CfGS Privacy policy


As the ‘controllers’ of the information which we hold about you (your ‘personal data’), we are committed to protecting your privacy and are responsible for how your personal information is processed. ‘Processing’ covers most things that can be done with information, including collection, storage, use and destruction of that information.

This Privacy Policy sets out how we treat your personal information, allowing you to make informed choices about the personal information that you provide to us, and explains the rights you have around your information, including your right to access it, and to object to the way in which we process it. Please see Section 10 on ‘Your rights as a data subject’ below.

This Privacy Policy applies to your use of the website, or its replacement or successor URL or otherwise (the ‘Website’) notwithstanding the terms contained on any other website.  Please read this Privacy Policy carefully before you start to use the Website. If you have any questions or issues, please contact us.  This Privacy Policy supplements and must be read in conjunction with our Terms of Use. By accessing and using the Website and submitting any personal information to us via the Website you will be taken to have read and understood this Privacy Policy.

This Privacy Policy also covers all other processing of your personal information that we carry out, not related to the Website.

We may make changes to this Privacy Policy at any time and such changes will be posted on this. Therefore, you should check this Privacy Policy regularly.

For the purposes of the Data Protection Act 2018 (the “Act”), the data controller is the Centre for Governance and Scrutiny Limited of 77 Mansell Street, London E1 8AN – 020 3866 5100 –


Personal information means any data from which you can be identified (including information such as your name and email address) and information which is about you.

‘Special categories’ of data is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can lawfully be processed.

All personal information that we obtain about you will be dealt with in accordance with the provisions of this Privacy Policy and the Act.


If you request information from us, register for events organised by us, or sign up to our newsletter, we ask you for your contact information, for example your name and email address. If we employ you, or work with you in any other capacity, we will collect relevant personal information to be able to effectively manage our relationship with you.

We may collect and process the following data about you:

  • information you provide when requesting or registering including your name, email address, job title and any updated information you provide from time to time;
  • additional information we may request from you from time to time either by contacting you directly or through the Website, although there will be no obligation on you to provide this additional information;
  • details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own purposes or otherwise and the resources that you access.

We may collect information from your computer and browser including your IP address and cookies information. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.  Please see Section 9 below for more information.

If you provide us with information about another person you confirm that they have appointed you to act for them, and if consent is required for the processing of their personal information that they have given that consent, and that you have informed them of our identity and the purposes (as set out below) for which their personal information will be processed.


We use personal information held about you in the following main ways:

  • to provide you with information on our services, courses, events and issues that we believe you will find useful;
  • to contact you to request feedback on training, events and/or consultancy services provided; 
  • so that we can administer and support the Website and your use of the Website;
  • to contact you by email from time to time, in order to ask for your views on the Website and/or any of the content on the Website;
  • to notify you occasionally about important changes or developments to the Website;
  • for assessment and analysis to enable us to review, develop and improve the Website and the services we offer;
  • to manage our relationship with you and/or
  • for other purposes to which you have given your consent, or we have an alternative legal basis for, as explained in the table below.


Legal basis for processing

Operating, maintaining and improving our website

This is necessary for our legitimate interest to ensure the smooth functioning of our website and its continuous improvement

Providing you with information you have requested

This is necessary to fulfil our legitimate interest of providing you with the information you have requested.

Providing you with information on our services, courses, events and issues that we believe you will find useful

This is based on our legitimate interest of expanding our business

Employee performance management.

This is necessary for the fulfilment of the employment contract between CfGS and each employee.


This is necessary for the fulfilment of the employment contract between CfGS and each employee. We also have a legal duty to comply with HMRC requirements.

Accident reporting

This is necessary to fulfil our legal duty to record accidents and to report serious incidents to the Health & Safety Executive, under RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations)



We do not sell, trade or rent your information to other parties unless we have first obtained your consent. If you do give us permission, we will only share information with organisations we have carefully selected and believe to be reputable. We may provide statistics about our customer sales, traffic patterns and related site information to third parties, but we will not supply any personal information that would enable you to be identified.

Except in very specific circumstances, we do not disclose any of your information to other parties. In this respect we may need to share your information with our service providers and agents, and bodies such as HMRC in relation to employees, for the above purposes in Section 4.

Otherwise, we reserve the right to give your personal information to a third party without your consent where we believe that such disclosure is (i) required by law or (ii) necessary to assist in the prevention or detection of any criminal action (including fraud) or (iii) is in the overriding public interest and is permitted by law.

Some of our systems may include the transfer of your personal data to other countries, including the use of marketing databases. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK.


We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to seek to safeguard the information you provide to us.

However, owing to the nature of the internet we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information while you are using the Website and the internet.


We will keep and use the personal information for as long as you have requested or registered to receive information, and for up to 5 years afterwards, in order to deal with any consequent queries or complaints you may have. We may retain the personal information for longer than this if there is a legal reason or requirement to keep the information for longer, for example if it is relevant to any current legal proceedings.

Information about employees is kept for up to 7 years after they leave CfGS.  Information on other people we work with such as consultants are kept for up to 5 years after they last carry out work for us.

Details of how long we keep personal data in all circumstances are contained in our Data Retention Policy, within which there is a schedule of destruction dates.


Please read carefully our Terms of Use as they also apply to this Privacy Policy in relation to the Website.


As set out in Section 3 above, we may collect information about your computer, including where available your IP address (which is a unique identifier of the user’s computer or other access device), operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer.  Cookies are small files stored in your computer’s hard drive by your web browser. When you access the Website, if you have enabled cookies, our computer server will access these cookies so that it can recognise your computer. These cookies help us to improve the Website and deliver a better and more personalised service. They enable us:

  • to estimate our audience size and usage pattern;
  • to store information about your preferences, and so allow us to customise the Website according to your individual interests;
  • to speed up your searches; and
  • to recognise you when you return to the Website.

When you first access the sites, we will give you the option to choose not to receive cookies, or to allow you to be prompted every time a cookie is sent to you.  Most web browsers automatically accept cookies, and you can change your cookie settings at any time. Please note that in a few cases some features of the Website may not function if you remove cookies from your browser.

Please note that external sites including social media sites linked from the Website may also use cookies, and you should check carefully with these external sites what information is being collected using cookies.


As a ‘data subject’ (someone whose information we hold), you have the following legal rights in relation to your personal information processed by us:

  • To be informed about how your information is handled, which we do through this Privacy Policy;
  • To gain access to your personal information;
  • To have errors or inaccuracies in your information changed;
  • To have your personal information erased, in limited circumstances;
  • To object to the processing of your personal information for marketing purposes or when the processing is based on the public interest or other legitimate interests;
  • To restrict the processing of your personal information, in limited circumstances;
  • To obtain a copy of some of your information in a commonly used electronic form, in limited circumstances;
  • Rights around how you are affected by any profiling or automated decisions;
  • If we are relying on your consent to process your data, you may withdraw your consent at any time.

You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your information. You can contact the ICO via their website or by calling their helpline on 0303 123 1113.

If you have any queries about how we use your information, or you wish to exercise any of your rights, you can contact us by emailing, or by writing to us at the Centre for Governance and Scrutiny, 77 Mansell Street London E1 8AN, or by calling 020 3866 5100. 



Last updated November 2018