasonable skill, care, and full compliance with established professional standards.

  • Timelines: While we will agree on timescales before starting, dates are generally estimates and "time is not of the essence" unless otherwise stated in writing.

  • Regulatory Urgency: For matters involving personal data breaches, time is of the essence when we are liaising with supervisory authorities (such as the ICO). 

​

We provide specialist consultancy, regulatory guidance and guidance on legal frameworks as an unregulated provider. We are not solicitors, nor are we regulated by the Solicitors Regulation Authority (SRA). Our services do not include 'reserved legal activities' (as defined by the Legal Services Act 2007), such as the conduct of litigation or the preparation of court documents. Our professional relationship is that of Consultant and Client; therefore, advice is not subject to legal professional privilege. As such there is no client compensation fund or access to the Legal Ombudsman."

​

Your responsibilities: 

  • Support and Cooperation: You must support us by providing the resources, cooperation, and information necessary for the tasks. This includes ensuring all provided information is complete and accurate.

  • Access to Data: You must provide no-charge, timely access to your personal data, processing operations, and premises or facilities as required.

  • Administrative Duties: You are responsible for making payments within the stated terms and arriving on time for all planned meetings or events.

  • Mitigation of Delay: If our performance is delayed or prevented by your actions (or those of your agents), we are not liable for any resulting costs or losses. 

.

​

Confidential information

  • During this agreement, we may share confidential information with each other. This could include technical details, business plans, or personal information about customers, suppliers, or employees.

  • We both agree to keep this information private, not share it with anyone else, and only use it to carry out our responsibilities under this agreement—unless the law or a court requires us to disclose it.

  • Information isn’t considered confidential if it’s already public, becomes public without fault, or is received legally from someone else without a duty of confidentiality.

  • We can talk about the fact that we’re working together and the type of services being provided, but only with each other’s permission.

  • We will follow all relevant data protection laws when storing and processing any personal information you give us.

​

Fees and Charges

Our fees for Data Subject Access Request (DSAR) response services are calculated according to the rates specified in your Client Agreement, excluding external costs which will be agreed upon separately and invoiced at cost.
 

We maintain a digital record of all time spent managing your DSARs and reserve the right to charge for reasonable, evidenced expenses incurred while fulfilling our obligations, such as secure data transfer fees or postage. These expenses will be pre-approved by you in writing unless urgent circumstances prevent us from obtaining prior approval after reasonable efforts.
 

You will receive at least 90 days’ written notice before any increase to our standard rates takes effect. If a DSAR response is delayed by you or one of your third-party suppliers, for example, due to a delay in extracting or providing the raw data for redaction, we reserve the right to charge for the additional time required to manage the rescheduling and any necessary regulatory deadline communications, regardless of any initial fixed estimate.
 

Please note that all fees are subject to applicable UK taxation; however, VAT will only be charged if our turnover exceeds the current 2026 threshold.



Cancellation and Rescheduling

​

We reserve a specific time in our schedule to deliver your consultancy. Should you need to cancel or postpone a scheduled session, the following provisions apply:

  • Virtual/Remote Meetings: No fee will be charged if written notice is received at least 2 Business Days in advance of the scheduled time.

  • On-site/Full Day Sessions: No fee will be charged if written notice is received at least 5 Business Days in advance of the scheduled time.

  • Late Cancellation: If notice is received later than the periods stated above, we reserve the right to charge 50% of the scheduled fee. We will always endeavour to use that allocated time to progress other tasks on your behalf to minimize any loss to your project.


Billing and Payment Terms

To ensure consistent service delivery, we apply the following payment structures based on the total value of the Client Agreement:

  1. Projects up to £2,500: A fee equal to 100% of the total cost will be invoiced upon signing the Client Agreement. Work will commence once payment is received.

  2. Projects £2,501 – £7,500: Payment is due in two stages. 50% of the total fee is invoiced upon signing (immediate payment). The remaining 50% is due upon completion of the project or 6 months from the Commencement Date, whichever is sooner.

  3. Projects over £7,501: Payment is due in three stages. 40% is invoiced upon signing, 30% at the project midpoint, and the final 30% upon completion.

 

Standard Terms: Unless otherwise agreed in the Client Agreement, our standard payment terms are 14 days from the date of the invoice.

 

Payment Method: Payments should be made via direct bank transfer to the account details displayed on our invoices.

 

Project Stalls: Where we have submitted work for your comment or approval, we request a response within 14 days. After this period, we reserve the right to invoice for any remaining balance due for that stage of work.

 

Late Payment: In accordance with the Late Payment of Commercial Debts (Interest) Act 1998, we reserve the right to charge interest on overdue amounts and suspend all Services until the account is settled.


Invoice Queries: Any queries regarding an invoice must be submitted in writing within 7 days of the invoice date.

Notices

All important messages about this agreement must be in writing. You can send them by hand, email, or first-class post to the contact details we’ve given each other. 

​

A message will count as received:

  • By hand: when it’s delivered.

  • By email: when it’s sent (unless you get an error message).

  • By post: two working days after posting in the UK, or five working days if sent internationally.
     

If a message arrives after 5:00 pm, it will count as received the next working day.

If either of us changes our contact details, we must let the other know in writing. The new details will take effect either on the date we say in the notice or, if we don’t say, five working days after we send the notice.

Intelectual Property 
You can use the materials we create for you for the purpose they were prepared for.


We keep ownership of all copyright and intellectual property rights in any documents, reports, advice, or other materials we provide, unless we agree otherwise in writing. If you want to use these materials for a different purpose, you’ll need our written permission.


Any content we create specifically for you and that relates only to your business will belong to you once we’ve delivered it.


You keep ownership of all intellectual property in any materials you give us. You give us permission to use those materials while we’re working with you, but only for providing the agreed services.

Personal Data and Data Protection 
If we handle personal data for you as part of our services, we will follow all applicable data protection laws, including UK GDPR.


We will only use personal data as instructed by you and as needed to provide the agreed services.


You confirm that you have a lawful basis for sharing personal data with us and that it is accurate and up to date.


We will keep personal data secure and confidential, and only share it with trusted third parties (such as subcontractors) where necessary to deliver the services. If we do this, we will ensure they follow the same data protection standards.

 

We will not transfer personal data outside the UK or EEA unless appropriate safeguards are in place.

 

If there is a data breach affecting personal data we process for you, we will let you know promptly and work with you to resolve it.


You are responsible for informing individuals about how their data will be used and for responding to any requests from them. We will assist you where reasonable.


For more details on how we handle personal data, please see our Privacy Notice

Document Storage and Retention 
We may store your documents electronically. Please keep all documents related to the work we do for you, including emails and other electronic data. If this agreement ends and you still owe us money, we can keep your documents until payment is made. We will keep our files for at least six years after the agreement ends (or longer if we tell you in writing), after which they may be securely destroyed without notice.

Termination of this Agreement 

This agreement starts on the Commencement Date and will continue until the services are completed, it is terminated under this agreement, or any drawdown arrangement expires.

You can end this agreement at any time by giving us written notice. If you do, all outstanding payments, including any unused contracted time, become immediately payable, and we will have no further obligation to provide services.

​

Either party can end this agreement immediately by written notice if the other party commits a serious breach and does not fix it within 30 days of being asked to do so. We may also end this agreement immediately if you stop or threaten to stop your business, become insolvent, make arrangements with creditors, or persistently breach this agreement. This agreement can be ended at any time by mutual written consent.
 

If we cannot complete the services for reasons caused by you and this continues for more than three months after we notify you, we may terminate the agreement. In that case, all outstanding payments, including unused contracted time, become immediately payable.

When this agreement ends, our obligations stop. You must return any property or documents belonging to us on request or by the termination date, unless the law requires you to keep them.

Limitation of Liability 

Neither party shall be liable to the other for any indirect or consequential loss or damage, including but not limited to loss of profits, loss of contracts, loss of reputation or goodwill, increased costs of working, or claims by third parties.
 

To the fullest extent permitted by law, and except as expressly stated in this Agreement, we shall not be liable, whether in contract, tort (including negligence), or otherwise, for any loss arising from any person acting or failing to act in reliance on any advice, information, or materials provided as part of the Services or Additional Services, whether given orally or in writing, nor for any loss resulting from any failure to ensure that any document or form generated from the Services is appropriate or complete for its intended purpose.
 

Nothing in this Agreement shall limit or exclude liability for death or personal injury caused by negligence. Subject to this, the total liability of either party under this Agreement shall not exceed the total fees paid under this Agreement or £10,000, whichever is lower.

Force Majeure 

If something happens that is outside either party’s reasonable control, such as war, fire, pandemic, epidemic, industrial disputes, or civil unrest, that party must let the other know. While that situation continues, the affected party’s obligations under this agreement will be put on hold until they notify the other party that the situation has ended.

Dispute Resolution

If there is any disagreement about the meaning or effect of this agreement, or any dispute connected to it, we will first try to resolve it by talking and negotiating. This does not apply to payments that are due under this agreement.

If a dispute arises, both parties agree to try to resolve it amicably through discussion before considering legal action, with consideration given to mediation. 

Legal Status

Our relationship is that of independent contractor and client, not employer and employee. This agreement is non-exclusive, so either of us can work with other businesses. Nothing in this agreement creates a partnership or joint venture, and neither of us can make commitments or enter into agreements on behalf of the other unless this agreement specifically allows it.

General 
This agreement is the entire agreement between us and overrides any other terms in your documents. If any part of it is found invalid by a court, the rest will still apply. It can only be changed in writing and signed by both of us. If we don’t enforce any part at any time, that doesn’t mean we waive our right to enforce it later. You cannot transfer this agreement or your rights without our written consent. No one other than you and us has any rights under this agreement under the Contracts (Rights of Third Parties) Act 1999.

​

Applicable Law and Jurisdiction 

Our relationship with you will be governed by English law and will be subject to the exclusive jurisdiction of the English courts.

Acceptance of Terms

To confirm you want us to go ahead and that you accept our terms and conditions, please print, sign, and date a copy of the Client Agreement and return it to us. This confirms the agreed fees and limits your right to challenge the terms or rates later.
 

If you don’t return the signed agreement within 5 Business days but we start work, you will be treated as having accepted our terms and conditions unless you end the agreement in writing or we stop acting for you.
 

If anything in this agreement is unclear, please contact us.

​

bottom of page