Our Privacy Policy

Our Privacy Policy

This document explains the details of how Change & Transformation will use personal data where it is obtained.  This privacy policy is effective from 25/5/18.

It is important that you read this policy and contact us if you have any questions or concerns about how your data will be used.  You have the right to ask us to remove your personal data from our records at any point and we will cease to contact you immediately.

This policy will cover the following;

  • Our details
  • How we collect your data
  • Type of personal data we collect
  • How we use your data
  • How long we keep your data on our records
  • How we keep your data secure
  • When we inform you of our privacy policy
  • Automated decision-making
  • Passwords
  • Mailing
  • Portable electronic devices
  • Use of cookies
  • Transfers of your personal information
  • Your personal data rights
  • Acting on data breaches
  • Consequences of not providing personal data to us
  • Changes to our privacy policy
  • Changes to your personal data

 Our details

The data controller for our website (www.changeandtransformation.co.uk) and mailing lists is Laura Mack (Change & Transformation, Company no: 09050369).  You can contact Laura by;

  • Writing to Change & Transformation, Fusion Hive, North Shore Road, Stockton-On-Tees, TS18 2NB


The data controller/ processor for any data collected by Google Analytics, Facebook, Twitter, LinkedIn, and Google+ is the independent platform, not Change & Transformation. We do use these platforms but we do not collect, store or use any personal data from them and cannot control how they use your data.

 How we collect your data

When you provide us with it directly by contacting us first, providing us with it in person (for example by giving us your business card) or by signing up to receive information from us through our website, via our ‘Want to hear more from us?’ form or our ‘Contact Us’ form.  We may also contact you via details which are displayed for public use, for example on your company website, or via a third party introducer where you have given them consent.

 Type of personal data we collect

We may collect any of the following forms of personal data; name, email address, company.

We may also, with your permission, take photographs of you to use on our social media and advertising materials.

We use Google Analytics, MailChimp and social media platforms (Facebook, Twitter, LinkedIn, and Google+) who may collect additional data, such as your IP address and other information about your computer.  Change & Transformation do not have control over this data and will not collect, store or use it. If you do not want these websites to collect your data, you will need to alter your settings (for your social media or Google accounts) or ask us to remove you from our mailing list (MailChimp), which will result in you no longer receiving updates from us.

 How we use your data

Your data may be used for administrative and business purposes, for advertising and analytical purposes, or for purposes relating to our legal obligations.  We will only use your data for additional purposes if you have given us explicit consent to do so. We will only disclose personal data to third parties to the extent necessary to run our business, to fulfil any contracts we have with you, or where we are required by law. We do not sell personal information to third parties.  You have the right to restrict the ways in which we use your data, by informing our data controller in writing.

 How long we keep your data on our records

We keep your personal data on our records for as long as necessary with regards to any legal obligations we have (e.g. to maintain records for tax purposes) and any other legal basis we have for using your personal information, which includes your consent and also to be able to carry out terms of a contract with you.  We will not keep your data if you ask us to remove it from our records, unless we have a legal obligation for which we need to use it. We will not keep your data on our records for any longer than we think it is necessary to keep it for.

 How we keep your data secure

We take appropriate measures to ensure that your personal data is secure.  All of our computers which have access to the data are password protected, as are any accounts where the data may be stored. We keep our office locked when we are not using it, so any personal data contained in our paper files cannot be accessed by anyone who is not employed Change & Transformation.  We ensure that any personal data that we no longer need in hard copy is shredded before we discard it.

When we inform you of our privacy policy

We provide the details of our privacy policy at the point of first contact with the individual whose personal data we hold.  If you provided us with your data via our website, you will have been asked to confirm that you have read our privacy information at the time of submitting your data to us.  If you contacted us initially but not via our website, you can find details of our privacy policy in this document (our privacy policy, which can be found on the ‘contact us’ page of our website).  We will always provide a link to our privacy policy in any email newsletters that you receive from us, and you will always be given the opportunity to unsubscribe from our mailing list.

Automated decision-making

We do not use automated decision-making or automated profiling to process the personal data that we hold. All personal data will be organised and processed by employees of Change & Transformation.


We use strong passwords to protect all of our computers and any accounts through which your data can be accessed.  These passwords are only known to Change & Transformation employees and will not be shared with anyone else.  If we believe that someone else may have gained access to one of our passwords, we will immediately reset the password for that account.  Where we are logged in to password protected accounts, we do not leave our electronic devices unattended, unless they are locked away in the office.


We occasionally send out email updates to our contacts, with updates on Change & Transformation and anything we think might be interesting or useful to them.  If we have had your personal data on our records since before 25/5/18 you should have been asked to give us your consent to continue receiving these emails.  You always have the right to opt out of these emails, by contacting our data controller.  If you would like to receive these email updates from us, please contact our data controller and we will add your data to our list.

Portable electronic devices

Where we have access to accounts which hold your data via portable electronic devices, such as mobile phones, we ensure that the device is protected by a password or PIN code to prevent anyone outside of Change & Transformation from accessing it.  We also make sure that any information held on memory sticks is protected by keeping them locked away in the office.  Only individuals employed by Change & Transformation can gain access to the data.

Use of cookies 

We do not use cookies to collect information, however some of the resources we use do. We use Google Analytics to analyse the use of our website and we also use social media platforms (Facebook, LinkedIn, Twitter, and Google+).  These platforms use cookies and we do not have any control over the data they collect.  If you do not want to accept the use of cookies, you will need to look at your settings.

 Transfers of your personal information 

We will not transfer your personal data outside of the European Economic Area.

 Your personal data rights 

You have the right to access your data at any time and to be informed about its use.  You have the right to correct, update or delete your personal data at our records at any time.  You may ask us to restrict the use of your personal data, object to its use, or withdraw your consent to its use at any time. You also have the right to complain to a supervisory authority if you feel that we are misusing your personal data or breaking the terms of this policy.

Acting on data breaches

Examples of data breaches include the loss of a memory stick, data being sent to the wrong address, the theft of a laptop, hacking etc.  If we suspect that personal data we hold has been breached we will inform the ICO at the earliest opportunity, and certainly within 72 hours.

Consequences of not providing personal data to us

In cases where we have agreed a working contract with you and you have not been able to provide us with the relevant details to fulfil that contract, the consequences could possibly affect our ability to deliver the work and/ or make payment.  If we do not have a working contract with you and you do not provide us with your personal data, we will not contact you and you will therefore not receive any of our email newsletters or updates.

 Changes to our privacy policy

We regularly review and, where necessary, update our privacy information. Any changes to our privacy policy will be updated in this document (our privacy policy, which can be found on the ‘contact us’ page of our website). We put ourselves in the position of the people whose data we hold. If we make any changes that we think will affect your permissions (such as planning to use your data for a new purpose) we will contact you to inform you of these changes before proceeding.

Changes to your personal data 

Please let us know about any changes to your personal data to keep our records relevant.  Where we are aware of changes to your data (such as the change of a company name and/or email addresses) we may update our records, but you will be informed of this and can ask us to remove your data from our records if you wish.

   Want to hear more from us?

OM Change & Transformation Ltd

Company number: 09050369. Registered in England.
Fusion Hive, North Shore Road, Stockton-on-Tees, TS18 2NB

MBTI Certified
NEPRO - Accredited Supplier Tetramap