Privacy Collection Notice – Contact Us Form

Effective from 2 August 2018

Important Notice. This Notice is provided in connection with the European Privacy Law, General Data Protection Regulation (EU) 2016/697 (“GDPR”) and only applies to individuals who can enforce that law.

Respecting your Privacy

Our Privacy Policy sets out the details of how we use, process, transfer and disclose personal data.  We encourage you to read it.  The notice sets out the essential details that apply to the personal data that we are collecting from you at the moment.

Who is Processing your Personal Data

The controllers for this personal data are the relevant Gordian company that are providing you with the service that you are entering into a contract with: Gordian GDPR Representative Limited for Representative Services (a UK company); Gordian Services Limited for Data Protection Office Services (a UK company) or Gordian Services Pty Ltd for Australian-based training services (an Australian company).

How we are using it

We are collecting the personal data that you provide to us by submitting the form, which we will use for the primary purpose of dealing with the enquiry or request that you are submitting through the Contact Us webpage.

We collect this information using the lawful purpose of our legitimate interest in responding to your enquiry.  We will also have a legitimate interest in using it for the other internal administrative purposes set out in our Privacy Policy.

What we do with it

Gordian GDRP Representative Limited for Representative Services or Gordian Services Limited for Data Protection Office Services will process your personal data in the EU, and/or may authorise other Gordian companies, and their contractors, to process your personal data in Australia, the EU or the United States.  Gordian Services Limited will process your personal data in Australia or the EU and may authorise other Gordian companies, and their contractors, to process your personal data in Australia, the EU or the United States.  Where your personal data is transferred outside of the EU it will be transferred in accordance with legal requirements, and we will use contractors who have represented to us that they comply with GDPR standards, are subject to US Privacy Shield protections or are bound by EU approved Model Clauses or clauses that reflect Article 30 of GDPR.  Accordingly we believe that, although some of the recipients are not subject to GDPR itself, they are reputable companies who have committed to the principles of privacy protection set out in GDPR, and your personal data should be respected accordingly.  The primary third party processors for Gordian companies that are subject to GDPR are Citrix (document management), Xero (accounting and payroll), Stripe (payments), WordPress (website) and Mail Chimp (email marketing).  By agreeing to this Privacy Collection Notice and submitting your information to us, you give us your explicit consent to make these transfers.

How long we keep it

We keep your personal data whilst we have an on-going relationship with you, for a reasonable period afterwards (but not longer than 3 years for this reason) and for any additional period that we are required to do so under the law of the jurisdiction in which the personal data is kept.  After this period, your personal data will be irreversibly destroyed.

What are your rights?

You have the following rights under the GDPR (although certain limitations or exceptions may apply under that law), including the right to:

  • know what personal data we hold on you;
  • have any of your personal data erased, rectified or supplemented where it is unnecessary, inaccurate, out of date or incomplete;
  • object to the processing of your personal data;
  • require us to suspend processing your personal data for a period of investigation, and/or stop processing your personal data where the process is unlawful, if you contest:
    • the accuracy of your personal data;
    • whether your personal data is not being processed lawfully;
    • whether our legitimate grounds for processing override yours;
    • whether there is any need for us to continue to process it;
  • where our lawful basis of process is having obtained your consent, you may require us to stop processing your personal data at any time;
  • the right to require us to stop direct marketing to you (there is no exception to this right); and
  • have a copy of your personal data for the portability purposes.

In situations where our processing is unlawful and you oppose the erasure of the personal data you may request the restriction of the use instead.

To exercise any of these rights or if you want to contact us for any other reason, please contact us through the Contact Us web form on our website, using the title “DATA SUBJECT RIGHTS REQUEST”.

In the event that you wish to complain about how we have handled your personal data, please contact The Privacy Officer at or in writing at 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom. Our Privacy Officer will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact:

  • For complaints under GDPR: the Information Commissioner Office and file a complaint with them: Tel: + 44 (0)303 123 1113 or Website
  • For complaints under Australian Privacy Law: the Office of the Australian Information Commissioner: Tel: 1 300 363 992 or Website