Privacy Policy (Clients)
V4 15/06/2026
Please click the links in the Table of Contents below to see specific sections of the policy, or you can download a PDF at the bottom of this article.
- Who We Are
- Scope of This Policy
- The Personal Data We Collect
- How We Use Your Personal Data
- Special Category Data
- Where We Get Personal Data From
- Sharing Your Personal Data
- International Transfers
- Data Retention
- Security Measures
- Your Rights
- Direct Marketing
- Automated Decision Making
- Cookie and Website Tracking
- Website Complaints
- Updates to This Policy
- Our Role; Data Controller vs Data Processor
1. Who We Are
Associate Enterprises Limited (“we”, “us”, “our”) provides consultancy, audit services, online platforms (including LMS services) and other professional services.
We are the data controller for the personal data described in this Privacy Policy.
Contact details
Email: desk@assent1.com
Address Details see https://www.clemarkgroup.com/about/
2. Scope of This Policy
This policy applies to:
- Clients and their personnel
- Prospective clients and business contacts
- Users of our eLearning/LMS platforms
- Individuals interacting with our website or services
3. The Personal Data We Collect
We process the following categories of personal data:
3.1 Client & Business Contact Data
- Name
- Job title
- Work email address
- Telephone number
- Employer / business details
3.2 Consultancy & Audit Engagement Data
- Client employee names and contact details
- Customer, supplier, or organisational data provided during engagements
- Documents and records created or shared as part of services
3.3 Customer Service & Contract Data
- Contact details
- Communications with support teams
- Contractual and engagement documentation
3.4 Marketing & CRM Data
- Contact details
- Purchase history
- Marketing preferences
3.5 Website & Analytics Data
- IP address
- Approximate location
- Technical usage data (e.g. cookies, interactions)
3.6 LMS / eLearning Platform Data
- Name and contact details
- Account login details
- Training activity and completion records
- Platform usage data
4. How We Use Your Personal Data
We use personal data for the following purposes:
| Purpose | Description | Lawful Basis |
|---|---|---|
| Deliver services | Providing consultancy, audit, and contractual services | Article 6(1)(b) – Contract |
| Manage client relationships | Communication, support, and account management | Article 6(1)(b) – Contract |
| Customer support | Handling enquiries via helpdesk systems | Article 6(1)(b) or (a) |
| Marketing | Sending updates, newsletters, and relevant services | Article 6(1)(a) – Consent |
| Business development | Managing contacts from networking or events | Article 6(1)(a) – Consent |
| LMS provision | Delivering training and managing user accounts | Article 6(1)(a) – Consent |
| Website analytics | Improving website and services | Article 6(1)(a) – Consent |
| Legal compliance | Financial records, tax obligations | Article 6(1)(c) – Legal obligation |
5. Special Category Data
We generally do not process special category data for clients or platform users.
Where such data is processed (e.g. within client-provided materials), this is:
- Controlled by the client, and
- Processed under contractual obligations and appropriate safeguards
6. Where We Get Personal Data From
We collect personal data from:
- You directly (e.g. via forms, contracts, or platform sign-up)
- Your organisation (our client)
- Public sources (e.g. networking events, business exchanges)
- Website interactions
7. Sharing Your Personal Data
We may share personal data with:
7.1 Group Companies and Affiliates
We may share personal data within our corporate group, including:
- Parent companies
- Subsidiaries
- Affiliated or related companies
This is for purposes such as:
- Delivering our services
- Internal administration
- Business operations and reporting
All group companies are required to:
- Process personal data in accordance with this Privacy Policy
- Apply appropriate security and confidentiality controls
7.2 Subcontractors and Consultants
We may engage subcontractors or independent consultants to support the delivery of our consultancy, audit, and training services.
Where this occurs:
- Subcontractors are given access only to the personal data necessary to perform their role
- They are contractually bound by confidentiality and data protection obligations
- They must process personal data only in accordance with our instructions
7.3 Service Providers (Processors)
- CRM systems
- Cloud platforms (e.g. Microsoft 365, Google Workspace)
- Helpdesk providers (e.g. Freshdesk, call/email handling services)
- Accounting software (e.g. Xero)
- LMS platform providers
7.4 Authorities
- HMRC or regulators where required by law
7.5 Clients (in service delivery)
Where necessary for consultancy/audit services
All processors are subject to contractual obligations and appropriate safeguards
8. International Transfers
Your data may be processed using cloud services that operate outside the UK.
Where this occurs, we ensure safeguards such as:
- UK adequacy regulations
- Standard contractual clauses
- Equivalent protections required under UK GDPR
9. Data Retention
We retain personal data in line with our Retention Policy:
| Data Type | Retention Period |
|---|---|
| Client records & contracts | Up to 7 years after relationship ends |
| Consultancy/audit data | 4 years after engagement ends |
| Customer service records | Up to 7 years |
| Marketing data | Until consent withdrawn or relationship ends |
| Website analytics | Up to 1 year |
| LMS user data | Up to 7 years |
Data is securely deleted or anonymised when no longer required.
10. Security Measures
We implement appropriate technical and organisational measures including:
- Encryption of data in transit and at rest
- Access controls (role-based permissions)
- Secure cloud storage
- Regular monitoring and controls
11. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request erasure
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent (where applicable)
To exercise your rights, contact us using the details above.
12. Direct Marketing
We send marketing communications only where:
- You have given consent, or
- It is otherwise permitted under UK law
You can unsubscribe at any time via:
- Email links
- Direct request to us
13. Automated Decision-Making
We do not carry out automated decision-making or profiling that produces legal or significant effects.
14. Cookies and Website Tracking
We use cookies and similar technologies for:
- Website functionality
- Analytics
Where required, we obtain your consent before placing non-essential cookies.
15. Complaints
If you are unhappy with how we handle your data, you can contact us first: https://assentuk.freshdesk.com/support/tickets/new.
We will acknowledge your complaint within 30 days and investigate without delay. We will provide a response to your complaint and communicate the outcome.
If you are not satisfied with our response, you have the right to submit a complaint to the Information Commissioner’s Office (ICO):
Website: https://www.ico.org.uk
Telephone: +44303 123 1113
16. Updates to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website.
17. Our Role: Data Controller vs Data Processor
Depending on the service we provide, we may act as either a data controller or a data processor under UK GDPR.
17.1 When We Act as a Data Controller
We act as a data controller where we determine the purposes and means of processing personal data.
This includes:
- Managing our client relationships and contracts
- Handling customer service enquiries and communications
- Operating our CRM and marketing activities
- Managing business contacts and networking data
- Running our website and analytics
- Operating our LMS/eLearning platforms where users register directly with us
In these cases:
- We decide how and why personal data is processed
- We are responsible for complying with UK GDPR principles
- This Privacy Policy applies fully
Typical lawful bases used:
- Contract (Article 6(1)(b))
- Legal obligation (Article 6(1)(c))
- Consent (Article 6(1)(a))
17.2 When We Act as a Data Processor
We act as a data processor where we process personal data on behalf of our clients, who are the data controllers.
This primarily applies to:
- Consultancy and internal audit services
- ISO advisory engagements
- Handling client-provided documents, systems, or records
- Accessing personal data within client environments during service delivery
In these situations:
- The client remains the data controller
- We process data only in accordance with client instructions
- We do not determine the purpose of processing
17.3 Processor Obligations
Where we act as a processor, we:
- Enter into Data Processing Agreements (DPAs) with clients
- Process data only on documented instructions
- Ensure confidentiality obligations are in place
- Implement appropriate technical and organisational measures (e.g. encryption, access controls)
- Assist clients in fulfilling:
- Data subject rights
- Breach notification obligations
- Data protection impact assessments (where required)
17.4 Client Responsibilities (Where We Are Processor)
Where we act as a processor, our clients (as controllers) are responsible for:
- Identifying a lawful basis for processing
- Providing appropriate privacy information to individuals
- Managing data subject rights requests
- Determining retention periods
- Ensuring data shared with us is necessary and proportionate
17.5 LMS / Platform-Specific Roles
For your eLearning and SaaS platforms (e.g. LMS services), roles may vary:
a) Direct Users (Self-Registration)
Where individuals sign up themselves:
- We act as data controller
- This Privacy Policy applies
b) Client-Managed Platforms
Where a client provides user data (e.g. employee training):
- The client is controller
- We act as processor
17.6 Transparency and Clarity
If you are unsure whether we are acting as a controller or processor in a specific context, you may contact us using the details above.