Privacy Policy

How we collect, use and protect your personal data

Leaman Crellin is strongly committed to protecting personal data. This privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person. When we use “you” or “your” in this privacy policy, we are referring to the relevant individual who is the subject of the personal data. Leaman Crellin Limited processes personal data for numerous purposes. The means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our privacy policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this privacy policy.

1. Our Approach to Privacy

The data we gather may include personal identification information from visitors to our website when they use our site and when they submit an enquiry via the contact form on our website. We will collect personal identification information if they voluntarily submit such information to us.

We act primarily as a data processor for our clients. This means that we do not control the collection, use and storage of personal data provided to us by our clients. Other than to carry out our obligations under our contracts with them, in accordance with the terms of those contracts. Consequently if we are processing personal data supplied to us by a client and a data subject raises a query with us, we will refer that query to our client rather than deal with it ourselves.

Should there be circumstances where we are not acting as a data processor for our clients, Leaman Crellin would be the controller and responsible for any personal data.

2. What Type of Information We Have

Leaman Crellin Limited currently collects and process the following information:

  • Personal identification information such as personal identifiers, contacts and characteristics (for example, name and contact details)
  • Transaction data such as payments made to and from you, services you have obtained from us, as well as your usage of our website and services.
  • Technical data such as information from your visit to our website that may include your IP address, browser type, time zone and location.

We do not collect special category personal data (such as information about health, ethnicity, or political opinions).

3. How We Get The Information and Why We Have It​

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made direct contact with us: completion of our online contact form, sent us an email or letter, contacted us by telephone or in person.
  • You have used our services or attended an event in which we have both participated.

We also receive personal information indirectly when you log onto our website and our systems have collected cookies or similar which capture technical data. We have obtained data from a third party or public source.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • We have a contractual obligation.
  • If we need it to comply with a legal obligation.
  • We have a legitimate interest that is not overridden by your interests or fundamental rights and freedoms. Our legitimate interests include: administering and developing our business relationship with you; marketing our services to existing and prospective clients; and maintaining records for regulatory and professional purposes.

If you have consented to us doing so. You are able to remove your consent at any time. You can do this by contacting privacy@leamancrellin.co.uk

4. What We Do With The Information We Have

Your information is used to deliver compliance consultancy and training services.

From time to time we may also use your personal data to inform you about our services and informational updates such as, about regulatory developments.

Your personal information is never sold to or traded with others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners and trusted affiliates for the purposes outlined above.

5. How We Store Your Information

Appropriate data collection, storage and processing practices and security measures are in place to protect against unauthorised access, alteration, disclosure or destruction of any personal information that we may hold.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected. For prospective clients who make enquiries, we typically retain contact details for up to two years. For clients with whom we have a contractual relationship, we retain records for seven years after the end of our engagement, in line with our professional obligations.

7. International Transfers

Your data is stored and processed primarily within the United Kingdom. We use cloud-based service providers including Microsoft (OneDrive and SharePoint) and WordPress hosting which may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements or reliance on adequacy decisions made by the UK Government.

8. Cookies and Analytics

Our website uses cookies, which are small text files placed on your device. We use essential cookies necessary for the website to function, and analytics cookies to help us understand how visitors use our site. Our analytics tools include Google Analytics, Bing Analytics, and built-in WordPress analytics. You can accept or decline non-essential cookies when you first visit our website, and you can change your preferences at any time through your browser settings. For more information about managing cookies, visit www.allaboutcookies.org.

9. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling.

10. Your Data Protection Rights

Under data protection law, you have rights over your personal data, including:

  • Access: request a copy of the personal information we hold about you.
  • Rectification: have us correct information you believe is inaccurate or incomplete.
  • Erasure: request deletion of your personal information in certain circumstances.
  • Restriction: limit how we use your data while a concern is being resolved.
  • Objection: object to our processing of your data in certain circumstances.
  • Portability: receive your data in a portable format or have it transferred to another organisation.

We do not charge you for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at privacy@leamancrellin.co.uk if you wish to make a request.

11. How to Complain

Ideally you won’t ever need to complain and that if you do we can resolve it with you. If you do want to complain about our use of personal data email privacy@leamancrellin.co.uk with the details of your complaint. We will look into and respond to any complaints we receive.

You have the right to complain to the UK data protection regulator, the Information Commissioner’s Office, if you are unhappy with how we have used your data. The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

For further information on your rights and how to complain to the ICO, please refer to their website: https://ico.org.uk/for-the-public/

Last Updated

Last updated 22 January 2026.