Skip to navigation Skip to main content Skip to footer

Privacy Policy


NCC Group is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read this policy carefully to understand our practices regarding how we will treat your personal data.

By visiting (“Website”), you accept and consent to the practices described in this policy. If you do not accept the terms of this policy, please refrain from using the Website. This policy is in direct response to the requirements of in the General Data Protection Regulation 2016/679 (GDPR).

Your personal data is ultimately controlled by NCC Group plc, a company registered in England and Wales (registered number 04627044) whose registered office is at XYZ Building, 2 Hardman Boulevard, Spinningfields, Manchester, M3 3AQ.

Unless prohibited by law or other applicable regulatory requirements we may share your personal information with any affiliate company within our group.

Our Group Data Protection Officer can be contacted using the following email address:, or alternatively by writing to the address above and marking it for the attention of the Group Data Privacy Officer.

For information on how the Website uses cookies, please visit our Cookie Policy.


Information we may collect and hold about you

We may collect and process: information you’ve provided to us, such as your name, email address, mailing address, and contact details.

You provide us with information about yourself by:

  • filling in forms on the Website;
  • contacting us by phone, email or physical mail;
  • asking us to contact you in relation to services we provide;
  • subscribing to our mailing lists, newsletters or bulletins;
  • completing a survey we send you;
  • booking a seminar or event run by us;
  • visiting our offices;
  • ordering products or services from us;
  • requesting downloads of documentation or software;
  • requesting support related to software or services;
  • interacting with us on social media platforms (such as Linked In or Twitter); or
  • reporting a problem with our Website.

When you visit our Website, we may also collect information about you, including, but not limited to, your IP address, approximate location (town / city level), time of access, the browser you use, your operating system, the pages you visit and what website you came from.

We may ask you to complete surveys that we use for research purposes.

We may use legal public sources to obtain information about you. We only obtain information from third parties when permitted by law.


Retention of your information

If we are providing services to you, we will retain your personal information for the duration of the services and for six years thereafter, unless otherwise agreed.

When you visit our Website, you will be asked whether you consent to the use of Cookies. If you consent, we will retain the information collected about you in accordance with the retention periods outlined in our Cookie Policy.

Telephone call recordings are retained for 12 months.

CCTV records are kept for a period of up to 90 days.


Complaints and Feedback

If you have a current, open agreement for services with us and you make a complaint or provide other feedback in a format other than those described below , we will retain a record of your complaint or feedback for the life of the agreement plus 25 months or until such time as the complaint has been satisfactorily resolved. I If you are in contact with us during the course of a sale or as part of negotiations for a sale, we will keep a record of previous complaints or feedback until either a purchase is made, or if no purchase is made, for another 6 months.

If you choose to provide us with feedback:

  • for service feedback surveys, we will retain your data for a maximum of 25 months;
  • for NPS Score surveys, product surveys, and general marketing surveys, we will retain your data for a maximum of 25 months;
  • data collected through event registration, events requirements, and market research, will be retained for a maximum of 25 months; and
  • where you provide us with ‘quotable feedback’, for which we ask your permission, we will retain and use the data for up to 5 years in the format in which you granted permission (for example, if you requested anonymity, or agreed to us assigning the feedback to you at a certain company).

Unless otherwise set out in this privacy policy, any other information we process about you will be retained by us until we no longer need it for the purposes for which it was collected, as set out in this privacy policy and/or the relevant fair processing notice. We will base that decision on a number of criteria, including whether we are required by law to keep the information for a certain period of time, whether you have withdrawn consent to the processing, whether a contract has been performed and the likelihood of us needing to retain the information in the event of a claim arising, whether the data is still up to date, and whether there are exceptions set out in the applicable data protection legislation that allow us to retain the personal data for a longer period or indefinitely.

We will review and delete or destroy personal data on a regular basis. If we are unable, using reasonable effort, to delete or destroy the personal data, we will ensure that it is encrypted or protected by other security measures so that it is not readily available or accessible by us.


How we may use your information

In addition to using your information to fulfil our contract with you, we may also use your information in the following ways (provided that, where we are required to obtain your consent it, you have provided it):

  • to monitor our website and improve our products and services;
  • to provide you with information about other goods and services we offer that we feel may be of interest to you because they are similar to what you’ve already purchased or asked about;
  • to let you know about changes to our services;
  • to administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to enable us to comply with any legal or regulatory requirements.



If you agree to advertising cookies, the LinkedIn Insight and Google Analytics cookies tie your IP address to any member accounts you have on their respective platforms. Google / LinkedIn don’t tell us who you are, but as they can identify you we have included key information about this use of your data here.

These cookies track what URLs are of interest to you - so that we can give you relevant information on our services by targeting advertisements. The data we have access to is hashed to the point where we won’t be able to profile you based on your visit, but it can be used to distribute ads based on services you are interested in. The profiling data on users is removed within seven days to help keep your visit anonymous. LinkedIn and Google do not share that personal data with NCC Group, but rather give reports as to how many web visits can be tied back to a member account on LinkedIn and/or Google, which gives us the capability to advertise to you on the given platforms.

LinkedIn uses techniques to identify you as the same user across different devices, regardless of whether you’re logged in to LinkedIn or not. For more on how this works see here. LinkedIn will also use the data to optimize the systems of LinkedIn and its affiliates (specifically to improve relevance algorithms) and find LinkedIn members probabilistically, provided that LinkedIn and its affiliates will:

  • prior to optimizing LinkedIn's systems, remove the direct association to personal identifiers to avoid identifying you;
  • not allow other advertisers or third parties to target advertising based on this information; and
  • not create or enhance individual behavioural profiles based on this information.

You can find more information on how to disable tracking mechanisms and a more detailed explanation of what data is collected in our Cookie Policy here. Please also see LinkedIn’s Privacy Policy and Google’s Privacy Policy.


The basis on which we collect your information

We collect much of your information on the grounds of:

legitimate interests (for example, to send you direct marketing about products and services similar to those you have purchased from us or negotiated or enquired about, or to help us administer the website); and

(i) fulfilment of a contract (for example, to provide you with products or services you have purchased from us).

If we require your personal data if we do business with you - we may be unable to fulfil our contractual obligations with you if you refuse to provide your personal information.

Where we rely on legitimate interests, our legitimate interests are the promotion of the products and services offered by NCC Group and the provision of information in respect of products and services you have already purchased from us or in which you have expressed an interest in purchasing.

If we are unable to rely on legitimate interests, fulfilment of a contract, or any other grounds we will request consent from you for the processing. This will be the case if, for example, you download documentation from us and we would like to send you marketing information about our products and services, or if we ask for your consent to non-essential cookies. If you give us your consent, you can withdraw it at any time by clicking on the link in the email we send you, or by emailing, or by changing you preference in our Cookies tool (see our Cookies Policy).


Sharing your information

We might, from time to time, share your personal information with any member of our affiliated companies, including any affiliated companies who are involved in the provision of service.

We may disclose your personal information to third parties:

  • if the third party contracts with us to provide certain services you have requested and needs your personal information to do so;
  • if we sell or buy any of our business or assets - we may disclose your personal data to the prospective buyer or seller;
  • if NCC Group, or substantially all of its assets, are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or to protect the rights, property, or safety of NCC Group, our customers, or others.

With respect to our use of Google and LinkedIn for analytics and advertising purposes, a list of LinkedIn’s third parties and Google’s.


Do not sell my personal Information

NCC Group do not engage in the sale of personal data. Certain information may be shared with third parties through use of cookies – if you wish to opt-out of this sharing and the use of cookies please use the cookie preferences tool to indicate your preferences.

For more information, please see the “Your rights” section below or contact us at


Where we store your personal data

The personal data that we collect from you may be transferred to and stored outside the European Economic Area ("EEA") and transferred from there to another location outside the EEA. It may also be processed by staff outside the EEA who work for us or for one of our suppliers. These staff may be, among other things, fulfil your order, process of your payment, or provide support services.

We will always take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. The places your personal data may be transferred will either offer adequate protection for your personal data, as determined by the European Commission, or we will make sure there are appropriate safeguards in place. We will also ensure adequate safeguards are in place when sending personal data to countries located outside the EEA, where additional measures are required by national law.

If you would like to know more about the basis on which we may transfer your data outside the EEA where a finding of adequacy hasn’t been made, please contact

We have appropriate security measures to prevent your personal data from unauthorized access, use, alteration, disclosure, or loss.


Security of your Data

NCC Group has a thorough information security policy in place. As a result, NCC Group has implemented specific measures such as admission controls, system access controls, data access controls, transmission controls, input controls, job controls, availability controls, and segregation controls in order to ensure adequate protection of personal data. This includes specific measures such as the use of anti-virus applications, proper training protocols, systematic access management, and DDoS mitigation technologies.

NCC Group’s active approach to protect the integrity of the data includes, but is not limited to, technical and organizational measures such as proper system administration, regular backup procedures, the use of authentication codes, signature procedures, network controls, and proper training of employees and relevant third parties.


Your rights

There are a number of rights available to people under the different global privacy laws, including GDPR and the California Consumer Privacy Act (CCPA), which include:

  • access to your data and information about what data we hold, its source, the
  • purposes of processing your data and information on where this is shared or sold;
  • rectification of your data where it is inaccurate;
  • the right to be forgotten / to request that data is deleted;
  • the right to restrict the processing of data;
  • data portability;
  • the right to object;
  • the right to opt-out of the sale of your data; and
  • rights relating to automated decision-making
  • the right to non-discrimination


1. Access to your data

You have the right to ask us to confirm that we process your personal data, as well as to have access to and receive copies of the data we hold about you. This right also include being provided information on the categories of data held, the sources of any data we process and information on who this is shared with or sold to – for ease we have included the majority of this information within this privacy policy.

We will provide the information you request as soon as possible and in any event:

  • within one month of receiving your request if made under the right of access under GDPR; or
  • within 45 days of receiving your request if made under the CCPA.

If we need more information to comply with your request, we will let you know.


2. Rectification (correction) of your data

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify it. We will make the correction within one month, unless we don’t feel the change is appropriate for us to make, In that case, we’ll let you know why. We will also let you know if we need more time to comply with your request.


3. Right to be forgotten

In some circumstances, you have the right to ask us to delete the personal data we hold about you when:

  • we no longer need your personal data for the purpose for which we collected it;
  • we have collected your personal data on the grounds of consent and you withdraw that consent;
  • you object to the processing and we don’t have any overriding legitimate interests to continue processing the data about you;
  • we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR or CCPA); and
  • the personal data has to be deleted to comply with a legal obligation.

There are certain situations in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.


4. Right to restrict processing

In some circumstances, you are entitled to ask us to stop processing your personal data. But, while this means we must stop actively processing your personal data, we don’t have to delete it. This right is available if:

  • you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;
  • you have objected to us processing the data– we’ll stop processing it until we have determined whether our legitimate interests override your objection;
  • if the processing is unlawful; or
  • if we no longer need the data but you would like us to keep it because you need it to establish, exercise, or defend a legal claim.


5. Data portability

Where NCC Group acts as a Data Controller, you have the right to ask us to provide your personal data in a structured, commonly- used and machine-readable format so that you are able to transfer the personal data to another data controller. This right only applies:

  • to personal data you provide to us;
  • when processing is based on your consent or for performance of a contract (i.e., the right does not apply if we process your personal data on the grounds of legitimate interests); and
  • if he processing is automated.

We’ll respond to your request as soon as possible and in any event within one month. If we need more time, we’ll let you know.


6. Right to object

You are entitled to officially object to us processing your personal data:

  • if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
  • for direct marketing purposes (including profiling); and/or
  • for the purposes of scientific or historical research and statistics.

We will stop processing your data if you have ground for objecting unless we can show that there are legitimate compelling grounds that override your interests, rights, and freedoms or the processing is for the establishment, exercise or defence of legal claims.


7. Right to opt-out of the sale of your data

  • You have the right, at any time, to direct a business that sells personal information about you to third parties not to sell your personal information.
  • A business that has received direction not to sell a consumer’s personal information shall be prohibited from selling the consumer’s personal information after its receipt of the consumer’s direction, unless the consumer subsequently provides express authorization for the sale of the consumer’s personal information.

Any objections relating to the sale or use of personal data for marketing purposes shall be actioned without question or undue delay.


8. Right to disclosure of information sold

Under the CCPA, Californian residents have the right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, disclose to you:

  • The categories of personal information that the business collected about you.
  • The categories of personal information that a business sold about you and the categories of third parties to whom the personal information was sold,
  • The categories of personal information that the business disclosed about you for a business purpose


9. Right to non-discrimination

NCC Group shall not discriminate against any person who exercises their rights under the CCPA, the GDPR or any other applicable data privacy legislation.

This includes, but is not limited to:

  • denying services;
  • charging different rates for services;
  • providing different levels or quality of services

If NCC Group offers any financial incentives for the collection or use of personal information, including but not limited to the sale of personal information or the deletion of personal information, it shall notify consumers and provide the option for consumers to opt-in. Such an opt-in may be revoked at any time by the consumer.

If you would like to exercise any of your rights in respect of your personal data, please contact us at or write to us at XYZ Building, 2 Hardman Boulevard, Spinningfields, Manchester, M3 3AQ.


Automated decision-making

You will be asked whether you consent to the use of cookies when you visit our website. We use cookies to monitor your use of our website and so that we can advertise to you later on other websites. This won’t affect your use of our website or any third party websites. We won’t directly contact you solely as a result of your visiting our website.



Our website may contain links to our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check their policies before you submit any personal data to them.


Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page and, when appropriate, you will be notified by email. Please check back frequently for updates or changes.


Candidate privacy notice

For all privacy notice related to recruitment, please follow the link below:

Candidate privacy notice



Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to

If you have any concerns about the ways in which we process your personal data, you are entitled to report those concerns to the relevant supervisory authority in your jurisdiction.

If you have any concerns about the ways in which we process your personal data, you are entitled to report those concerns to the relevant supervisory authority in your jurisdiction. If you are based in the UK, you can contact the Information Commissioner’s Office. The ICO can be contacted on 0303 123 1113 or you can get in touch via other means, as set out on the ICO website -

If you are based in the United States, then you should contact the Attorney General within your State – information on who your Attorney General is can be found here.


Skip to navigation Skip to main content Skip to footer