Privacy Policy

Dear Customer,

Notice regarding personal details held in relation to our trading relationship

On 25 May 2018 the UK enacts the General Data Protection Regulation which provides a much stronger regulatory environment over the protection of Personal Data held by businesses.

Personal Data of your Employees held by ourselves.

We (CNS Consultancy Services Ltd) acting as a Data Controller hold Personal Data originating from your entity in relation to our business relationship. This Personal Data takes the form of contact names and e-mail addresses, phone numbers or other contact details and we hold it in order to maintain our business relationship with you which we believe constitutes a legitimate business interest.

Our business interest does not over-ride your rights and freedoms should you object to our holding of this data. Should you wish to object or use any of your other personal data rights (such as the right to rectification, the right of access or the right to erasure) then please contact the person named on this letter, or any other CNS contact you may have and we will act accordingly.

Where such a request leads to an erasure or restriction to processing, and where we believe a business contact is essential to maintain our business relationship we may request an alternative contact be provided, with such Personal Data also to be covered by this statement.

Personal Data of this sort held within our business is covered by our Data Protection Policy and specifically by an internal Personal Data Process which has an owner within the relevant business department, and ensures that an adequate level of protection is held over the Personal Data stored.

The Personal Data will not be shared with third parties, or stored outside of the UK or your home country, but may be passed to other CNS colleagues relevant to the business relationship. It will not be used for any other reason than maintenance of our business relationship and will only be kept whilst that relationship is ongoing and for a short period (up to one year) afterwards whilst queries may arise, unless you authorise us to keep it for longer.

If you feel we are using your Personal Data incorrectly, then please contact us directly and we will aim to rectify this, or you can complain directly to the information commissioner (

Personal Data of our employees held by yourself.

We expect that you will hold personal names and contact details for employees of CNS Consultancy Services Ltd during our business relationship with yourself.

In such a case we consider that you are the Controller for the data passed to you, and where the data is passed by a third party or alternative CNS contact that you immediately notify the CNS employee to state that you are holding their data in relation to our business relationship.

We expect that you will abide by the regulations of the General Data Protection Regulation and reserve the right to request details regarding your policies on retention of our employees’ data, the security under which it is held or any other information on your compliance activities.

Strictly, we insist that none of the data relating to CNS employees is passed on to third parties, stored in countries outside the EU, the UK or your home country, or subjected to automated processing.

Where a CNS employee exercises their rights under the GDPR, we expect that you will react accordingly, particularly in reference to the Rights of Access, Erasure and Rectification.

On our part we will endeavor to ensure that you have up to date details and are informed of employees that leave the organisation, and therefore whose details are no longer required to maintain the business relationship.

We reserve the right to complain to the Information Commissioner, and/or end our business relationship should any failure to protect Personal Data or CNS employees occur.


Brian Smithwick

Managing Director

CNS Consultancy Services Ltd