Seccom Group Privacy Policy


Seccom Group is committed to meeting our legal requirements with respect to Privacy for all who access and use our websites and services (Seccom Group is a trading name of GDPR Auditing Limited). Under the General Data Protection Regulation the UK General Data Protection Regulation and Data Protection Act 2018, we must comply with certain requirements that are designed to ensure that any personal data you provide to us is processed with due care and attention, and that you as an individual are aware of and know how to exercise your rights with respect to any personal data you trust us with.

What data do we collect and why?

Seccom Group collects the personal information that you provide when you enter your details into the Contact Us form, we will also receive some personal information if you email us directly.

On the contact form we collect the following details:

  • Name – so we know who to get back to
  • Email address – so we know how to email you
  • Phone number (optional) – should you want us to call you back
  • Message – the message you provide so we can address your request

Contact via Email:

We have no control over what you might put in a message, we will however, have at least the email address you mailed us from and what you put into the message. We recommend that you keep any personal details sent to us to an absolute minimum.

How we use your information

This privacy notice tells you what to expect when Seccom Group collects personal information. It applies to information we collect about:

  • visitors to our websites;
  • people who enquire about or use our services;
  • people who email us. 

Visitors to our websites

When someone visits any of our websites we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the sites. This information is only processed in a way which does not identify anyone.

We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our websites, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

People who Purchase or Contract with us for a Service

If you enter into an agreement with us for services, we collect enough information to enable us to process your order and/or provide you with the services you require. We collect and process this information using the ‘performance of a contract’ legal basis so that we may provide the services to you.

Unless you have specifically opted in to receive information about products and services from Seccom Group and or GDPR Auditing Ltd. during the contract negotiation and sign off process we will not send you any communication other than what is required for the supply of the service, these messages may include details about new products and features available.

We keep this data for as long as we are providing the service to you, after you have stopped using the service(s) we keep the data for 12 months, then we anonymise it removing any personal information. Any data classified as financial that we are required to keep will be retained according to UK HMRC rules, currently 6 years plus current year.

Using our eLearning Platform

If you are registered with and or using our eLearning platform to undertake training and or education your personal information will have been provided to us by your employer or organisation acting in a similar capacity.

In this instance we are acting as a data processor and only hold information about you that belongs to the data controller, Your organisation who contracts with us.

If you wish to exercise any of your personal data rights please contact the relevant person or department in your organisation.

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with company policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

If we consider the contents of an email to contain personal data we have not requested or more detail than we need then we will delete some or all of it immediately and request another with less personal details, or no personal details.

Whether you email us directly or via any of our generic addresses, we will only use the information you provide to respond to your enquiry and will keep it for 14 days after the last correspondence with you and then remove it, unless you become a client and then your data will be stored and processed in line with this privacy policy and any Terms and Conditions related to the services.

By submitting personal data to us by way of an email or an enquiry you necessarily consent to us using that information to contact you in return to complete that enquiry. We do not use that data for any other purpose. For the avoidance of doubt the legal basis for processing your enquiry is ‘consent’.

If you agree to allow us to send you information about Seccom Group Products and Services by opting into that service, you do that on the basis of ‘consent’.

External Sites

Seccom Group Limited is not responsible for the content of external internet sites. You are advised to read the privacy policy of external sites before disclosing any personal information.

Who we Share Information with

Your information may be shared with any of our consultants, associate consultants, or Group or Member Companies, for the provision of services only. Seccom Group remains the controller of the information. We do not share your information with anyone else. If for some reason we did need to share your information further we will inform you directly or amend this policy to reflect those changes.

International Transfers

Our eLearning platform is developed and hosted on European Systems with a provider who has a US parent company. Our hosting agreement is based on standard contractual clauses with supplementary measures which ensure that within reason US Government and Security Services are unable to access our data even if requested from the US parent company.

Otherwise Seccom Group is a UK company and all other systems and services are provided from the UK.

For more information contact

Notification of Changes

Any policy changes, either due to business reasons or future changes in legislation will be posted on this page and, if material, may be promoted on the relevant websites or through e-mail notification. 

Your rights as an individual in respect of the data we hold

We respect the rights and freedoms of individuals and as such we would like to make you aware of the following.

Depending on the lawful basis for processing your personal data you are able to exercise some or all of the following rights:

  • Request access to your data
  • Request rectification of your data where there are errors or inaccuracies, or the data is not current
  • Request that the data we hold is removed entirely from our systems (the right to have data removed is only applicable where it does not conflict with our legal and regulatory requirements to keep certain records according to the data retention period)
  • Request us to restrict processing of your data
  • Object to our processing of your data
  • Request your data in a format that is commonly used/accepted
  • Send your data to another controller
  • Withdraw consent already provided – at any time

You also have the right to complain to this organisation as detailed within the ‘Complaints or Queries’ section of this Policy.

To exercise your rights above please contact Seccom Group using any of the methods described under How to Contact us.

You also have the right to lodge a complaint with a supervisory authority, see Complaints or Queries below.

Complaints or Queries

Seccom Group tries to meet the highest standards when collecting and using personal information and take any complaints we receive about this very seriously.

We encourage people to bring to our attention, if they think that our collection or use of information is unfair, misleading, or inappropriate.

If you wish to complain about this policy or any of the procedures set out in it please contact:

If for any reason you believe that Seccom Group is not in full compliance with the GDPR, UK GDPR or Data Protection Act 2018 or that a request or complaint has not been properly dealt with you have the right to lodge a complaint with the relevant supervisory authority, in the UK this is the ICO. or call the ICO on 0303 123 1113.

Registered Office

Seccom Group is a trading name of GDPR Auditing Limited whose registered office is:

47 The Lanes
CB24 5NQ

Company number: 5435232

VAT Number: 944569581


Our websites use cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers

Last updated 5th January 2022

Contact Us

To find out more about us or our services please email us at or send us a message using the form below.

+44(0)203 488 3050