Privacy Policy

Get Compliant. Stay Compliant.

Privacy Policy

Identity & Contact Details of The Controller & The Data Protection Officer

Compliance Direct Solutions Limited is Information Governance Consultancy and Auditors. Compliance Direct Solutions are committed to protecting and respecting your privacy whilst remaining compliant with The General Data Protection Regulation (EU GDPR) and the Data Protection Act (DPA). Compliance Direct Solutions are the Data Controller and have an appointed Privacy Officer whom can be contacted via email.

Purpose of The Processing and The Legal Basis for The Processing

In order for Compliance Direct Solutions to fulfil its contractual and customer obligations, there is a requirement to collect specific personally identifiable information relating to our customers. There are a couple of legal bases for the processing of such personally identifiable information. If you contact us on our website, then personal information is processed on the basis that we have a legitimate interest in doing so. For marketing communications, if you are an existing customer we use the legitimate interest of provide marketing communications. However, you will always have the option of unsubscribing from these emails. If you are a new customer, you will be required to provide consent by checking an ‘opt in’ box. If you do you will always have the option to unsubscribe to marketing. If you do not you will only receive transactional emails and emails that you are required to be made aware of (e.g. updates to terms, privacy policy etc) we will be processing your personal information using the lawful basis of fulfilling a contract with the third-party benefit provider or the employer.

Legitimate Interests of Compliance Direct Solutions or Third Party

Compliance Direct Solutions have a legitimate interest in further processing the information which is provided by customers at the point of sale for marketing purposes.

We may also use your information for other specific legitimate purposes such as:

  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have either explicitly consented to or we believe you have a legitimate interest in.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service.
  • We do not sell, rent or lease customer lists to third parties. We may, we may share data with trusted partners to help us perform affiliate marketing, statistical analysis, send you email or postal mail or provide customer support. All such third parties are prohibited from using your personal information except to provide these services to us, and they are required to maintain the confidentiality of your information.

If you are an existing customer, we will only contact you by electronic means (e-mail, SMS, Phone) or post with information about goods and services similar to those which were the subject of a previous sale to you.

Information We May Collect from You

We may collect and process the following data about you:

  • Information that you provide by filling in a form on our site ( such as;
    • Name, address and postcode – Without this we won’t know where to send any documentation or to whom.
    • Email address – We send confirmation of your enquiries and purchase orders via email and will send you informational messages as well as offers which may interest you.
    • Telephone numbers – If there are any problems with your order or we need to check anything, we need to be able to contact you quickly.
  • If you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of your visits to our site and the resources that you access.

Recipients of The Personal Data

Compliance Direct Solutions are required to transfer the personal information provided by its customers to third parties in order to fulfil contractual obligations. The following are categories of recipients that customer information could be transferred to:
  • CRM – This is where can manage your data
  • Data Centres – This is so we can store your data securely
  • External IT Providers – To provide disaster recovery and back up services
  • Payment Providers – To process your payment securely
  • Data Protection Authorities – To provide details of any compromises or data breaches.
All information you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will not disclose your information to any of the relevant third parties listed above for marketing purposes. Our Privacy Officer can provide you with contact details of our third parties upon request if required. You are able to do this by emailing.

Details of Transfers to Third Countries & Safeguards

Compliance Direct Solutions has one information system that requires them to transfer personally identifiable information to a third party located in a third country, e.g. USA, controls are in place to ensure that the level of protection is not undermined and that security controls are at a level to commensurate with the type of information being transferred. This is applicable to the Microsoft 365 and Zoho CRM system. Aside from this, we ensure that all other personally identifiable information held on our customers and employees remains within the EEA. You can get an explanation of our safeguards by emailing.

Retention Period

Compliance Direct Solutions retain all customer information for 5 years after they last interacted with us. Where there has been a period of 5 years after the end of membership and where has been no interaction between the organisation and the customer within this time, their information is erased and securely disposed of.

Rights of Data Subjects

As a Data Subject (individual) which Compliance Direct Solutions process information on behalf of, you have the right to withdraw consent from our marketing at any given time. You can exercise the right at any time by contacting us at However, we will still be required to notify you of changes to the privacy policy, terms and conditions and any other legal requirement.
You have the right to make a Subject Access Request to Compliance Direct Solutions Privacy Officer in the event that you wish to determine what information we hold on you. We welcome these requests and aim to respond within 72 working hours of receipt.
You have the right to request your data to be erased. This can be done by contacting Please bear in mind this is not an absolute right and there maybe instances where we cannot completely erase your data (e.g. When the personal data is required for the exercise of legal claims), if an exception does come up this will be discussed with you when you make the request.
You have the right to rectification. If you notice that any of your details are incorrect please contact the customer care team who will be more than happy to rectify this. We will also send transactional reminders to request that you notify us of any changes to your personal data so that we can keep your data up to date.
You have the right to portability. This is where you would like to transfer your data to another organisation. To request this, please contact We will provide this within a structured CSV file for you to provide to a third party.
You have the right to lodge a complaint with the relevant Data Protection Supervisory Authority if you believe that we have not handled your personal data correctly and lawfully or if you believe that we have not dealt appropriately with your requests. The relevant Data Protection Supervisory Authority where the complaint should be made is the one that is competent for your place of residence or your state or to the supervisory authority which is competent for us.
This is: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF United Kingdom.
When you have lodged a complaint, the Data Protection Supervisory Authority will inform you of the progress and outcome of the complaint.

IP Addresses

We may collect information about your computer, including where available your IP address, geographic location (if you allow when prompted by your browser), operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns.


To enable our systems to recognise your device and to provide features to you, we use cookies. For more information about cookies and how we use them, please read our Cookie Policy.

Marketing Communications

We may send out email communication to keep you up to date with all the latest discounts and offers from the Compliance Direct Solutions. If you wish to unsubscribe from these emails you can do so at any time by simply clicking either of the links in the header or footer and you will be removed from all promotional emails. Please note that even if you decide not to subscribe to, or to unsubscribe, from promotional email messages, we may still need to contact you with important transactional information related to your account and any contract with us. For example, even if you have unsubscribed from our promotional email messages, we will still send you confirmations when you make purchases or provide updates to the privacy policy.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time.
If we make significant changes in the way we treat your personal information, or to the Privacy Policy, we will make that clear on our websites or by email, so that you are able to review the changes.
In the event that you wish to alter your Privacy settings or opt-out, you are able to do this by emailing our Privacy Officer at


Questions, comments and requests regarding this privacy policy are welcomed and should either be emailed to