What personal data we collect and why we collect it

1. Introduction

1.1. Author & Data Controller: Bruce Horton

1.2. Environmental Policy Consulting is a for profit limited company run by Bruce Horton.

1.3. This Data Protection Policy has been prepared to demonstrate how we are meeting the requirements of the General Data Protection Regulations (GDPR) in our routine communications and practice with contacts and clients.

1.4. This policy covers the main activities we undertake in organising the services provided by Environmental Policy Consulting which cover three main areas of work as follows:

  • Accounting and financial dealings with clients purchasing our services
  • Routine, day to day office activities and archive office procedures, contacts and clients
  • Website

These sections are described in more detail below.

1.5. Overall policy

It has been and is our policy to conduct our activities in line with current data protection policies i.e. GDPR. Since we have to subscribe to a high standard of business accounting and the compliance standards imposed by credit card companies this approach extends to our financial transactions with business clients. It is our intention to make our data protection policy and process as transparent as possible.

1.6. Requirements of GDPR: Contact and client (data subjects) rights

We will seek to respond to any inquiries about the new rights under the GDPR including:

  • Your right of access to personal information records
  • Your right to request and be given your Personal Data in machine readable format
  • Your right to request correction of your Personal Data
  • Your right to be forgotten, for your records to be deleted
  • Your right to withdraw your consent for processing at any time
  • The right to complain to the Information Commissioners Office

1.7. Security breach

The transmission of information via the internet is not entirely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data once transferred to us; any transmission is therefore at your own risk.

We will use strict procedures and security features to try to prevent unauthorised access. We will communicate with contacts or clients should we have a security breach.

2. General contact

2.1 Personal data held

For routine mailings using the emailing service, we hold the name, email address, telephone numbers and in some cases organisation details.

It is our policy only to hold the personal data consistent with our current practice e.g. emailing. We will store and process Personal Data only for as long as is reasonably necessary for us to perform the services we are undertaking and to comply with our legal obligations.

2.2. Environmental Policy Consulting does not share or sell personal information about contacts or clients with third parties and outside agencies for the purposes of marketing,  and will not share personal information unless we are required by law to do so, or we specifically obtain our contacts’ or clients’ consent to share their personal information such as name and email to a named third party for a specific, named purpose.

2.3. Risk Assessment

From our understanding of the GDPR regulations the data we hold with regard to our bulk emailing contacts would be a ‘low risk’ in relation to our contacts.

3. Accounting and financial dealings with clients

3.1. Introduction

Environmental Policy Consulting is a limited company. We maintain records of our financial transactions with clients as would any business. These are subject to standard accounting procedures not least the need to retain transaction/account records for seven years.

3.2 Personal Data held

For accounting and financial dealings with clients we transaction history and associated information required to complete financial transactions. We do not use credit card transactions and do not hold any credit card information relating to clients.

4. Routine, day to day office activities and archive office procedures

4.1. Introduction

Our business activities fall into two main categories: routine and day to day contacts with clients and business associates, and archive records that arise from the completion of projects. In this regard we follow procedures that ensure a high level of security on our computing activities as well as offline storage of information in locked cabinets.

The data involved is not used for any other purposes. We will therefore store and process Personal Data only for as long as is reasonably necessary for us to perform the services and activities we are undertaking and to comply with our legal obligations.

In the case of the Environmental Policy Consulting Ltd. ceasing to exist, all Personal Data and archive records will be deleted.

5. Website

5.1  Links to other websites

Our website may contain links to other websites of interest. If you follow a link to any of these websites, please note that we do not have any control over that other websites, which have their own private policies. Therefore, we do not accept any responsibility or liability for the protection and privacy of any information which you provide whilst visiting such sites. You should exercise caution and look at the privacy statement applicable to the website(s) in question.

5.2 Contacting Environmental Policy Consulting Ltd. through the website

If you contact us through our website we will store and manage your personal information in the manner described above (2)

6. Other Questions

Should you have any questions concerning our work and data protection issues please contact the data controller Bruce Horton ( and we will try our best to help.