Practical, Cost Effective and award-winning

Business Continuity, Crisis Management & Information Security Solutions


0800 035 1231 (Mon to Fri 9am – 5pm)

Suite 3, The Cotton Mill, Torr Vale Mills, New Mills, Derbyshire, SK22 4HS, UK


At Cambridge Risk (“Cambridge Risk”, “we” or “us”), we work hard to keep the information you give us safe. We follow strict security procedures on how your personal information is stored and used, to help stop any unauthorised person getting hold of it. Please take the time to read this privacy policy, which is part of our terms of use.

We work in line with the General Data Protection Regulations 2016 and the Data Protection Act 2018.

This policy describes how we collect, use and look after the information you provide us with when you use Cambridge Risk products and services.

Our website contains links to other websites, which may well have different privacy and security policies to us. Please remember, we don’t have any control over these websites, so we can’t take responsibility for any information you give them.

Contact Details

Cambridge Risk Solutions is the controller for the personal information we process, unless otherwise stated, and the contacts are the Directors, Helen Molyneux and Patrick Roberts..

There are many ways you can contact us, including by phone, email and post.

Our postal address is:

36B Market Street
New Mills
High Peak SK22 4AA

Our phone number is 0800 035 1231

How do we get information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made an enquiry to us.
  • You have made an information request to us.
  • You have applied for a job or secondment with us.

Your Data Protection Rights

Under data protection law, you have rights we need to make you aware of the rights available to you depend on our reason for processing your information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.  You can make the request verbally or in writing.  THe ICO gives guidance here.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here. 

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here. 

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Your Right To Complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at and we’ll respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Informaiton Commissioners Office; please follow this link to see how to do that.

What information do we collect?

This is what we normally collect about you to help us provide you with Cambridge Risk services and information, and to improve them even more, where we can:

• Contact details such as name, address, email and telephone number.

• In order to help us develop and improve our website we collect information about how you use the site.

• Other data we occasionally ask you to provide us with, for example now and again we might ask you to fill in a questionnaire, just so you can let us know how we’re doing.

We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business.  If the interactions relate to contracts or potential contracts for work to be conducted by us, then the legal basis is article 6(1)(b) because the processing is necessary for the performance of a contract, or to take steps to enter into a contract.  If the interactions relate to suppliers, buildings management, IT services, accounts,  etc., the legal basis is article 6(1)(c) of the GDPR for any legal obligation or article 6(1)() because the processing is within our legitimate interests as a business.

Disclosing your information

We will not pass on your personal information to third parties except in accordance with this policy and our Terms and Conditions or where we are required by law to disclose that information.  As an example, you may wish us to share your contact details with selected third parties.  An example may be a third party who provides services such as certification as part of a project with a specific objective of obtaining certification.  This will only be carried out following discussion with you, and if you grant specific permission to do this.

Marketing our products and services

Cambridge Risk Solutions Ltd does not undertake direct marketing, and will therefore not use your data for any marketing purposes.

Visitors to our Website


When you visit, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do  collect personal data  through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.  THis may be, for example, when you complete the Contact Us form.


You can read more about how we use cookies on our Cookies page.   In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.

Purpose and legal basis for processing

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

Applying for a Job and CVs

Occasionally, we are sent speculative spproaches for work, which may include CVs.  We do not retain this information.

Retention Policy

We have strict guidelines on how long we will retain personal data.

Retention Trigger Retain for Information Asset Owner
Clients Last contact Hard copy – 1 year

Electronic – 12 years

Client documentation Last contact Hard copy – 1 year

Electronic – 12 years

Or on client request

Potential Clients Last contact Hard copy – 1 year

Electronic – 12 years

Suppliers Last contact Hard copy – 1 year

Electronic – 12 years

Applicants On receipt Deleted Directors
Associates Last contact Electronic – 6 years Directors
Professional Organisations Last contact Hard copy – 1 year

Electronic – 12 years

Employees Directors’ information held only Directors

We keep our privacy notice under regular review to make sure it is up to date and accurate.


Get In Touch

We are always happy to answer any questions you may have, please either contact us by telephone, or by filling in the form below.

Please ensure that you do not divulge any sensitive data as this webpage is not secure.

The highly qualified people at Cambridge Risk have worked with us every step of the way. In a practical and manageable manner they have helped the whole company to ‘grow into’ the whole subject of Business Continuity Planning.

more testimonials

  • Business Continuity Planning

    Effective planning that takes into account risk evaluation and business impact analysis, supported by clear and concise crisis management. We work with you to develop user-friendly plans.

  • Business Impact Analysis

    The Business Impact Analysis (BIA) is one of the most important, and least well understood, stages of the Business Continuity Management Lifecycle; we can assist with your BIA.

  • Training and Exercising

    No Business Continuity Management programme is effective without a significant element of training. Moreover, ongoing Crisis Management training and exercising is key. We can provide objective training and exercising.

  • Risk Evaluation and Control

    Risk evaluation and treatment provide a process to identify, prioritise and managing your risks. Cambridge Risk Solutions can assist with risk management for business operational and information security risks.

  • Statement of Applicability

    Which controls do you need to have in place? How do you link your risk assessment process into your SoA? How do you ensure that you have effective controls in place? We can assist with your SoA.

  • Integrated Management Systems

    Management Systems assist with your on-going management, maintenance and continual improvement. We work with you to develop a fully integrated management system, enabling certification to ISO 22301 and ISO 27001.