Data Protection and Privacy Policy

This policy

This is the data protection and privacy policy for Holdingham Group Limited, trading as Hakluyt & Company, Hakluyt Cyber and Pelorus Research (we/us/our), that explains who we are, why and how we process personal information (also referred to here as personal data) and your rights and how to contact us if you need to.

This policy details how we treat personal data in all of our business operations and sets out:

Our contact details are set out at the end of this policy. We are the controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise).

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Information we collect about you

We may process your personal data if:

  • You or the company you work for are a client or a supplier of ours.

  • You or the company you work for have access to our services.

  • You work for a client or a supplier of ours, or for someone who uses our services.

  • You are someone (or you work for someone) to whom we want to advertise or market our services.

  • You are a person of interest to a client of ours which may mean you are:

    1. A prospective employee;

    2. A prospective business partner or employee of a prospective business partner;

    3. A prospective investor or employee of a prospective investor; or

    4. A competitor or employee of a competitor of one of our clients.

Information we collect from you or from a third party

We may process your personal data that we have either obtained from you, or obtained from somewhere else. Personal data which is not collected directly from you may be collected:

  • From your employer in connection with your job and how it relates to us or one of our clients.

  • From third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services and open source research providers).

Personal data relating to you that we process may include:

  • Your name.

  • Who you work for, your job function, career history and professional achievements.

  • Your address, phone number, email address or other contact details - these details may relate to your work or to you personally, depending on the nature of our relationship (or that of our client) with you or the company that you work for.

  • Information about you that you give us by communicating with us by post, by phone, by e-mail or otherwise. It includes information you give us or that we obtain when you use our services, supply us with goods or services, enquire about a service, pay for our services, or contact us to report a problem, or do any of these things on behalf of the person that you work for.

  • Information relating to transactions with us involving you or the company you work for (for example, details of services that we have supplied to, or goods and services that we have obtained from, you or the person you work for).

  • Other information relating to you which it is necessary for us to process in order to enter into or perform a contract with you or the company you work for (for example, right-to-work information and information obtained from credit reference agencies where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone else that you work for or are otherwise related to).

  • Information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).

  • Information relating to you that you give us or we otherwise obtain when you visit us whether at one of our offices or in any other location (for example, if you sign in or are recorded on CCTV while visiting us).

How we use your information

Information you give to us:

We will use this information to:

  • Take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you or the company you work for and us including:

    • supplying services to you or the company you work for or receiving goods or services from you or the company you work for, as the case may be;

    • administering your/your company's relationship with us;

    • verifying and carrying out financial transactions in relation to payments you make in your own capacity or on behalf of your company;

    • notifying you about changes to our services.

  • Provide you with information about our services, if you have given your consent to receiving marketing material from us at the point we collected your information, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications.

Information we receive from other sources

We may combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive) or in order to deliver services to our clients.

You can see a summary of which data we process for what purposes and the lawful basis for such processing here.

Who we give your information to

We may share your personal data with:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.

  • Appropriate third parties including:

    • our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business;

    • our auditors, legal advisors and other professional advisors or service providers;

  • Third party agents with whom we work, subject to appropriate confidentiality terms, to obtain and verify reliable information about persons of interest.

Other disclosures we may make

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.

  • If Holdingham Group Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the company you work for; or to protect the rights, property, or safety of Holdingham Group Limited, our clients, employees or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where do we store your information?

The data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.

We may transfer your personal information outside the EEA:

  • In order to store it.

  • In order to enable us to provide services to and fulfil our contract with you or the company your work for. This includes processing of payment details and the provision of support services.

  • Where we are legally required to do so.

  • In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy.

Payment processing

Any payment details you provide us will be securely transferred to our banking partners to fulfil agreed payment for services.

How we protect your information

We implement security safeguards designed to protect your data. We regularly monitor our systems for possible vulnerabilities and attacks. We regularly assess the effectiveness of the security mechanisms we have implemented, and make improvements as we deem necessary. However, we cannot warrant the security of any information that you send us.

How long we keep your information

We retain personal data provided to us by you for administrative purposes for as long as you have a relationship with us in order to meet our contractual obligations to you or your employer and for six years after that to identify any issues and resolve any legal proceedings.

We retain personal data collected and processed in order to deliver our services to clients for the minimum period necessary, which may be up to one year. Where possible we use automatic mechanisms to enforce our data retention policies and we regularly check to ensure that our policies are being adhered to. Personal data collected and processed in order to deliver our services to clients may be retained longer if we are required to preserve records for legal purposes.

Your rights

You have the right under certain circumstances:

  • to be provided with a copy of your personal data held by us;

  • to request the rectification or erasure of your personal data held by us;

  • to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);

  • to object to the further processing of your personal data, including the right to object to marketing;

  • to request that your provided personal data be moved to a third party.

Your right to withdraw consent:

Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at privacy@holdingham.com.

How to exercise your rights

You can exercise the rights listed above at any time by contacting us at privacy@holdingham.com.

If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html ). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.

Changes to this policy

Any changes we make to our privacy policy in future will be posted on our website at www.holdingham.com and, in relation to substantive changes, current clients may be notified by e-mail. This policy was last updated in July 2018.

Contact us

Our full details are:

Holdingham Group Limited
34 Upper Brook Street
London W1K 7QS
United Kingdom


Purpose and lawful basis for processing of personal data

This table sets out:

  • What personal data we process

  • What we use that data for

  • The lawful basis for the processing

It forms part of our privacy policy which you should also read.

Purpose/Activity Type of data Lawful basis for processing
Client Relationship Management

Managing our client relationships through maintaining contact (including through ad hoc marketing), delivering work product and processing invoices

  1. Identity (of client employees and contacts) data

  2. Contact data

  3. Marketing and Communications data

  1. Performance of a contract with our clients – processing necessary to deliver work product or agree terms

  2. Necessary for our legitimate interests and/or legal obligations – retention of contact and transactional data following the conclusion of a professional engagement for record keeping, legal and accounting purposes

  3. With consent – marketing contacts

Corporate Strategy

Consulting publicly available sources and industry experts on behalf of clients, including: assessing the quality and reputation for probity of senior management teams and key individuals in potential acquisition targets and/or partners; advising on regulatory and policy developments; and considering potential opportunities in new markets. Reporting our findings to our clients

  1. Identity data

  2. Profile data

  3. Biographical data

Necessary for the legitimate interests of our clients – to ensure that any transactions and/or partnerships entered into by our clients are with suitable counterparties, and/or that appropriate strategies are in place for understanding and managing regulatory and policy issues

Dispute Resolution Support

Assisting clients involved in disputes or potential disputes to manage and prepare for litigation or dispute resolution by consulting publicly available sources and industry experts, assessing litigation and settlement strategy, and settlement enforcement; reporting our findings to our clients

  1. Identity data

  2. Profile data

  3. Biographical data

Necessary for the legitimate interests of our clients - to enable our clients to manage their business, dispute and litigation strategy appropriately and to resolve disputes and potential disputes as swiftly as possible

Recruitment Support

Assisting clients in vetting potential senior hires by consulting publicly available sources and industry experts; reporting our findings to our clients

  1. Identity data

  2. Contact data

  3. Profile data

  4. Biographical data

Necessary for the legitimate interests of our clients – to ensure that board level and other senior management candidates meet suitability requirements. Candidates should have a reasonable expectation that background checks will be undertaken and clients are requested to put candidates on notice to this effect