This notice contains important information about your rights to data privacy and about our commitment to protecting those rights.

The Social Profit Calculator LTD Privacy Notice applies to all individuals (‘data subjects’) whose personal data is stored or used (‘processed’) by Colbe Consulting (CC).

CC will endeavour to process your personal data lawfully at all times and in accordance with international best practice. In particular, we will comply with the European Union’s General Data Protection Regulation (or GDPR).

CC acts as a data ‘controller’, as defined by the GDPR. The ‘main establishment’ for CC is located in the United King- dom (address below). Therefore, the lead regulator (or ‘supervisory authority’) for CC is the UK Information Commis- sioner’s Office (or ICO).

Our Commitment to you

We will endeavour to process your personal data lawfully at all times, and in accordance with international best practice.

We will endeavour to process your personal data lawfully at all times, and in accordance with interna- tional best practice.

If you satisfy the above criteria, Article 13 of the GDPR confers to you the following rights:

  • Right to be informed about your data

  • Right to access your data

  • Right to rectify your data

  • Right to erase your data

  • Right to restrict the processing of your data

  • Right to object to the processing of your data

  • Right to data portability

  • Right to complain to a supervisory authority within the European Union

  • Rights related to automated decision making, including personal profiling.

In relation to the last of these rights, please note that CC does not use any personal data for automated decision making or profiling.

These rights under GDPR are explained in greater detail by CC’s supervisory authority, the UK Information
Commissioner’s Office (details below). Another useful source of information is the European Union.  

Legality of processing

Within the context of GDPR, CC’s lawful bases for processing personal data include the following:


  1. Performance of a contract between parties

  2. The performance of a legal obligation

  3. The protection of vital interests (e.g. in a health emergency)

  4. The exercise of our legitimate interests (described below).

These four lawful bases for processing personal data lie at the heart of our relationship with you and your data.  


CC’s legitimate interests in the processing of personal data are concerned with the long-term sustainability and integrity of its commercial operations, involving:  


  • The need to deliver specialist consulting, analytical, training and software development services to customers world- wide, across both the public and private sectors.

  • The need to build and maintain permanent and productive relationships with clients, suppliers, partners, employees and all other stakeholders;

  • The need to improve our services, manage our risks, maintain accurate records and operate our business efficiently.

Purposes and legal bases

CC uses personal data in many internal and commercial processes. These are listed in the following table, along with each activity’s purpose and the applicable legal bases.


Categories of data recipients

One or more of the following recipients may need to view or hold your personal data during the course of our lawful data processing activities:

  1. Our employees

  2. Our associates

  3. Our clients

  4. Our partners

  5. Our suppliers

  6. Our legal advisors

  7. Our external auditors

8.   Our payroll providers
9.   Our insurance providers
10. Our pension providers
11.  Our bank
12.  Your bank(s)
13.  Our tax authorities
14.  Your tax authority

15. Our archivers
16. Your nominated referee(s)
17. Our company registration authorities
18. Embassies or consulates (visa applications)
19. Government regulators for data protection and health/safety monitoring.

For your protection, access to personal data is granted on a ‘need to know’ basis.  

Data safeguards

In order to protect the security of your data against loss, misuse, unauthorised access, disclosure or alteration, CC maintains a range of technical and organisational security measures. These measures are regularly evaluated and im- proved.


Our digital infrastructure is protected using advanced security measures, including encryption. Where appropriate and feasible we may adopt techniques of anonymisation in order to hide or remove any information capable of identifying individual people.

Transfers outside the EU

As a supplier of specialist services worldwide, CC maintains professional relationships both within and beyond the borders of the European Union. We may occasionally need to share personal data with non-European stakeholders, including our professional colleagues, but only where we can demonstrate a lawful basis for our actions.  

Data retention

We will retain personal data for no less than the minimum timescales specified in law. Retention periods beyond these legal minimums will be influenced by our lawful bases for data processing (described above).  


Our standard minimum retention period for data is 7 years, except where a shorter period has been mandated in law or by contractual terms agreed between us and individual clients. All personal data is subject to periodic (typically annual) reviews. It will then be maintained or erased in accordance with our obligations and legitimate interests.

Our supervisory authority for data privacy

CC’s supervisory authority for data privacy is the UK Information Commissioner’s Office (ICO). You have the right to complain to the ICO, who may be contacted here:

Information Governance Department

Information Commissioner’s Office

Wycliffe House

Water Lane




United Kingdom

Further information

For further information, or to exercise your rights as a data subject, CC’s Data Protection Representative may be con- tacted here:

The Data Protection Representative

Colbe Consulting Ltd

104 Bolton Road West




United Kingdom