The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and came into effect on 25 May 2018.

At MDA Consulting Ltd (MDA), we understand that we have a responsibility to protect and respect your privacy and look after your personal data. This Privacy Policy, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely, and also became effective on 25 May 2018.

For clarity, MDA may be both Data Controller and Data Processor for your personal data under certain circumstances. We advise that this Privacy Policy is non-contractual, regularly reviewed and may be subject to change, so please check this website on a regular basis for any further changes.

This Privacy Policy also provides you with information about how you can have control over the use of your data.

How the law protects you

Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The reasons we process your personal data include, but not limited to, your consent, performance of a contract, billing and to contact you.

What information do we collect?

In general terms, we collect information about you to enable us to:-

• Administer our relationship with you, provide services and respond to enquiries.
• To comply with contractual obligations we have with you.
• Enable business development including sending newsletters and information updates.
• Process applications for employment.
• Deliver requested information to you about our services.
• Ensure the billing of any services and obtain payment.
• Process and respond to any complaints.
• Enable us to meet our legal and other regulatory obligations imposed on us.

The information we need for these purposes is known as “personal data”. This includes your name, company, address (work or home), email address, telephone and other contact numbers and financial information. We collect this in a number of different ways, for example, by email, via our website, telephone or letter.

We also process sensitive information such as racial or ethnic origin.

We will seek your permission if we need to record any of your sensitive personal data on our systems.

How do we use the information

We use the data we collect from you for the specific purpose listed in the table below:-

Purpose for processing data

Legal basis for processing data

Third party organisations with whom data is shared

To administer our relationship with you, to provide services and respond to enquiries

To meet the requirement of a contract.

Only where a project requires it and only after prior consent is given.

To ensure the billing of any procured services by you and obtain payment.

To meet the requirement of the contract.

Government VAT and tax inspectors, external auditors, internal auditors, insurance companies.

To communicate with you on newsletters and event invitations which are relevant to your interests.

To seek explicit consent prior to sending individuals the information and in line with preferences.


To process and respond to complaints

To meet a legal obligation

Legal Entities
Insurance companies, Accredited bodies


Retention Periods

We will keep your personal data for the duration of the period you are a client/employee of MDA. We shall retain your data only for as long as necessary in accordance with applicable laws.

We may keep your data for between 6 to 12 years. We may not be able to delete your data before this time due to our legal/regulatory and/or accountancy obligations. We assure you that your personal data shall only be used for the purposes stated herein.


We may send you marketing material where you are a business client and we consider the marketing material to be relevant to you or where you are a business client we have previously provided you with our services and you have not opted out of receiving such communication.

Where you are an individual prospective client we will only provide you with marketing material where you have provided your express consent.

You can update your marketing preferences by emailing

Your Rights

Under the terms of the data protection legislation, you have the following rights:-

Right to be Informed

This Privacy Policy fulfils our obligations to tell you about the ways in which we use your information.

Right to Access

You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. This information with be sent within one month of your request.

To make a Subject Access Request, please write to our Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ

Right to Rectification

If any of the information that we hold about you is inaccurate, you can contact the Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DH

Right to be Forgotten

From the 25 May 2018, you can ask that we erase any/all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within one month.

Right to Object

You have the right to object to:

1. The continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time.
2. The continued use of your data for any purpose listed above for which the lawful basis of processing is that it has been deemed legitimate.

Right to Restrict Processing

If you wish us to restrict the use of your data because:

1. You think it is inaccurate but this will take time to validate
2. You believe our data processing is unlawful but you do not want your data erased
3. You want us to retain your data in order to establish, exercise or defend a legal claim
4. You wish to object to the processing of your data but we have yet to determine whether this is appropriate

Please contact the Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ

Right to Data Portability

If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H  9DJ

Right to Withdraw Consent

If you would like to withdraw consent, please contact our Group Data Protection Officer, at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ

Overseas Transfers

None of the information that we collect, process or store is transferred outside of the European Economic Area (EEA). We do not normally share your personal data with anyone outside the EEA, however, we may do so when a particular circumstance or the Services we provide to you requires us to do so.

Third Parties

For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes. However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure.

Data Privacy and Security

We ensure that data protection is a key consideration for all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy and an active information security work programme.

This helps us to:-

a. Ensure all IT facilities are protected against damage, loss or misuse
b. Protect against potential breaches of confidentiality
c. Awareness of the requirements for information security, confidentiality and integrity of the information that is handled
d. Optimum security of our Website

Where we Store Your Personal Data

We follow accepted ISO standards to store and protect the personal data we collect including the use of encryption if appropriate. All information you provide to us is stored on our secured servers within the UK/EEA


A cookie is a small file which asks permission to be placed on your computer's hard drive.

Necessary cookies aid core functionality, so disabling these may affect how the website runs. Analytics cookies help analyse web traffic and enable us to provide a better web experience. If you allow cookies to be stored, the file is added and the cookies allow web applications to respond to you as an individual.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not.

A cookie in no way gives us access to your computer or any personal information about you.

You can choose to accept or decline cookies. Most web browsers usually allow you to modify your browser setting to decline cookies if you prefer. For more information about cookies and how to delete them, click here.

Cookies we use

Cookie Name What does it do?
XSRF-TOKEN The cookie is set by Laravel, the platform our website is built on. The cookie is used for security purposes.
laravel_session Laravel uses laravel_session to identify a session instance for a user.
cookie-opt-in Used to understand the consent for the usage of cookies on the website.
_ga This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_gat_gtag_UA_121816734_1 This cookie is set by Google and is used to distinguish users.

By continuing to use our website you are agreeing to our use of cookies.

Third party cookies

Some of our pages feature content from other providers. We don't have control over the cookie policies of these providers, but you can view them below and control your preferences via

Google Maps

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Email Hosting

We process your data for administration, billing, support and the provision of services. This is achieved mainly by use of email and written communications.

Office 365 for email.

Office 365 email shares data with third party infrastructure in the EEA.

We use standard email all UK based.

Dedicated Servers, Virtual Servers, CloudNX platform

We process your data for administration, billing, support and the provision of services.


Any questions or comments regarding this Privacy Policy are welcomed and should be sent to our Group Data Protection Officer at MDA Consulting Ltd, 13-15 Carteret Street, London SW1H 9DJ

Or you have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Tel: 0303 123 1113

Our Privacy Policy shall be made clear to you at the point of collection of your personal data.

MDA Consulting Ltd

Head Office: 13-15 Carteret Street, London SW1H 9DJ