top of page

Privacy Policy

This website http://www.candidusconsulting.com is owned and operated by Candidus Consulting Limited (a limited company registered in England and Wales under number 11256698) (“Candidus Consulting“, “we”, “our”, and “us”).
 

Candidus Consulting Limited is committed to protecting your personal data. Personal data is any information that is capable of identifying you as an individual. This policy explains how we collect and use personal data that we obtain through the Site and other means, such as email, in person or from other third party sources.

 

This policy does not apply to personal information you might provide to us or we might collect in the context of our providing you with consulting services which are subject to the provisions in the non-disclosure agreements and our engagement contracts.

​​

The Site are not intended for or directed at children under the age of 16 years and we do not knowingly collect data relating to children under this age.

​​

We are not registered with the Information Commission’s Office as we are only processing personal data for the core business purposes.

​​

Data Protection Principles

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, personal data must be processed in accordance with six key principles. It must:

  • Be processed fairly, lawfully, and in a transparent manner;

  • Be collected and used only for specified, explicit, and legitimate purposes;

  • Be adequate, relevant, and limited to what is necessary for those purposes;

  • Be accurate and, where necessary, kept up to date, with inaccurate data rectified or erased without delay;

  • Not be retained for longer than is necessary for the purposes for which it is processed; and

  • Be processed securely, using appropriate technical and organisational measures.

We are responsible for, and must be able to demonstrate compliance with, these principles.

 

What Information Do We Collect?

We may collect personal information when you:

  • Visit our website;

  • Contact us to discuss potential project work;

  • Enter into a client or supplier agreement with us;

  • Agree to participate in research relating to our clients’ products or services; or

  • Apply for employment or engage with us regarding recruitment.

This may include your name, contact details, organisational information, email correspondence, and any information you voluntarily provide in relation to our services.

​

What Information Do We Not Collect?

We do not routinely require or process special category data, including information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or sexual orientation.

 

How We Use Your Information

When you visit our website, anonymous information about your visit may be collected to help us understand site usage and improve functionality. If you use our contact form, we may record your email address and the information you provide.

We may collect, hold, use, and disclose personal data where necessary for:

  • Performing our contractual obligations to clients;

  • Complying with legal or regulatory requirements;

  • Responding to enquiries;

  • Pursuing our legitimate interests in marketing our services to current and prospective clients (where permitted); or

  • Assessing candidates for employment.

We will not use or disclose your personal information for purposes unrelated to those above without your consent, unless we are legally authorised or required to do so under the laws of England and Wales.

If you no longer wish to receive marketing communications from us, please contact info@candidusconsulting.com.

 

Will We Disclose Your Data?

We may disclose personal data—confidentially and only where necessary—to clients, associates, or trusted third parties to fulfil contractual commitments. Such disclosure will only occur with your knowledge and agreement.

We may also share information for administrative, accounting, audit, or regulatory purposes.

All third parties that handle personal data on our behalf are required to:

  • Keep your information secure and confidential;

  • Process it only for lawful, agreed purposes; and

  • Act strictly in accordance with our instructions and applicable data protection law.

How Long Will We Retain Personal Data?

We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including statutory, accounting, or reporting requirements. Retention periods are reviewed regularly.

 

Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right to be informed about how your personal data is used (as set out in this notice).

  • Right of access to your personal data through a subject access request (ID verification required).

  • Right to rectification of inaccurate or incomplete data.

  • Right to erasure where data is no longer required or where processing is unlawful.

  • Right to restrict processing in certain circumstances.

  • Right to object to processing based on legitimate interests, and to all direct marketing.

  • Right to data portability, allowing you to obtain and reuse your data across services.

  • Rights related to automated decision-making, including profiling (we do not undertake these activities).

  • Right to be informed of a data breach that poses a high risk to your rights and freedoms.

  • Right to withdraw consent at any time where consent is the basis for processing.

To exercise your rights or request changes to your personal information, please contact us.

 

Complaints

If you have concerns about how we handle your personal data, you have the right to complain to the Information Commissioner’s Office (ICO). Details are available on the ICO website at ico.org.uk, where further information on your rights can also be found.

 

Cookies

This website uses Google Analytics to help us analyse user behaviour and improve functionality. Google Analytics places cookies on your device to collect standard internet log information and visitor behaviour data. Google may store or process this information on servers outside the UK and may transfer it to third parties where required by law. Google will not associate your IP address with any other data held by Google.

You can set your browser to refuse cookies; however, some website features may not function correctly as a result. For more information on cookies, please visit aboutcookies.org or allaboutcookies.org.

​

How to Contact Us

Please review this notice periodically, as it may be updated from time to time. If you have any questions about this Privacy Notice or the information we hold about you, please contact us at:  contactus@candidusconsulting.com

​

bottom of page