Skip to main content

Privacy and cookies policy

Privacy and cookies policy

When we interact with you, we may collect, use and store your personal data.

The aim of this document, or “privacy policy” is to explain how and why we do this, and what your rights are.

This policy also explains how we use electronic trackers (such as cookies) to ensure our site works and to measure our audience.

Who we are and how to contact us

DPO by Design UK Limited (“DPO by Design”, “we”, and “us”) is a company registered in England, company number 13630872, registered office 71-75 Shelton Street, London, WC2H 9JQ, UNITED KINGDOM.

Please contact us by email at

What personal data do we process?

We process the personal data of people we are in contact with.

This may in particular include users of our website and the members of staff of our customers and suppliers.

Personal data processed in this context may include:

  • Your name,
  • Your contact details (e-mail address, postal address, telephone number, etc.),
  • Professional information about you (job title, company, etc.),
  • Information you provide through our contact form,
  • Information you provide during our professional relations (email and other communications, billing information, etc.)
  • Connection information on your use of our website. We collect this information using electronic trackers such as cookies (see below “Cookies” section).

We always aim to limit the personal data we process to the minimum necessary to provide you with our services. You can always request the correction or deletion of your personal data (see below “your rights”).

When we collect your personal data, you will be informed whether the information is optional or if we need it to respond to your requests or provide you with our services.

How and why do we use your personal data?

Our main data processing is summarised below, together with a description of the purpose and legal basis for the processing.

ProcessingPurposeLegal basis

Reviewing and responding to your requests:

When you contact us, we review the content of your request and may then respond to you, using the contact details provided.
Managing contact requests we receiveOur legitimate interest in responding to requests we receive.

Managing client matters:

As part of our services, we may process the personal data of our clients and, where applicable, of their staff members, clients and suppliers
Operational and administrative management of our customers' files.Our legitimate interest in providing our professional services.

Training courses, conferences and events:

When we provide training or organise conferences or other events, we process the personal data of the people who participate or are invited to them, in particular by sending invitations or materials, and more generally by ensuring the follow-up of the people participating.
The organization of our trainings and other events.Our legitimate interest in managing the training courses, seminars and other events that we organise.

Management of our suppliers:

We may process the personal data of natural persons who provide services to us, as well as those of the staff members of our suppliers when they are legal entities. The processing includes administrative activities necessary for the management of our relations with our suppliers (sending of correspondence, storage, analysis, filing, duplication, archiving or transmission of data, etc.).
The proper functioning of the firm and the correct management of its relations with its suppliers.

Our legitimate interest in managing our relationship with our various suppliers.

Where the supplier in question is a natural person, the necessity of the processing for the performance of the contract signed with that person.

Consent of non-clients.


We process data from people who have applied for a job with us.
Application management.Our legitimate interest in processing the applications we receive.

Legal and regulatory obligations / Legal defence:

We may process your personal data in order to comply with our legal obligations or with requests from public authorities and courts. We may also process data in order to defend our legal rights.

Comply with our legal obligations.

Defend ourselves in court.

Legal obligation.

Our legitimate interest to prepare our legal defence.


Cookies and other trackers

Like most website publishers, we use electronic trackers, including cookies, to enable the identification of your computer, smartphone or tablet.

A cookie is an electronic identifier that a website or application sets on the device you use to consult it (computer, smartphone, tablet, console, etc.). The cookie allows your device to be identified when you connect to the same site, or to a partner site or application. Other technologies, such as web beacons, pixels or fingerprinting, may also be used to identify the device for various purposes. For example, cookies may allow a website to store information about your preferred settings, the pages of the site you have visited and your browsing habits. As a result, they can be used to optimize the user's experience on the site, as well as to provide the user with targeted advertising or personalized services.

We use cookies on our website, including for the following purposes:

  • To save your settings while you are on our website,
  • To monitor the performance of our website and systems,
  • To allow tracking of traffic on our site,

When you connect to our site, you are informed by means of a banner allowing you to accept or refuse cookies, or to select the types of cookies you wish to allow.

You can change your preferences at any time by clicking on the Cookiebot icon in the bottom left corner.

Who do we share your personal data with?

In order to ensure the efficient processing and security of your personal data, we may communicate them to our suppliers and professional advisers, for example in the field of accounting, IT maintenance, hosting, archiving and management of our websites.

In the context of handling client matters, we may be required to communicate the personal data of the persons concerned by the matter in question to the other parties involved, as well as their professional advisors, as well as to public authorities where necessary.

We may also disclose your personal data in the specific circumstances listed below:

  • as a result of the law, in the context of legal proceedings, litigation and/or a request from public authorities;
  • if such disclosure is necessary for national security, law enforcement or other public interest purposes;
  • if such disclosure is reasonably necessary to enforce compliance with applicable laws and regulations or to protect our business and customers;

In the event of future sales, restructuring or investment transactions involving DPO by Design, information about you may (where strictly necessary) be processed in the context of due diligence procedures, during which potential investors or acquirers or their professional advisors conduct a preliminary analysis of various aspects of the business in order to assess its value.

How long do we keep your personal data?

We keep your personal data only for as long as is necessary to provide the services you have subscribed to, taking into account the following criteria in particular:

  • The nature and purpose of the processing operations in question,
  • The categories of data processed,
  • The applicable limitation periods,
  • The applicable contractual provisions,
  • Industry standards,
  • The recommendations of competent data protection authorities

What are your rights over your personal data?

Your rights over your personal data include:

  • Access: You can ask us for access to your personal data which we process,
  • Rectification: You can ask us to correct your personal data if it is inaccurate,
  • Erasure: You can ask us to delete your personal data ("right to be forgotten"),
  • Restriction: You can ask us to restrict the use of your personal data (for example, where you do not wish us to delete it),
  • Right to object: You can object to the processing of your personal data by us,
  • Portability: Where relevant you can request your personal data in a usable electronic format, to be transmitted to another organization

If the legal ground for processing your data is your consent, you can withdraw this at any time. In this case, the lawfulness of the processing carried out before the withdrawal of consent is not affected.

To exercise your rights, contact us by email at

You also have the right to file a complaint with the competent national supervisory authority.

Where do we store your personal data?

We store all personal data on servers in the European Union.