Privacy Notice

Sicsic Advisory Ltd takes your data privacy seriously.  We are a strategic regulatory and risk consultancy based on London and registered in England as a Limited Company under number 11952418.

To provide you with our services, we collect and use personal data which means that we are a ‘Data Controller’ and we are responsible for and committed to protecting your privacy and complying with Data Protection Laws including the UK General Data Protection Regulations (UK GDPR), Data Protection Act 2018 and any subsequent laws or regulations that may apply.

In this Privacy Notice, we want to inform you about what information we collect, how we protect and use it and what rights individuals have in relation to the collection and processing of their personal data.

Our Contact Details:
Sicsic Advisory Ltd

6 Bevis Marks




If you have any questions in respect of this Privacy Notice or how we manage and protect your personal data, please contact Sicsic Advisory Ltd, using the contact details above.


Whose personal data do we collect and process?

We collect personal data in relation to our potential or existing clients, employees, associates, contractors, and suppliers and often the employees and customers of our clients where it is necessary in the course of delivering our services.


What personal data do we collect and process?

We collect the following types of data:

  • General contact details such as, name, address, email address, telephone number
  • Business activities and job titles of the person whose information we are processing
  • Details of products and services provided to you
  • Financial Details – such as credit history or payment or bank details
  • For recruitment and onboarding of employees, associates and contractors: Employment, qualifications and education history including references
  • Information obtained through our use of cookies (please see our Cookie Policy)
  • Your marketing preferences
  • Contact details, job descriptions and general communications if you are a designated point of contact or attend training on behalf of our client.
  • Contact details and additional information related to any services we provide where we act as a data processor for our clients.

We act as a Data Processor where we collect, store or process personal data relating to employees or customers of our clients, in the course of delivering our services to them.   In those circumstances, that company (our client) is the data controller and we process any personal data on their behalf and only upon their instructions.  A copy of our Data Processor Agreement is available on request.


Special Categories of Personal Data that we collect

We do not routinely request or seek special categories of personal data.


How we collect your information

In most cases we collect your data directly from you.  We collect data and process it when you:

  • Complete an online ‘contact us’ form
  • Meet with us to discuss our services
  • Provide information requested during the course of negotiating, agreeing and delivering our services
  • Speak to us on the telephone to discuss or use our services
  • Email or write to us to enquire about or use our services
  • In relation to employment with us:
    • Send us a CV
    • Provide Information in relation to an associate, contractor or employment contract with us.

We also receive your data indirectly from the following sources:

  • Social Media Sites including LinkedIn
  • Public sources – demographic data, Market Research
  • Credit Agencies and publicly available company data sources such as Companies House
  • From Clients if you are nominated as a designated point of contact or training attendee by your organisation
  • Recommended referrals from existing clients and associates.

Please remember: Where you provide any of this information relating to or on behalf of another individual such as an employee, referral or designated contact, you must remember to ensure that you have the consent of the individual and provide them with a copy of your organisations privacy notice and this one if required.


Why we do we collect your information?

Where we collect and process personal data, we identify both the purpose and legal basis for doing so. There are 6 possible legal bases which are:

Consent – Where we have consent from the individual to the processing of his or her personal data for one or more specific purpose

Contract – Where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

Legal Obligation – The processing is necessary for compliance with a legal obligation to which we are subject

Vital Interests – Where the processing is necessary in order to protect the vital interests of the data subject or another natural person

Public Interest – Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Legitimate Interests – Where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal date, in particular where the data subject is a child.

Our purpose and legal basis for the information we collect, and process allows us to:

Our Purpose for Processing Our Lawful basis
To understand your requirements prior to entering into a contract of service or consultancy The processing is necessary for the performance of an anticipated contract
To understand your requirements to ensure that any contract of service or consultancy meets our client’s needs The processing is necessary for the performance of a contract
To fulfil our contract with clients and provide the agreed services therein The processing is necessary for the performance of our contract
To manage our business operations and comply with any internal policies and procedures It is in our legitimate interests to use personal information to ensure that we provide and adapt our services
To notify clients, associates and contractors about new projects or changes to our service It is in our legitimate interests to use personal information to keep clients, associates and contractors informed about any changes that may affect them
To connect with potential client’s associates and contractors on a one to one basis It is in our legitimate interests to contact, meet or connect with new clients, associates or contractors referred to us.
For Marketing of similar services to existing clients It is in our legitimate interests to use personal information for marketing purposes where the services being marketed are similar to those which you have enquired about previously and relevant to you.
For electronic Marketing of services to new clients via personal business email addresses It is in our legitimate interests to use personal business email addresses for marketing purposes where we can support individual’s rights
For electronic Marketing of services to new clients We rely on consent for direct marketing to previously unknown individuals
To comply with our legal obligations, law enforcement, court and regulatory bodies requirements To comply with our legal obligations
To identify and prevent fraud It is in our legitimate interests to act as a responsible business
To decide whether to enter into an employee, contractor or associate contract The processing is necessary when considering a contract
To carry out background and reference checks in relation to recruitment and onboarding of employees, contractors or associates The processing is necessary when considering a contract
To communicate with you about a potential or existing contract The processing is necessary for the performance and compliance with any contract of employment
To manage payroll and employment services for existing employees The processing is necessary for the performance and compliance with any contract of employment
To contact potential associates and contractors in relation to upcoming or potential projects Where we contact potential associates or contractors in relation to upcoming and potential projects we rely on consent to do so.

Where we rely on your consent you have the right to withdraw this consent at any time by contacting our Data Protection Officer.


Legitimate Interests – Where the processing of personal data is based on our Legitimate Interests, it is to improve on our service, security and prevent fraud or illegal activity in favour of the wellbeing of our customers, employees and shareholders.


Direct Marketing

We may send you details of similar services to those you have enquired about or purchased from us previously.   You can opt out of receiving this information from us at any time by contacting us at the above address or clicking ‘unsubscribe’ on any messages you may receive.

We will never share or sell your information to any other party for marketing purposes.


Who do we share your information with?

From time to time we may share your personal information with the following third parties for the purposes set out above:

  • Our Associates, Contractors and Partners who process data on our behalf
  • Our Associate, Employee and Contractor data is shared with our existing or potential clients when negotiating a potential service agreement.
  • Our Accountant or Payment Service Providers
  • Regulators and Governing bodies, Lawyers and other Professional Services
  • Software and Cloud storage providers
  • Fraud detection Agencies
  • Police and Law Enforcement agencies where reasonably necessary for the prevention or detection of crime
  • Our Clients where we are delivering services on their behalf as a data processor
  • Regulators and governing bodies such as HMRC in respect of employment & Payroll data
  • Selected Third Parties in connection with any future sale, transfer or disposal of our business


International data transfers

We do not process personal data outside of the UK, however with today’s modern technology including Cloud Storage and software, some recipients of your personal data can be located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country.
Where this is the case, we make sure that additional safeguards are in place such as ensuring that those countries have a decision of adequacy under the Data Protection Act 2018 or have entered into standard contract clauses to support the protection of your data.


Automated decision-making or Profiling

We do not process personal data for automated decision making or profiling.


How long do we keep personal data for?

We will retain personal data in accordance with legal and regulatory requirements and for no longer than is necessary to fulfil the purposes set out in this privacy policy.  We maintain and review a detailed retention policy which documents how long we will hold different types of data.  The time period will depend on the purpose for which we collected the information and is never on an indefinite basis.  Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for tax, accounting or auditing purposes).

The following details the criteria used to establish the retention period set out within our policy:


Where it is still necessary for the provision of our Services

This includes the duration of any contract for services we have with you and for a period of 7 years after the end of any contract with a view to maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records.  Most of our retention periods are determined on the basis of this general rule.


Where required by Statutory, contractual or other similar obligations

Corresponding storage obligations may arise, for example, from laws or regulation. It may also be necessary to store personal data regarding pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.  Where this is the case will retain the data in accordance with our obligations.


Your Rights as a data subject

As a data subject, you have rights in relation to your personal data.  These are:

The Right to Access – You have the right to request details of personal information held or processed and to copies of this data.  We do not usually charge for this service.

The Right to Rectification – You have the right to request that any information be corrected that you believe is inaccurate or to complete any information that you believe is incomplete.

The Right to Erasure – You have the right to request that we erase your personal information under certain conditions.

The Right to Restrict Processing – You have the right to request that we restrict the processing of your personal data under certain circumstances.

The Right to Object to Processing – You have the right to object to our processing of your data, under certain conditions.

The Right to Data Portability – You have the right to request that we transfer the data that we have collected to another organisation or directly to you, under certain conditions.

You also have the Right to Withdraw Consent where you have previously provided this at any time.

To exercise any of these rights, or if you have a complaint please contact Sicsic Advisory Ltd using the contact details at the beginning of this notice.

You also have the right to complain to the Supervisory Authority.  In the UK, where you wish to report a complaint or feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office at:

Information Commissioners Office

Wycliffe House

Water Lane





Helpline: 0303 123 1113


Contractual Obligations and Consequences

In some circumstances, the provision of personal data is partly required by law (for example, tax regulations, employment and legal obligations) or can also result from contractual provisions.  This means that it may sometimes be necessary to conclude or fulfil a contract, that the personal data be provided.  In those circumstances where the data is not provided or where certain rights are exercised, (Erasure, Object) there is a possible consequence that the contract could not be fulfilled or concluded and may be cancelled.


Cookies & similar technologies

When you visit our Website, we use cookies and similar technologies to provide you with a better, faster and safer user experience or to show you personalised advertising. Cookies are small text files that are automatically created by your browser and stored on your device when you visit or use the Website. For full information on our use of cookies and how to manage them, please see our Cookie Policy.

To learn more about how to manage your browser cookie settings in general please see

Remember: When clicking on external links via our website or when you find us via social media platforms, you are visiting or redirected to the domains of those websites.  We have no control over the privacy settings on these websites or the cookies they set, so please bear in mind that you should set your preferences in line with their own policies and cookie controls separately.


Data security

We aim to protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration.

We store customer records in cloud-based services and data centres which have controlled and restricted access.  We also operate internal policies and procedures detailing physical security, cloud storage security monitoring, access control, anti-virus and malware protections, and password security measures.


Changes to our Privacy Notice

All businesses change from time to time. At Sicsic Advisory Ltd, we keep our Privacy Notice under regular review.

This Privacy Notice was last updated on 15th of August 2023.