Privacy Policy
We are Dominic Headley & Associates Ltd (DHA), a specialist training and consultancy services provider based in the U.K. Our website address is: www.dominicheadleyassociates.co.uk. Our contact email address is: info@dominicheadleyassociates.co.uk
We will keep this Privacy Policy under regular review. This policy was last reviewed and updated 26 September 2024.
What personal data we collect and why we collect it
We currently collect and process the following information:
​
-
Personal and business details including your business name, your name, job title, email address, phone number, business needs, and support requirements.
​
-
The information we ask for is used to provide you advice, information about our services and for formation of contracts when necessary.
​
-
We do not collect more information than we need to fulfil our stated purposes or to meet legal or regulatory requirements. We will not retain your data for longer than is necessary.
How we get the personal information and why we have it
All the information you provide during your interactions with us will only be used for progressing your enquiry and delivering the relevant services (such as providing confidential advice, training, consultancy services, or managing contracts).
We will use the contact details you provide to contact you regarding your enquiry or business requirements. If you have explicitly opted in to receive marketing communications from us, we may contact you with information about services and offers that we believe may be of interest to you. You have the right to withdraw consent for marketing at any time by replying to the communication with 'Unsubscribe'.
We will not share any of the information you provide with third parties for marketing purposes. Your information will be securely held by us in both electronic and physical formats and will only be shared with our associates who are directly involved in delivering our projects, where applicable. We retain information on businesses and individuals who access our website in line with our legal and contractual obligations.
​
Special category and criminal offence data
As part of our services, we may process special category data (as defined in UK GDPR Article 9) or criminal offence data (under Article 10). This may include, for example, safeguarding information, conduct-related data, or criminal record disclosures. We will process such data only where it is necessary for one or more of the following reasons: compliance with a legal obligation, the performance of a contract, the protection of vital interests, or for reasons of substantial public interest. In some cases, we may also seek your explicit consent, but this is typically not the primary legal basis for processing criminal offence data.
How long we retain your data
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting obligations. To determine the appropriate retention period, we consider the nature, sensitivity, and purpose of the data, as well as the potential risk of harm from unauthorised use or disclosure. We also consider applicable legal requirements.
By law we must keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.
​
In some cases, you may request that we delete or correct your data. We may also anonymise your personal data for research or statistical purposes, in which case it may be used indefinitely without further notice..
What rights you have over your data
Under certain circumstances, you have rights under the UK General Data Protection Regulations 2018 (UKGDPR) in relation to your personal data. You have the right to:
​
-
Obtain details about how your data is processed by us.
​​
-
Request copies of personal data that we hold about you.
​​
-
Correct any inaccurate or incomplete data.
​​
-
Request the erasure of your data, where appropriate.
​​
-
Request the transfer of your data to another organisation (data portability).
​
-
Object to the processing of your data in certain situations, including objecting to the use of your data for marketing purposes.
​​
-
Opt out of automated decision-making and profiling, with some exceptions.
​
If you wish to exercise any of these rights, please contact us. We will address your request in line with UK GDPR guidelines.
How we protect your data
We implement appropriate technical and organisational measures to protect your personal data from being lost, destroyed, damaged, or unlawfully processed. However, no system can guarantee complete security. We encourage you to avoid sharing sensitive data through our contact forms if you believe its disclosure could cause substantial harm.
​
Any third parties with whom we share your data (e.g., associates involved in service delivery) are also required to apply appropriate measures to protect the information.
In the unlikely event of a data breach
While we take every precaution to prevent data breaches, if one occurs, it will be documented, assessed for severity, and the appropriate actions will be taken. If the breach is significant enough to pose a risk to your personal data, the Information Commissioner’s Office (ICO) will be informed, and you will be contacted with guidance on mitigating any risks.
Data controller
The data controller for Dominic Headley & Associates Ltd is Dominic Headley FRSA. You can contact the data controller by sending an email to dominic@dominicheadleyassociates.co.uk
If are unhappy with how we have used your data, you can also complain to the ICO using the details below:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk