top of page
Three-Counties-Data-Protection-logo

Privacy Notice

Last Updated 20/06/2026

Who We Are

Three Counties Data Protection ("we", "us") is a sole trader business operated by Liz Sydenham, providing data protection compliance consultancy to small businesses and organisations across Worcestershire, Gloucestershire and Herefordshire. We are registered with the Information Commissioner's Office (ICO) as a data controller, registration number [ICO registration number]. You can contact me at hello@threecountiesdata.co.uk or Three Counties Data Protection, Long Meadow, Uckinghall, Tewkesbury, GL20 6ES.

What Information We Collect

We collect information you provide directly to us, including your name, email address, phone number, and business details when you contact us through our website, by email, or by phone. If you engage us for an audit or other service, we also collect information relevant to that engagement, such as your organisation's data processing practices, documents you share for review, and payment details for invoicing.

If you use our website's contact form, we collect the information you submit. We do not currently use cookies or website analytics beyond what is strictly necessary for the site to function.

Why We Collect It and Our Lawful Basis

We process your information for the following purposes: responding to enquiries and providing quotes (legitimate interests), delivering contracted services such as audits, document drafting and training (performance of a contract), maintaining business records for accounting and tax purposes (legal obligation), and sending you relevant updates if you've asked to hear from us (consent, where applicable). We do not use your information for any purpose beyond what is necessary to provide our services and run our business.

How Long We Keep It

We retain client engagement records, including correspondence and deliverables, for six years after the end of an engagement, in line with our professional and legal obligations. Enquiry details from prospects who do not become clients are retained for six months before deletion.

Who We Share It With

We do not share your information with third parties except where necessary to deliver our services or comply with the law. This may include our cloud storage provider, our accountant for bookkeeping purposes, or our professional indemnity insurer in the event of a claim. We do not sell or rent personal information to anyone.

Keeping Your Information Secure

We use cloud storage with automatic backup and appropriate access controls to protect the information you share with us. Documents shared for audit purposes are handled in accordance with our own data protection obligations as both a controller and processor.

Your Rights

Under UK GDPR, you have the right to access the information we hold about you, request correction of inaccurate information, request deletion in certain circumstances, object to or restrict certain processing, and request a copy of your data in a portable format. To exercise any of these rights, contact us at hello@threecountiesdata.co.uk. You also have the right to complain to the Information Commissioner's Office at ico.org.uk if you believe we have not handled your information correctly.

Changes To This Notice

We may update this notice from time to time. The "last updated" date at the top reflects the most recent revision.

Contact Us

If you have any questions about this notice or how we handle your information, contact Liz Sydenham at hello@threecountiesdata.co.uk or 01684 593072

bottom of page