Cambridge Risk Solutions jigsaw pattern

Privacy Policy

At Cambridge Risk (“Cambridge Risk”, “we” or “us”), we work hard to keep the information you give us safe. We follow strict security procedures on how your personal information is stored and used, to help stop any unauthorised person getting hold of it. Please take the time to read this privacy policy, which is part of our terms of use.

We work in line with the UK General Data Protection Regulations and the Data Protection Act 2018.

This policy describes how we collect, use and look after the information you provide us with when you use Cambridge Risk products and services.

Our website contains links to other websites, which may well have different privacy and security policies to us. Please remember, we don’t have any control over these websites, so we can’t take responsibility for any information you give them.

Contact Details

Cambridge Risk Solutions is the controller for the personal information we process, unless otherwise stated, and the contacts are the Directors, Helen Molyneux and Patrick Roberts.

There are many ways you can contact us, including by phone, email and post.

Our postal address is:

Whitehough Cottage
Whitehough Head Lane
High Peak SK23 3BX

Our phone number is 0800 035 1231

Our email address is [email protected]

How do we get information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made an enquiry to us;
  • You have requested to receive our newsletters;
  • You are completing our eLearning, whether arranged by your or your employer;
  • You have made an information request to us; or
  • You have applied for a job or secondment with us.

Your Data Protection Rights

Under data protection law, you have rights we need to make you aware of the rights available to you depend on our reason for processing your information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can make the request verbally or in writing.

More about ‘your right of access’ on the ICO website.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

More about ‘your right to get your data corrected’ on the ICO website.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

More about ‘your right to get your data deleted’ on the ICO website.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

More about ‘Your right to limit how organisations use your data’ this on the ICO website.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

More about ‘the right to object to the use of your data’ on the ICO website.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.

The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

More about ‘your right to data portability’ on the ICO website.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Your Right To Complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at [email protected] and we’ll respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Informaiton Commissioners Office; please visit the ICO website to make a complaint.

What information do we collect?

This is what we normally collect about you to help us provide you with Cambridge Risk services and information, and to improve them even more, where we can:

  • Contact details such as name, address, email and telephone number.
  • In order to help us develop and improve our website we collect information about how you use the site.
  • Other data we occasionally ask you to provide us with, for example now and again we might ask you to fill in a questionnaire, just so you can let us know how we’re doing.

We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business.

If the interactions relate to contracts or potential contracts for work to be conducted by us, or for any eLearning, then the legal basis is Article 6(1)(b) because the processing is necessary for the performance of a contract, or to take steps to enter into a contract. Additionally, if the interactions relate to suppliers, buildings management, IT services, accounts, the legal basis is also Article 6(1)(b) because the processing is necessary for the performance of a contract, or to take steps to enter into a contract. For receipt of our newsletter, this is under Article 6(1)(f) Legitimate Interest, as you have requested to receive the newsletter, and it is in our and your interest to receive the newsletter. You can opt out from receiving the newsletter at any time.

Disclosing your information

We will not pass on your personal information to third parties except in accordance with this policy and our Terms and Conditions or where we are required by law to disclose that information. As an example, you may wish us to share your contact details with selected third parties. An example may be a third party who provides services such as certification as part of a project with a specific objective of obtaining certification. This will only be carried out following discussion with you, and if you grant specific permission to do this.

Marketing our products and services

Cambridge Risk Solutions Ltd does not undertake direct marketing, and will therefore not use your data for any marketing purposes.

Visitors to our Website


When you visit, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it. This may be, for example, when you complete the Contact Us form.


You can read more about how we use cookies on our Cookies page. In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.

Purpose and legal basis for processing

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

Applying for a Job and CVs

Occasionally, we are sent speculative approaches for work, which may include CVs. We do not retain this information.

Retention Policy

We have strict guidelines on how long we will retain personal data.

 Retention TriggerRetain forInformation Asset Owner
ClientsLast contactHard copy – 1 year
Electronic – 12 years
Client documentationLast contactHard copy – 1 year
Electronic – 12 years
Or on client request
Potential ClientsLast contactHard copy – 1 year
Electronic – 12 years
SuppliersLast contactHard copy – 1 year
Electronic – 12 years
ApplicantsOn receiptDeletedDirectors
AssociatesLast ContactElectronic – 6 yearsDirectors
Professional OrganisationsLast ContactHard copy – 1 year
Electronic – 12 years
EmployeesDirectors’ information held only Directors
eLearningLast contact or based on contract with employer2 years
Or as per contract

We keep our privacy notice under regular review to make sure it is up to date and accurate.

Scroll to Top
Scroll to Top