GDPR Data Audit & Compliance

GDPR Data Audit and Compliance.

The data controller for Hamilton Wood & Company is Simon Dodd MD.

Please use this webform to contact our MD - click here.

Processing Data

Hamilton Wood & Company keeps a database of all UK limited companies where this data exists and is freely available in the public domain.

We are registered with the Information Commissioners Office Registration Reference ZA351835.

For the purposes of compliance with GDPR and the Information Commissioners guidelines, we store, edit and process data for the purposes of a ‘legitimate business interest’ (LBI) and we understand the importance of protecting individuals personal interests.

We define our LBI as that of making contact with registered UK directors and their employees by association, for the purpose of introducing products and services that can serve to help their company. In other words, we gather and store data for our own commercial interests.

Processing data with regards to this LBI is important due to contacts employees and company information changing and evolving over time, and it is important any data we hold is accurate and as up-to-date as possible so that we only liaise and engage with active representatives of our current client database in addition to our prospective clients.

We use third-party software to help support our company.

We use Google Analytics which tracks your personal data and browsing habits via cookies. You can access Google Analytics data privacy and security information by following this link:

We use a secure email solution and do from time to time market to our database of contacts. Any requests to be removed from our data lists are honoured quickly.

Removal of Personal Data

We work hard to uphold your individual rights and you have the right to be removed from our secure database of contacts.

However, there may be a delay in removing your data in certain circumstances where there is a legitimate business interest e.g. for the prevention or remedy of crime, whilst working to resolve a client or prospective client grievance or for any other matter where the management team deems that a delay in meeting your request is necessary. If we need to delay removing your details and the data we hold on you for any reason we may take legal advice to determine our position before responding to a request to remove your data.

In most cases, where there are no reasons to object to the removal of your data, we will complete this task within 24hours of becoming aware of the request.

We only use individuals data in ways that they would reasonably expect for the purposes of conducting our day-to-day business.

Data Sharing

All data is stored in a secure, cloud-based customer relationship management platform (Hubspot). Only authorised employees can gain access to this data and all staff are trained on data protection.

All relevant or commercially sensitive data kept on local machines is encrypted using the opensource military grade encryption tool ‘Veracrypt’ and is therefore inaccessible and unusable should unauthorised individuals try to access it.


Using our websites webforms to request that we contact you, this grants us permission to use and to store your personal and company details as you’d expect for us to be able to honour your contact request.

Your right to have your details removed after we have processed your request remains in force.

Data Retention

We may keep data on our systems until such time either a request to remove it has been received or the data is found to be inaccurate or obsolete.

Complaints Policy

Automated Data Handling

We may use tools to automate marketing and customer service related communications. You have the right to opt-out of these types of communications, however, this may impact service delivery and we will not be held accountable for any service disruption that occurs as a result of a such a request.

You Have the Following Data Rights:

  • subject access right (SAR) – You have the right to request access to the data we hold on you.
  • right to have inaccuracies corrected
  • right to have information erased
  • right to prevent direct marketing
  • right to prevent automated decision-making and profiling
  • right to data portability

Subject Access Right and Timeframe

We will not charge you for a copy of the data we hold on you.

We will respond to any access requests within 30 days from the date we receive the request.

Security Breaches

In the unlikely event of a data breach, we will notify the ICO without any undue delay.

We define a data breach as either being the victim of a malicious hack which compromises the security and safety of our data or, an unauthorised individual or collection of individuals gaining access to private data without the consent of Hamilton Wood & Company.