Privacy Policy


Pendragon Consultancy takes your privacy extremely seriously. It is our responsibility to treat your personal information with the upmost care. Pendragon Consultancy adheres to all relevant legislation, in particular the EU General Data Protection Regulation (GDPR) legislation. This policy sets out our approach and how we collect and use personal information from you.


Pendragon Consultancy is a data controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this policy.

Please note that this policy may be updated at any time. For the avoidance of doubt this policy is non-contractual and does not form part of any contract you have agreed with us.

You may give your personal details to Pendragon Consultancy directly, through an application or registration form or via our website. Pendragon Consultancy must have a legal basis for processing your personal data.

Personal Data – Lawful Basis

The law states you must have a valid lawful basis in order to process personal data. Out of the 6 listed, Pendragon Consultancy uses 4 of which we detail below:

• Contract – The processing is necessary for a contract you have with an individual, or because they have asked you to take specific steps before entering into a contract.

• Legal Obligation – The processing is necessary for you to comply with the law.

• Consent – The individual has given clear consent for you to process their personal data for a specific purpose.

• Legitimate Interest – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Retention of Data

Pendragon Consultancy will only retain your data for as long as there is either a statutory requirement for us to do so or to be able to provide a service to you. This will usually require us to retain your personal data after our business relationship has ended for accounts, records and legal purposes and to deal with any account support questions. All data will be securely destroyed once our legal requirements are met and the law pertaining to those requirements allow us to do so.

Removal of Data

You are able to request the removal of your personal information at any time where there is no good reason for us continuing to process it or have a legal requirement for storing it. You are able to request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. It is important to note that whilst your personal data is suspended our contractual obligations may not be fulfilled.

If at any stage you wish to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing. Please note that such request will not incur a fee, we may however charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Please note such requests for data will require security questions to be answered to ascertain the identity and right to such information.


In line with data protection obligations, we are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Our services are hosted from datacentres within the EEA, we are also committed to undertake regular vulnerability scans of our websites and services to ensure your data is fully protected.

Data Sharing

We may have to share your data with third parties, including third – party service providers and other entities within the group.

We require third parties to respect the security of your data and to treat it in accordance with the law in the same way we do. We obtain a full copy of their data and privacy policy and will only continue this relationship subject to our satisfaction of the documentation received. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will only share this data where necessary to fulfil the contractual obligations we have agreed as your employer. This could be:

• Where required to do so by law, for example liaising with HMRC
• To fulfil our insurance obligations
• To manage your assignments
• To demonstrate our own compliance
• Where we have obtain your consent

A full list of our third party operators can be provided if you wish to have a copy.


Cookies are small data files sent by a web server to a web browser when that browser visits the server’s website and are stored by the browser on the computer’s hard drive. Cookies enable the web server to monitor activity on the website and make it easier for the user to log on to and use the website on future occasions.

We may issue cookies to your computer when you log on to the Site unless you stated your objection to receiving them when providing your details to us. We may use information from cookies in the administration of the Site, to improve the Site and/or for marketing purposes. We may also use this information to identify your computer when you visit the Site and to personalise the Site for you.

You can set your computer’s web browser to reject cookies, although you may then not be able to use certain features on the Site. If you do not wish to receive cookies in the future, please email us at

Complaints or Queries in regards to your Privacy or GDPR

Pendragon Consultancy have appointed a Data Protection Officer to oversee the compliance and continued review of this policy.

If you have any questions/queries or complaints in regards to this policy we ask that you place this in writing and send to: or via post to FAO: DPO Officer Pendragon Consultancy, High Oaks Business Centre, 15/17 Gentlemansfield, Ware, Herts, SG12 0EF