Beyond Compliance is the trading name of Beyond Compliance Limited.

We are committed to protecting your information and privacy.

This notice explains how we use and process personal information collected. It addresses information provided to us:

  • When consulting in connection with provision of legal services.
  • Otherwise as a result of our communications with you or one of our clients.
  • When subscribing to our email updates or other marketing activities.

It sets out how we process personal information or data, with whom we may share it and choices you can make regarding use of information collected. We also describe measures taken to protect security of information provided and how you can contact us about our privacy practices. Please read this Notice carefully to understand our views and practices about why personal information is collected, what we do with it and how we use it.

This Notice does not apply to personal information of staff in connection with employment, which is dealt with by an internal Human Resources privacy notice.


This notice may change from time to time.  Please review it periodically. The last update was September 2019.

Data protection

For Data Protection Act 2018 notification purposes we are registered as a data controller with the Information Commissioners Office (ICO). Our registration details number is ZA553817.

Michaela Hardwick undertakes Data Protection duties in her role as director; she can be contacted at or on 0121 288 5227.

Who we are

Beyond Compliance Limited is a company registered in England and Wales under company number 8234113.

How we collect your personal information

We collect, retain and process personal information to enable us to provide consultancy services:

We may collect personal information in a number of ways, including:

  • Online via our website or social media accounts such as Twitter and LinkedIn
  • In hard copy by fax or post, in person, or over the telephone.
  • Via phone conversations in connection with our services.
  • Through provision of compliance or training services to you.
  • During the course of our dealings with you for or on behalf of a client.
  • When you provide us with information relating to attendance on seminars or other promotional events.
  • When you contact us via our website by filling in a form to register for newsletters, email updates, competitions, seminars, events sponsored by us, or other services.
  • When you contact us with queries, we may keep a record of that correspondence.
  • When you complete surveys for research or quality purposes, although you do not have to respond to them.
  • When we collect your personal data from other third parties, for example from our clients or agents.
  • When we collect publicly available information about you or your business, including through electronic data sources, for example in connecting with anti-money laundering and credit risk reduction.
  • For placement, recruitment and selection purposes.

Personal information collected

The type of information collected depends upon our relationship with you and the context in which we obtain and process your personal data.

Information collected and processed may include details of the following types of information:

  • Contact information (name, address, (including postal and email addresses), telephone and fax numbers and gender identity).
  • Occupational information, (job title, former job titles, organisational associations, professional experience and qualifications, interests and preferences where you advise us of these details in order to provide you with relevant tailored information about our services).
  • Identification documents, including date of birth and photographic identification.
  • Online services in respect of which you have expressed an interest.
  • Other information collected and used in the course of our business, including information provided by our clients concerning employees of our clients or those providing services to our clients.
  • Where necessary and legally permitted, we may also collect sensitive data, such as diversity and health data and details of offences and related proceedings.

What we do with personal information collected

We use the information provided to:

  • Contact you by email, fax, post or phone where you have provided contact details. We may also keep a record of that correspondence.
  • Carry out our obligations arising from any contracts entered into between us.
  • Notify you about changes to our service.
  • Improve our products and services.
  • Maintain internal records, including about cancelled accounts.
  • Ensure good governance, accounting, management and auditing.
  • Provide you with information, products or services which you request from us.
  • Facilitate the provision to you of online or other training services.
  • Send you information, or newsletters and updates which you may find of interest where you have indicated your wish to be contacted for such purposes.
  • To contact you in the course of providing services to our clients.
  • Assist with recruitment and selection process.
  • Convert into anonymised, statistical or aggregated data which can’t be used to identify you but may be used for the purposes of statistics, research reporting and future planning for our business.
  • Where we have other legitimate reasons, such as to enforce our terms of use, or take other action required or permitted by law or for other safety and security reasons.
  • To respond to complaints against us.
  • To ensure content from our website is presented in the most effective manner.

Who we share your information with

In providing our services, we may provide your personal information to staff in our offices or other third parties, such as:

  • To other suppliers, external agencies (including training providers) that we engage on our/your behalf. When we do so, we ensure that they are required to act in accordance with our instructions and keep your personal information secure with an adequate level of protection.
  • To courts, tribunals and other government bodies and relevant regulators in connection with matters relating to provision of our services.
  • To professional indemnity insurers, brokers, auditors and other professional advisers.
  • To our clients in connection with the provision of our services.
  • To other third parties when required by law or other regulatory authority, where we are under a duty to do so to comply with legal or professional obligations (for example to comply with anti-money laundering obligations and counter terrorism measures).
  • To enforce or protect our rights, property or the safety of our directors, staff and clients. (This includes exchanging information with other companies and organisations for the purposes of fraud prevention and detection and credit risk reduction).
  • Any successors in title to our business, or as part of mergers.

The basis on which we process your information

The legal grounds for processing your personal data depend upon the nature of our relationship with you and the context of processing and are as follows:

  • Processing is necessary for the performance of a contract with you, or to take steps prior to entering into a contract with you.
  • Processing is necessary for the purposes of our legitimate interests or those of our clients in the provision of services, except where those interests are overridden by the interests, rights or freedoms of affected individuals. In order to determine this, we shall weigh up a number of factors, including what you were told at the time you provided your data, what your reasonable expectations are, and the nature of the data as well as its impact upon you.
  • Processing is necessary for compliance with mandatory legal obligations to which we are subject.

How long we keep your personal information

We only retain your information for as long as is necessary for the purpose for which it was obtained. This could include compliance with legal obligations (by way of example, in relation to anti money laundering regulations where we are required to keep information for minimum periods). It could also include conducting compliance work as instructed or establishing or defending claims which could be made against us, for example for negligence in the performance of our obligations.

Information collected from you concerning other people

Where you provide personal information to us about other people, we accept it on the understanding that you have made the other person aware about how we will use and disclose their information.


Our services are not aimed at children. Where we are acting in matters involving children, we will explain why their personal data is needed and how it will be used.

Where your personal information will be processed

There may be rare occasions where we need to transfer your personal information to countries outside the European Economic Area, (EEA) which do not provide the same level of data protections as in the UK. For example, in relation to transactions with an international element, or where we need to instruct overseas agents to assist us in performing our services. In these circumstances, we will take steps to ensure that your personal information is adequately protected.


Please see our separate Website Privacy Policy

Access to your information

You have the right to request details of personal information which we hold about you.

If you would like a copy of your personal information, please write to Michaela Hardwick, Beyond Compliance Limited, Suite One, 1 Halesowen Road, Halesowen, West Midlands B62 9AA or email

Other rights

You also have the right to correct or complete information held by us.

If you think any information we have about you is incorrect, incomplete or needs updating please also let us know. We will update any information as soon as possible.

You may also in certain circumstances:

  • Request that we erase the personal data we hold about you.
  • Restrict its processing whilst we continue to hold it.
  • Where we process your data by automated means, ask us to transmit that data to another data controller. If you wish to request this, we will let you know whether this is possible, taking into account compatibility of systems of the other data controller to whom you wish the transfer to be made,
  • Object to processing. If you raise such objection we must stop unless we can demonstrate an overriding legitimate business interest or that such processing is necessary in relation to legal proceedings.
  • To have a decision taken by a human. We are however unlikely to take decisions which have a legal or similarly significant effect on you by automated means.
  • Have a right to be notified of a personal data breach if it results in a high risk to your rights and freedoms.
  • Have the right to withdraw your consent if you have given your consent to our processing of any of your personal data. (Please note that if you withdraw your consent, this will not affect the validity of any processing carried out prior to withdrawal).

These requests are free of charge.

Depending on the nature and extent of your request, we may be unable to continue delivering services to you. In this event, you will remain liable for our charges incurred before the request was made.

Our contact information in connection with the exercise of these rights or other privacy issues is set out below.

If you consider we have breached our obligations in respect of your personal data, you may raise your concerns with us. Alternatively, you can complain to the Information Commissioners Office. Further details can be found at

Security and storage

All information you provide to us in electronic format is stored on secure servers within the United Kingdom.

The internet is a global environment. It can involve transmission of data on an international basis. Transmission of information via the internet or any social media is not completely secure. By using our site and communicating with us electronically, you acknowledge and accept our processing of your personal information in this way.

Although we adopt appropriate technical and organisational measures to protect your personal information, we cannot guarantee its security when sent to this site. Transmission is at your own risk.

Once your information is received by us either in electronic or physical form, we take all reasonable steps necessary to prevent unauthorised access and ensure your information is handled securely and in accordance with this privacy notice. We have put in place suitable electronic, physical and managerial procedures to protect and secure the information collected.

How to contact us

If you have any queries or requests regarding this notice, or our practices concerning your personal data, please contact Michaela Hardwick on 0121 288 5227 or email

We will take reasonable steps to resolve or answer concerns as soon as possible and normally within 30 days.