top of page

Privacy Policy

Last updated: 04/12/25

This policy explains how Sampson ISO Audit & Consult Ltd ("I", "me", "my") collects, uses, and protects your personal data when you use this website or engage my services.

I take data protection seriously—both because UK law requires it and because advising others on governance would ring hollow if I didn't apply the same rigour to my own practice.

Who I am

Sampson ISO Audit & Consult Ltd Company number: 16402872 Registered address: Branch House, 31-33 Branch Road, Batley, England, WF17 5SB Email: dan@sampsoniso.co.uk

 

For the purposes of UK data protection law, I am the data controller.

What data I collect

When you contact me

If you use the contact form or email me directly, I collect:

  • Name
     

  • Email address
     

  • Company name
     

  • Your role
     

  • Company size
     

  • Details of your enquiry
     

When you book a scoping call

 

If you book a call via my scheduling tool, I collect:
 

  • Name
     

  • Email address
     

  • Any information you provide in the booking notes
     

When you browse the website
 

I collect standard analytics data including:
 

  • Pages visited
     

  • Time on site
     

  • Referring website
     

  • Device and browser type
     

  • Approximate location (country/city level)
     

This data is collected via cookies—see my Cookie Policy for details.

How I use your data

I use your personal data to:
 

  • Respond to your enquiry
     

  • Arrange and conduct scoping calls
     

  • Send proposals and engagement documentation
     

  • Deliver consulting and audit services if you become a client
     

  • Improve the website based on usage patterns
     

  • Comply with legal obligations
     

I do not use your data for marketing unless you explicitly opt in. I do not sell or share your data with third parties for their marketing purposes.

Legal basis for processing

Under UK GDPR, I process your data on the following bases:
 

Legitimate interests — Responding to enquiries, improving the website, and running my business. I've assessed that these interests don't override your privacy rights.
 

Contract — If you become a client, processing your data is necessary to deliver the services we've agreed.
 

Legal obligation — Retaining certain records for tax, accounting, and regulatory purposes.
 

Consent — Where I rely on consent (e.g., optional marketing), you can withdraw it at any time by emailing dan@sampsoniso.co.uk.

Who I share data with

I may share your data with:
 

  • Website platform — Wix.com for hosting and form submissions
     

  • Scheduling tools — For booking calls
     

  • Email provider — For correspondence
     

  • Analytics — Google Analytics for website usage data
     

  • Accountant — For invoicing and tax compliance
     

  • Legal or regulatory bodies — If required by law
     

I do not share your data with other third parties unless necessary to deliver services you've requested.

Where your data is stored

Your data is stored in the UK and European Economic Area where possible. Some service providers (e.g., Wix, Google) may transfer data to the United States under appropriate safeguards including Standard Contractual Clauses.

How long I keep your data

  • Enquiries that don't proceed — Deleted after 12 months
     

  • Client records — Retained for 7 years after engagement ends (tax and legal requirements)
     

  • Analytics data — Retained for 26 months

Your rights 

Under UK data protection law, you have the right to:
 

  • Access — Request a copy of the data I hold about you
     

  • Rectification — Ask me to correct inaccurate data
     

  • Erasure — Ask me to delete your data (where legally permitted)
     

  • Restriction — Ask me to limit how I use your data
     

  • Portability — Request your data in a machine-readable format
     

  • Object — Object to processing based on legitimate interests
     

  • Withdraw consent — Where processing is based on consent
     

To exercise any of these rights, email dan@sampsoniso.co.uk. I will respond within one month.
 

If you're unhappy with how I've handled your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Security

  • I take reasonable technical and organisational measures to protect your data, including:

  • Encrypted email and file storage
     

  • Strong passwords and two-factor authentication
     

  • Limited access (I'm a sole practitioner—only I access client data)
     

  • Regular review of security practices

Changes to this policy

I may update this policy from time to time. Significant changes will be noted on this page with an updated date. For material changes affecting existing clients, I'll notify you directly.

Contact

Questions about this policy or your data:

Email: dan@sampsoniso.co.uk

Sampson ISO Audit & Consult Ltd Branch House, 31-33 Branch Road, Batley, England, WF17 5SB

bottom of page