Your personal information will be held by TCC, registered as The Consulting Consortium Ltd, for the purpose of the EU General Data Protection Regulation (GDPR).

TCC is the Controller of personal data relating to the professional individuals within its client or prospective client firms, for the purposes of relationship management, marketing and business development. This statement relates to this data only.

Personal Data We Collect

TCC collects your personal data, including information provided in various ways. Some of this data is gained directly from you, including:

  • In emails, during telephone calls and conversations, from business cards, when registering for services, when participating in surveys and webinars, and when using TCC’s websites.

Some personal data may also be gained indirectly, such as:

  • Information gained through other organisations (for example LinkedIn) whether or not this is in the course of providing regulatory compliance services to you. Learn more here.
  • Information we gather from your use of, and interaction with, our website and the devices you use to access them, using technology such as cookies.

The data that we collect will depend upon our interactions with you and the privacy settings and features that you choose. The personal data we collect normally includes names, job title, company, IP addresses and contact details such as phone numbers and email addresses. Find out more.

How we use Personal Data

TCC will only process your data where we have a legal basis for doing so. TCC uses the data collected to communicate with you and to offer you our regulatory consultancy services and/or services related to our sister company Record Sure Limited which offers technology systems and services that are complimentary to the services provided by TCC. We will also use your data to improve or maintain the services we offer to you and our website. We will never share your data with any other third party, other than those stated in this policy, nor use your data for any other purpose, unless we firstly gain your consent to do so.

We may use your data for profiling in the context of segmentation and targeting for marketing purposes. We may use personal data such as job title, sector, company and your previous activity on our website or with our marketing communications. This enables us to provide you with information and promotions that are likely to be relevant to you. We may also use data such as your name and job title to personalise communications you receive from TCC and our website.

You have the right to access, rectify, erase, object and restrict the processing of your personal data, with the ability to choose which promotional communications you wish to receive and how you would like to receive them. You also have the right to opt-out of receiving our marketing communications at any time. To manage your subscriptions or personal data, please see the Your Rights section.

Our legal basis for processing personal data

Our legal basis for processing your personal data may rely upon our Legitimate Interest or Legal Obligation. Further information can be found here.

Recipients of Personal Data

TCC shares your data with the following third-party service providers. The data storage and processing systems are protected by access controls, to minimise any risk to the integrity or security of your personal data, and the data is stored in servers in the UK, EU and USA.

  • Salesforce / Pardot
  • Typeform
  • Demio
  • Zapier
  • Microsoft Sharepoint
  • Access Dimensions

TCC will ensure that any third-party processor has adequate data protection measures in place that align with the requirements of the GDPR by conducting periodic due diligence. TCC will not share your data with any third-party processor outside of the UK, EU or USA.

TCC does not sell your personal data or other information to any third-party.

TCC stores personal information on a secure database which is shared with our sister company Record Sure Ltd.

Although data is stored centrally,  communication is generally segmented between the separate companies. Signing up to either mailing list will provide content from the relevant company, and subscribers can opt in or out of the respective mailing lists on an individual basis. However, we may communicate content via email from both companies when we believe the information will be relevant and valuable.

You can opt into the TCC mailing list here to receive our regular newsletter featuring updates on regulatory developments, analysis and insights. In addition, we may send ad hoc emails containing valuable information such as white papers and event invitations.

To subscribe to the Recordsure mailing list, please visit the Recordsure website here.

Where possible we will tailor the content we send subscribers to keep it relevant, for example, if you work in compliance we will try to share compliance specific material with you. You have the right to opt out of content tailored on your profile information by ticking the relevant box on our Preferences page.

Once TCC has received your information we are committed to ensuring we have all necessary technical and organisational controls in place to keep your information secure. In order to prevent unauthorised access or disclosure TCC has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information TCC collects.

Retention period

TCC will only keep your personal data for as long as necessary for the purposes for which it was gained. Personal data will be retained for the purposes of direct marketing, relationship management and business development, or where we have another legal basis for processing (such as your consent or a contract with you). TCC will review the personal data we hold on you every 12 months to check for accuracy and relevancy and to ensure that we continue to have a legal basis for processing. If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, in line with our GDPR Policy. If your data becomes inaccurate, we will update it accordingly.

The exception is information collected from surveys, feedback and questionnaires, which are held only for the duration of its usefulness i.e. the duration of a campaign. The data is then anonymised and retained for internal evidential purposes, or deleted.


TCC will be more than happy to help you should you have any complaints about the processing of your personal data. Under the GDPR, you have the right to lodge a complaint with the Supervisory Authority, the Information Commissioner’s Office (ICO), who are the national authority responsible for the protection of personal data. A complaint can be made to the ICO via their website: or through their helpline: 0303 123 1113.

Are you a future/current employee or associate/contractor?

If so, you should read our other privacy statements that relate to the processing of your personal data for the purposes of human resource management and processing of job applications.

Privacy Statement: TCC Employees

Privacy Statement: Associates/Contractors 

Changes to this Privacy Statement

We reserve the right to change this statement. Changes will be published on our website and previous versions will continue to be available here. We will notify you of any material changes to this statement via email (where possible) but recommend that you also check this statement regularly, so that you are informed of any changes.


Version 4.0 | 21st June 2019