Nash Management Consultancy Ltd.
Acheive new goals in customer satisfaction
Privacy policy - GDPR

Definitions and interpretation:

GDPR: The general data protection regulation is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

Customer data: Means personal data relating to customers of NMC and users of its website(s).

Data protection laws: Means all applicable statuses, laws, secondary legislation or regulations or codes of practice pertaining to privacy, confidentiality and/ or the protection of personal data or corporate data, including, without limitation, the Data Protection Act 1998.

Personal data: Means any data or information as defined under data protection laws which relates to an individual.

1. General

NMC gathers information and data in the following areas:
  • • Staff administration.
  • • Advertising, marketing, and public relations.
  • • Accounts and records.
  • • Administration of membership records.
  • • Advertising, marketing, and public relations for others.
  • • Consultancy and advisory services.
  • • Education.
  • • Information and databank administration.
  • • Research.
  • • Trade shows/ exhibitions
If NMC needs to collect data for any purpose other than stated above, we will notify the Information Commissioner before collecting that data.

2. How we keep your data safe

NMC Ltd will always be respective of people’s personal data. Therefore, we take steps to ensure that we are transparent when clarifying how we collect, use and store your data. We also ensure that any third party we deal with has policies that are in line with our standards in the case that the data we retain would be passed on to any third party.

2.1 The eight data protection principles

Whenever collecting information about people NMC ltd agrees to apply the eight Data Protection principles:
  • 1. Personal data will be processed fairly and lawfully.
  • 2. Personal data will be obtained only for the purpose specified.
  • 3. Data should be adequate, relevant, and not excessive for the purposes specified.
  • 4. Data to be accurate and kept up-to-date.
  • 5. Data should not be kept for longer than is necessary for purpose.
  • 6. Data processed in accordance with the rights of data subjects under the data protection act.
  • 7. Security: appropriate technical and organisational measures should be taken unauthorized or unlawful processing of personal data and against accidental loss or destruction or damage to personal data.
  • 8. Personal data shall not be transferred outside the EEA unless that country or territory ensures an adequate level of data protection.

2.2 How we use your Data

  • • To provide, maintain and improve our products and services
  • • To process transactions and to send you relevant information including confirmations and invoices
  • • To send you technical notices, updates, security alerts, support and administrative messages
  • • To respond to your comments, questions, requests and to provide customer service
  • • To communicate with you about products, services, offers, promotions, rewards and events offered by NMC ltd and others with your prior consent and provide news and information we think will be of interest to you
  • • To monitor and analyse trends, usage and activities in connection with our products and services

2.3 Lawful Basis for using the Data

To abide by data protection laws, we need a ‘lawful basis’ for collecting and using your data. The following outlines the laws in which we will justify our collection and use of your data within NMC ltd:
  • • Contract – using your information will be necessary for us to either perform the contract between us or in order take steps at your request prior to entering the contract
  • • Legal compliance – using your information will be necessary for us to comply with a legal or regulatory obligation which is placed on NMC ltd
  • • Legitimate interest – using your information will be necessary for our legitimate commercial interest and our interest is not outweighed by the potential impact on your privacy. For example, we rely on legitimate interest as our lawful basis to send you marketing information. If you would prefer not receive marketing information from us, please email us at
  • • Consent – it is possible that you may give us your consent to use your information for a particular purpose.

2.4 How we Share your Data

We may share information about you as follows or as otherwise described in this Privacy Policy:
  • • In response to a request for information if we are required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security or other public authorities
  • • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company
  • • To our nominated third party carriers to enable them to deliver your order and to contact you if there is a problem with delivery for example telephone, name and address only

2.5 Complying with Data Protection Laws

To comply with data protection laws, we ensure that we abide by the following when considering storing your data:
  • • By using your data lawfully, fairly and in a transparent way
  • • By collecting your data only for valid purposes ensuring that we have clearly explained to you why and how we will use your data
  • • That the data collected will be accurate and kept up to date
  • • By keeping said data for a the required amount of time and the amount of time we have informed you about
  • • That we will take a number of security measures to keep your data safe.

3. Working outside of the company premises

  • • The company keeps note of which staff take work home with them.
  • • Home computers should have records removed once project/work records no longer needed at home.
  • • Staffs agree to try to keep work taken home relatively secure, to return all work related material upon the completion /termination of their contract; and the company should be informed if information has got into wrong hands immediately.

4. Security Statement

NMC has taken measures to guard against unauthorised or unlawful processing of customer data and against accidental loss, destruction, or damage. This includes:

4.1 Passwords and User Accounts

  • • Individual user accounts – requiring passwords – in place for all systems containing customer data.
  • • Measure to ensure passwords are robust. These include controls to ensure that passwords can only be set in accordance with policy and use of password-cracking software on a risk-based approach.

4.2 Monitoring Access to Customer Data

  • • Risk-based, proactive monitoring of staff’s access to customer data to ensure it is being accessed and/ or updated for a genuine business reason.
  • • The use of software to spot suspicious activity by employees with access to customer data. The software is tailored to NMC’s business profile.

4.3 Data Back-Up

  • • NMC conducts a proper risk assessment of threats to data security arising from the data back-up process – from the point that back-up tapes are produced, through the transit process to the ultimate place of storage.
  • • Backed-up data that is held off-site, including while in transit, is encrypted.
  • • A regular review of the level of encryption to ensure it remains appropriate to the current risk environment.
  • • Staffs with responsibility for holding backed-up data off-site are given assistance to do so securely.
  • • NMC conducts spot checks to ensure that data held off-site is held in accordance with accepted policies and procedures.

4.4 Laptops

  • • The encryption of laptops and other portable devices containing personal data.
  • • Controls that mitigate the risk of employees failing to follow policies and procedures e.g. lost or stolen laptops.
  • • Maintaining an accurate register of laptops issued to staff.
  • • The wiping of shared laptops’ hard drives between uses.

4.5 Portable Media Including USB Devices and CD’s

  • • NMC ensure that only staff with a genuine business need can download personal data to portable media such as USB decides and CD’s.
  • • NMC ensures that staff authorised to hold personal data on portable media can only do so if it is encrypted.
  • • Maintaining an accurate register of portable devices issued to staff.
  • • Automatic encryption of portable media attached to NMC’s computers.

4.6 Physical Security

  • • Appropriately restricted access to areas where large amounts of personal data are accessible.
  • • Using robust intruder deterrents such as alarm systems and shuttered windows.
  • • Robust procedure for logging visitors and ensuring adequate supervision of them while on-site.
  • • Training and awareness programmes for staff to ensure they are fully aware of more basic risks to personal data arising from poor physical security.
  • • An enforced clear-desk policy

4.7 Disposal of Personal Data

  • • Procedures that result in the production of as little paper-based personal data as possible.
  • • All personal data disposed of by employees securely e.g. shredders.
  • • Providing guidance for travelling and home-based staff on the secure disposal of personal data.
  • • Computer hard drives and portable media being properly wiped (using specialist software) or being destroyed as soon as they become obsolete.

4.8 Internal Audit and Compliance Monitoring

  • • NMC will seek external assistance when we do not have the necessary in-house expertise or resources.
  • • Compliance and internal audit conduct specific reviews of data security which cover all relevant areas of the business including IT, security, training and awareness, and governance.
  • • NMC uses expertise from across the business to help with the more technical aspects of data security ad compliance monitoring.

4.9 How we use Cookies

Cookies help us provide you with a better website by allowing us to report on the pages and their activity. A cookie cannot give us access to any of your personal data.

You have the ability to decline cookies by changing the settings on your browser but this may prevent you from taking full advantage of the website. You can also consult or destroy cookies if you wish, since they are stored on your hard disk.

The uses of Cookies within our website are as follows:
  • • Overall, to improve our services
  • • To provide you with advertising tailored to your interests

4.10 Links

If you follow a link from our website to a third party website, NMC ltd will not be held liable for misuse of your personal data as you will be subject to the terms of said third party website.

5. Your rights & subject access request

According to the Data Protection Act of January 6th 1978 and the regulation 2016/ 679 of the European parliament and of the council of 27 April 2016 (the ‘regulation’) you obtain the following rights:
  • • The right to be informed
  • • The right of access
  • • The right to rectification
  • • The right to erasure
  • • The right to restrict processing
  • • The right to data portability
  • • The right to object
  • • The right not to be subject to automated decision-making including profiling.
You have the right to access your own personal data and the right to know how this has been processed by the organisation in question. If you would like to access any of the data NMC ltd hold on you, please request this by contacting us in writing with a proof of your identity to:

Nash Management Consultancy
8 Church Square
Leighton Buzzard

You can also contact us via email - or by phone - 01525 372001.

You have the right to lodge a complaint with the Information Commissioner’s Office (the ‘ICO’) if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House Water Lane, Wilmslow, Cheshire, SK9 5AF.