Privacy Notice

How we use your personal information.

Foreland Consulting Ltd can be either a Controller or Processor of personal information (dependant on the circumstances of instruction). Our contact details for data protection purposes are as follows: By email to - The Director is the individual responsible for data protection compliance at the Foreland Consulting Ltd. They are contactable using the above contact details.

Purpose of this Privacy Notice

This Privacy Notice tells you what to expect when Foreland Consulting Ltd processes personal information. It tells you the purposes for which we may process your personal information and the legal basis for the processing (‘processing’ includes us just keeping your personal information).

Why do we collect and store personal information?

Foreland Consulting Ltd needs to collect, process and store personal information about you in order to deliver its services.

      Return to the top of the page

Legal basis for processing

Where possible, we will always try to get your consent to us processing your personal information. People contacting us to access our services will be asked to sign a data protection consent form.
Under the GDPR, consent is a legal basis for processing personal information. Where we cannot get consent, there are other reasons why we can process your personal information under the GDPR:
• Legitimate interests: where it is in our legitimate business interests as a community benefit society to process your information, we can do that so long as we do not interfere with your fundamental rights or freedoms.
• Where we are under a legal obligation or an obligation under a contract to process/disclose the information.
• Where we need to protect the vital interests (i.e. the health and safety) of you or another person.

Some personal information is treated as more sensitive (for example information about health, sexuality, ethnic background and others. The legal basis for processing personal information is more limited. The reasons we can use are:

Special categories of personal data are defined within the GDPR and covers racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a person's sex life or sexual orientation
• Your consent.
• Where we need to protect the vital interests (i.e. the health and safety) of you or another person.
• Where you have already made your personal information public.
• Where we or another person needs to bring or defend legal claims.
• Substantial public interest grounds.

Information we may hold about you and how we use it

The information we hold on our records concerns our relationship with you. For example:
• We hold contact details for you, so we can communicate with you by your preferred means, and keep you informed about services we offer which may be useful to you.
• We may keep an electronic and/or hand-written record of your telephone calls and emails to us for monitoring purposes to ensure we are delivering a good service.
• We record the findings of our work and other research to help us improve our services and evidence-based policy ideas. The information you provide will be anonymous unless you agree that we can use your details.
This list is not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information so we can deliver services to you. Generally, the information we hold will have been provided by you when you contacted us to access our services, but we may also hold information provided by third parties. We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us from doing so.

How we manage your personal information

We process your personal information in accordance with the principles of the General Data Protection Regulation (‘GDPR’).
We will treat your personal information fairly and lawfully and we will ensure that information is: • Processed for limited purposes.
• Kept up-to-date, accurate, relevant and not excessive.
• Not kept longer than is necessary.
• Kept secure.
Access to personal information is restricted to authorised individuals on a strictly need to know basis.

We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate.
To help us to ensure confidentiality of your personal information we may ask you security questions to confirm your identity when you call us. We will not discuss your personal information with anyone other than you, unless you have given us prior written authorisation to do so.

      Return to the top of the page

Periods for which we will store your personal information

We will only hold your records during the period of our relationship with you and for a set period afterwards to allow us to meet our legal obligations.

Sharing your personal information

Normally, only Foreland Consulting Ltd staff will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes outlined above, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of the GDPR.
Where necessary or required, we may share information as follows:
• With third party service providers and or sub contractors, in connection with services performed on our behalf. Our relationships with such providers are governed by our contracts with them which include strict data sharing and confidentiality protocols.
This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:
• To meet our legal obligations.
• In connection with legal proceedings (or where we are instructed to do so by Court order).
• To protect the vital interests of an individual (in a life or death situation).

Your rights under the GDPR

You have a number of rights under the GDPR:
Access to personal information
Under the GDPR, you have a right to ask us what personal information we hold about you, and to request a copy of your information. This is known as a ‘subject access request’ (SAR). SARs need to be made in writing and we ask that your written request is accompanied by proof of your identify. We have one calendar month within which to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible).

      Return to the top of the page


If you need us to correct any mistakes contained in the information we hold about you, you can let us know by contacting us at

Erasure (‘right to be forgotten’)

You have the right to ask us to delete personal information we hold about you. You can do this where:
• The information is no longer necessary in relation to the purpose for which we originally collected/processed it.
• Where you withdraw consent.
• Where you object to the processing and there is no overriding legitimate interest for us continuing the processing.
• Where we unlawfully processed the information.
• The personal information has to be erased in order to comply with a legal obligation. We can refuse to erase your personal information where the personal information is processed for the following reasons:
• To exercise the right of freedom of expression and information.
• To enable functions designed to protect the public to be achieved e.g. government or regulatory functions.
• To comply with a legal obligation or for the performance of a public interest task or exercise of official authority.
• For public health purposes in the public interest.
• Archiving purposes in the public interest, scientific research historical research or statistical purposes.
• The exercise or defence of legal claims; or
• Where we have an overriding legitimate interest for continuing with the processing.

Restriction on processing

You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:
• You challenge the accuracy of the information (we must restrict processing until we have verified its accuracy).
• You challenge whether we have a legitimate interest in using the information.
• If the processing is a breach of the GDPR or otherwise unlawful.
• If we no longer need the personal data but you need the information to establish, exercise or defend a legal claim.

If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so. We must inform you when we decide to remove the restriction giving the reasons why.

      Return to the top of the page

Objection to processing

You have the right to object to processing where we say it is in our legitimate business interests. We must stop using the information unless we can show there is a compelling legitimate reason for the processing, which override your interests and rights or the processing is necessary for us or someone else to bring or defend legal claims.

Withdrawal of consent

You have the right to withdraw your consent to us processing your information at any time. If the basis on which we are using your personal information is your consent, then we must stop using the information. We can refuse if we can rely on another reason to process the information such as our legitimate interests.

Right to data portability

The right to data portability allows you to obtain and reuse their personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way. The right only applies to personal data you have provided to us where the reason we are relying on to use the information is either your consent or for the performance of a contract. It also only applies when processing is carried out by us using automated means.

Changes to this Privacy Notice

We keep our privacy notice under regular review and will place any updates on our website; you will be notified of any major changes to this policy.

      Return to the top of the page

Further information

For further information on how to request your personal information and how and why we process your information, you can contact us using the details below.
The Information Commissioner (ICO) is also a source of further information about your data protection rights. The ICO is an independent official body, and one of their primary functions is to administer the provisions of the GDPR.
You have the right to complain to the ICO if you think we have breached the GDPR. You can contact the ICO at:
Privacy Notice
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or ring 0303 123 1113.

Name & Company No:


Company No. 07428280

Whatever your requirements

Let Foreland Consulting Ltd help you find peace of mind.
We are proud members of WAPI
World Association of Professional Investigators
World Association of Professional Investigators


01843 593 698
0754 878 0633

Marlowe Innovation Centre
Marlowe Way
Kent CT12 6NA