Privacy Notice

Nicola Dibb Associates LimitedNicola Dibb Associates Ltd Privacy Notice


As the ‘controller’ of the information (‘personal data’) that we collect and hold about you – our ‘data subjects’ – we are responsible for how that data is processed. The word ‘process’ covers the things that can be done with personal data, including collection, storage, use and destruction of data.

This privacy notice explains why and how we process your personal data, and explains the rights you have, including amongst others, the right to request access to your data, and to object to the way it is processed.

We process your data so we can manage and support our relationship with you, comply with legal obligations, improve our services, and achieve our legitimate business aims.

Although we are not required by law to appoint a data protection officer, our Managing Director takes the lead on data protection matters. We are exempt from being registered with the ICO but we will update this notice if that changes, and this does not affect our obligations to comply with data protection law and uphold your rights.

Personal data

‘Personal data’ is any information that relates to a living, identifiable person. This will usually include your name, address, contact details, and other information we collect as part of our relationship with you, whether you are a Client, Associate, Supplier or anyone else we come into contact with through our work.

Some especially sensitive information is known as ‘special categories’ of data, and includes information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The use of this type of data, and of information about criminal convictions and offences, is subject to strict legal controls.

We only process data if we need to for a specific purpose, as explained below. Most often, we collect your personal data directly from you, through our contact with you.

Your data and how and why we process it


We process your name, contact details, and other information that we collect through our interactions with you, on the basis that it is necessary for our legitimate business interests of fulfilling our commercial contract with you and providing and improving our services.

If we send electronic marketing messages to you as an individual (rather than a business representative), we will do so only on the basis of your freely-given consent and you can opt-out at any time.

If we send hard copy marketing messages to you, we will do so for the purposes of our legitimate interests to increase awareness of our business, and you can opt-out at any time.

Associates and Suppliers

We process your name, contact details, and other information that we collect through our interactions with you, on the basis that it is necessary for our and your legitimate business interests of entering into a commercial contract with you, so we can provide and improve our services to our Clients.

Other business contacts

We process your name, contact details, and other information produced through our interactions, to enable us to manage our working relationship with you, on the basis of our business’s legitimate interests to be able to provide our services to those who need them, in the most effective way.

You have the right to object to any of this processing and we will assess any objection sensitively.

Why we share your data

We share the data we process with other organisations, only when we have a lawful basis to do so, or when we are engaging a supplier who will act as a ‘Data Processor’ on our behalf. ‘Processors’ are businesses who handle, or could potentially handle, personal data as part of providing a service to us, and include our IT system providers, email providers, website hosts, Accountant and other relevant professional service suppliers.

Other organisations we share data with include the HMRC and banks for processing tax and payments, and we will co-operate with police and other authorities if we are asked to, in order to investigate or prevent crime, including fraud, and other unwanted behaviours such as incompetence in public roles.

How we store your data

Your personal data is held in both hard copy and electronic formats. Where we store or transfer your data outside of the UK we do so only where we have judged there to be appropriate safeguards in place to control the protection of your data, including the data being in a country that has been assessed as ‘adequate’ or we have entered into Standard Contractual Clauses or an International Data Transfer Agreement.

How long we keep your data

Your data is only kept for as long as there is a lawful reason to retain it. Some of our retention periods are based on legal requirements, and others are based on the practical reasons we need to keep the data for a certain period of time.

Once we reach the retention period, we will securely delete the relevant data, unless we are legally required to keep it longer, or there are legal reasons why we should keep it longer.

Your rights as a data subject

As a data subject, you have the following rights in relation to your personal data:

  • To be informed about how and why your data is handled, which we do in a large part through this Privacy Notice;
  • To gain access to copies of your personal data (sometimes known as making a Subject Access Request or SAR);
  • To have errors or inaccuracies in your data changed;
  • To have your personal data erased, in limited circumstances (sometimes known as the ‘right to be forgotten’);
  • To object to the processing of your personal data for marketing purposes or when the processing is based on the public interest or other legitimate interests;
  • To restrict the processing of your personal data, in limited circumstances;
  • To obtain a copy of some of your data in a commonly used electronic form, in limited circumstances (known as the right to data portability);
  • Rights that ensure you are not unfairly affected by any profiling or automated decisions.

If you wish to make a Subject Access Request or exercise any of the other rights, or have any other data protection queries, please contact us at

 We will respond to you as soon as possible, and within one month for a request to access, rectify, erase, restrict or object to processing of, your data, or a request for data portability.

For more information about these rights, please see the ICO’s website or contact us.

Withdrawing consent

If we are relying on your consent to process your data, you may withdraw your consent at any time by contacting us.

Complaints to the Information Commissioner

You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your personal data, although please allow us the opportunity to sort out the issue first. You can make a complaint on the ICO’s website

Website Cookies

Our website uses essential cookies which are necessary for the proper operation of the website, as well as non-essential cookies namely Google Analytics cookies, which can identify your IP address, but not any other personal details.

Our Cookies bar on the website allows you to choose whether to accept the non-essential cookies.

If you prefer to turn off essential cookies as well as non-essential cookies, you can turn them off in your browser, but please be aware that the website will not operate as intended.

This Privacy Notice was last updated April 2022.