Privacy Policy

Effective Date: 2 June 26

Hello. We are Hampden Consultancy Group (HCG). As a specialist security and data protection consultancy, we take your privacy seriously, so we have written this notice in plain English to explain what personal data we collect, why we collect it, and the rights you have over it.

The short version: When you browse our website or get in touch, we collect a small amount of information so we can run our site securely and respond to you. We only use it for the reasons set out below, we never sell it, and you can ask us to show you, correct, or delete it at any time by emailing info@hampdencg.com.

Who we are and our role

Hampden Consultancy Group is the data controller of the personal data collected through this website and through your enquiries with us. That means we decide what data is collected and how it is used, and we are responsible for keeping it safe.

Our registered details are: Hampden Consultancy Group Ltd, Registration No. 15959573, 32A East Street, St Ives, Cambridgeshire, PE27 5PD.

Our Data Protection Officer and ICO registration

Because data protection is central to what we do, we hold ourselves to the same standard we set for our clients.

  • We are registered with the UK Information Commissioner’s Office (ICO) under registration number ZB915682

  • Our Data Protection Officer is Tom Billingham, who you can reach at info@hampdencg.com for any privacy question or to exercise your rights.

What this notice covers, and your part in it

This notice applies to visitors to www.hampdencg.com and to anyone who contacts us or engages our services. Please read it alongside our Cookie Policy and Data Retention & Deletion Policy.

If you give us personal data about other people (for example, a colleague’s contact details when making an enquiry), please make sure you are allowed to share it with us, as we will use it only for the purpose you provided it.

What data we collect, and when

Sometimes you give us data directly; sometimes we collect it automatically as you use our site.

Information we collect automatically (“device information”)

When you visit our website we automatically collect technical data such as your IP address, browser type and version, time zone, operating system, the pages you view, and how you arrived at our site. We use this to keep the site secure, prevent abuse, and understand how it is used.

Information you give us

When you complete a contact or enquiry form, sign up to receive updates, or email us, you may give us your name, organisation, email address, telephone number, and the content of your message.

Marketing preferences

If you opt in to receive updates from us, we keep a record of that consent and your preferences.

You can browse our website without telling us who you are. You only need to provide personal data if you want to use a feature such as our contact form or updates list, and you can choose not to, though some features may then be unavailable.

Why we use your data, and our legal basis

Data protection law lets us use your data only where we have a valid legal basis. Here is exactly why we process your data and the basis we rely on for each purpose.

What we do - Running and securing our website

Why - Keeping the site available, preventing abuse, and diagnosing technical issues

Legal basis - Legitimate interests

What we do - Responding to your enquiries

Why - Answering your questions and taking steps before entering into a contract with you

Legal basis - Contract / Legitimate interests

What we do - Providing our services

Why - Delivering the consultancy services you or your organisation engage us for

Legal basis - Contract

What we do - Sending updates and marketing

Why - Sending you news, insights and event invitations where you have asked us to

Legal basis - Consent

What we do - Understanding site usage

Why - Analysing aggregated, non-identifying statistics to improve our site

Legal basis - Legitimate interests / Consent

What we do - Meeting legal obligations

Why - Complying with our legal and regulatory duties

Legal basis - Legal obligation

What these mean: Consent: you have clearly agreed (and can withdraw any time). Contract: we need the data to provide a service you have asked for. Legitimate interests: we have a genuine business reason that does not override your rights. Legal obligation: the law requires it.

Cookies

Our website uses cookies to help it work and to understand how it is used. Some cookies are essential and always on; others (such as analytics) only run with your consent. You can manage your choices at any time through your browser or our cookie controls. For full details, see our Cookie Policy.

Your privacy rights

Under UK GDPR you have the following rights. To use any of them, just email info@hampdencg.com and we will respond within one month.

  • Be informed: to know how we use your data (that is what this notice is for).

  • Access: to get a copy of the data we hold about you.

  • Rectification: to have inaccurate data corrected.

  • Erasure: to ask us to delete your data where we no longer need it.

  • Restrict processing: to ask us to pause how we use your data.

  • Data portability: to receive your data in a portable format.

  • Object: to object to processing based on legitimate interests, and to opt out of marketing at any time.

  • Automated decisions: we do not make decisions about you by automated means or profiling.

How long we keep your data

We keep personal data only for as long as we need it. Our specific retention periods are set out in our Data Retention & Deletion Policy. For example, contact form data is kept for 2 years and web analytics for 26 months. When data is no longer needed, we securely delete it.

How we keep your data secure

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. As a security consultancy, this is core to how we operate. No transmission over the internet can ever be guaranteed 100% secure, so if you believe your data has been compromised, please contact us immediately on info@hampdencg.com.

Who we share your data with

We do not sell your data. We share it only where necessary with trusted providers who help us run our business, for example our website host, email provider, and analytics tools. These providers act on our instructions and are bound to protect your data.

Our key provider is: Hostinger.com.

We may also disclose data where required by law, or to protect our rights or the safety of others.

International transfers

Where any of our providers process data outside the UK or European Economic Area, we make sure appropriate safeguards are in place (such as UK-approved standard contractual clauses) so your data stays protected.

Children’s data

Our website and services are intended for businesses and professionals. We do not knowingly collect personal data from anyone under 16.

Changes to this notice

We may update this notice from time to time. When we do, we will revise the “last updated” date above, and significant changes will be highlighted on this page.

Complaints

If you are unhappy with how we have handled your data, please tell us first so we can put it right. You also have the right to complain to the UK Information Commissioner’s Office at www.ico.org.uk.

Contact us

For any question about this notice or your personal data, contact our Data Protection Officer at info@hampdencg.com.

Hampden Consultancy Group
Our Policies
Contact Info
info@hampdencg.com

© 2026. HCG Copyright. All rights reserved.