1. Introduction
Your privacy is important to Paul Crowdy Partnership Limited (PCP).
This privacy notice explains how we collect, use, store, protect and share personal data in accordance with the UK GDPR, Data Protection Act 2018 and related legislation.
This privacy notice applies to all internal personal data held for business purposes. A separate privacy policy exists for employees.
PCP may update this privacy notice as necessary. Previous versions will be made available on request.
We only collect personal data that is relevant, necessary and proportionate for business operations. This will typically include name, work contact details, job title and other business-related information. We do not normally collect special category/sensitive data unless legally required to do so.
2. Your Rights Under GDPR
You have the following rights regarding your personal data:
• Access your data held by PCP
• Request correction or updates
• Request deletion (where permissible)
• Object to its processing
• Request data portability
• Withdraw consent at any time (where consent is the legal basis)
• Object to automated decision-making where applicable
Requests should be made to the Data Protection Officer (DPO):
📧 [email protected]
📄 Data Protection Officer, 24 Apex Court, Woodlands, Bradley Stoke, Bristol BS32 4JT
If you have concerns about how your data is handled, you may contact:
Muriel Lewis (DPO) – [email protected]
If unresolved, complaints may be escalated to the Information Commissioner’s Office (ICO):
📍 Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
📞 0303 123 1113
🌐 ico.org.uk/global/contact-us/
3. Data Collection
We collect personal data to:
• Provide services to you
• Meet legal and regulatory obligations
• Manage billing and payment
• Communicate updates, services or relevant business information
If you do not provide requested information, we may be unable to supply services.
4. Use of Personal Data – Legal Basis
PCP processes data under the following lawful bases:
Legal Basis
Example
Contractual necessity
Providing agreed services to clients
Legal/Regulatory obligation
Reporting to regulators or law enforcement
Legitimate business interests
Operational management, business development
Consent
Marketing communications (opt-in required)
Marketing communications will only be sent with your consent and can be withdrawn at any time.
5. Protecting Personal Data
We take appropriate organisational and technical measures to protect personal data, including:
✔ Secure storage systems
✔ Access controls and password protection
✔ Cyber security infrastructure (anti-virus, firewalls etc.)
✔ Cloud-based backup and recovery systems
Data is processed within the United Kingdom unless otherwise stated and safeguarded accordingly.
6. Retention of Personal Data
Data is retained only as long as necessary for legal or operational purposes.
Data Type
Minimum Retention
Client-related records
Minimum 6 years
Marketing data
Retained until consent is withdrawn
Regulatory data
Retained as required by law
Data is securely destroyed when no longer required.
7. Sharing Personal Data
We will not share your information unless:
• Required by law/regulator
• Necessary to fulfil services or business operations
• Processed by approved third parties under contract
Third-party processors must meet GDPR compliance standards.
Version 5 – November 2025
Your privacy is important to Paul Crowdy Partnership Limited (PCP).
This privacy notice explains how we collect, use, store, protect and share personal data in accordance with the UK GDPR, Data Protection Act 2018 and related legislation.
This privacy notice applies to all internal personal data held for business purposes. A separate privacy policy exists for employees.
PCP may update this privacy notice as necessary. Previous versions will be made available on request.
We only collect personal data that is relevant, necessary and proportionate for business operations. This will typically include name, work contact details, job title and other business-related information. We do not normally collect special category/sensitive data unless legally required to do so.
2. Your Rights Under GDPR
You have the following rights regarding your personal data:
• Access your data held by PCP
• Request correction or updates
• Request deletion (where permissible)
• Object to its processing
• Request data portability
• Withdraw consent at any time (where consent is the legal basis)
• Object to automated decision-making where applicable
Requests should be made to the Data Protection Officer (DPO):
📧 [email protected]
📄 Data Protection Officer, 24 Apex Court, Woodlands, Bradley Stoke, Bristol BS32 4JT
If you have concerns about how your data is handled, you may contact:
Muriel Lewis (DPO) – [email protected]
If unresolved, complaints may be escalated to the Information Commissioner’s Office (ICO):
📍 Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
📞 0303 123 1113
🌐 ico.org.uk/global/contact-us/
3. Data Collection
We collect personal data to:
• Provide services to you
• Meet legal and regulatory obligations
• Manage billing and payment
• Communicate updates, services or relevant business information
If you do not provide requested information, we may be unable to supply services.
4. Use of Personal Data – Legal Basis
PCP processes data under the following lawful bases:
Legal Basis
Example
Contractual necessity
Providing agreed services to clients
Legal/Regulatory obligation
Reporting to regulators or law enforcement
Legitimate business interests
Operational management, business development
Consent
Marketing communications (opt-in required)
Marketing communications will only be sent with your consent and can be withdrawn at any time.
5. Protecting Personal Data
We take appropriate organisational and technical measures to protect personal data, including:
✔ Secure storage systems
✔ Access controls and password protection
✔ Cyber security infrastructure (anti-virus, firewalls etc.)
✔ Cloud-based backup and recovery systems
Data is processed within the United Kingdom unless otherwise stated and safeguarded accordingly.
6. Retention of Personal Data
Data is retained only as long as necessary for legal or operational purposes.
Data Type
Minimum Retention
Client-related records
Minimum 6 years
Marketing data
Retained until consent is withdrawn
Regulatory data
Retained as required by law
Data is securely destroyed when no longer required.
7. Sharing Personal Data
We will not share your information unless:
• Required by law/regulator
• Necessary to fulfil services or business operations
• Processed by approved third parties under contract
Third-party processors must meet GDPR compliance standards.
Version 5 – November 2025
