image7.webp
Search
Call Us TODAY

Privacy Policy

Last modified 25th May 2018

 

Introduction

 

We protect your personal data in line with the requirements of the General Data Protection Regulation (GDPR). The GDPR requires data controllers such as ourselves to document our lawful basis for processing personal data. It also gives you rights over how your data is processed. This privacy policy documents the data we collect, why and how we process it, and how to exercise your rights.

 

 

Data controller

 

The data controller responsible for this website is NPD&CO (UK) Ltd, who can be contacted at info@npdandco.com.

This website contains links to third-party websites, which have their own data controllers and privacy policies. This privacy policy applies only to this website.

 

 

Lawful basis for processing

 

For each method by which we collect personal data, this privacy policy documents our lawful basis for processing the data. Where we rely on your consent to process your data, we explain how you can withdraw your consent and delete your data.

 

 

Individual rights

 

The GDPR gives you rights over how your personal data is processed. You can exercise your rights by contacting us. In some cases you can also exercise your rights through automated systems, as described at the relevant points in this privacy policy.

 

 

Security

 

The GDPR requires us to implement appropriate technical measures to protect data. We verify the identity of any individual who requests access to data before granting access. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website. Additional technical measures are described at the relevant points in this privacy policy.

 

Disclosures

 

In addition to any sharing of data described elsewhere in this privacy policy, we may disclose data for legal reasons. If we suspect criminal activity we may disclose data relating to those involved or affected to the appropriate authorities. We may also be obliged to disclose data if we receive a request from an appropriate authority.

 

 

Changes to this privacy policy

 

We may occasionally make changes to this privacy policy. Following any changes, the date at the top of this privacy policy will be updated. If any change allows for wider access to data, such changes will only apply to data collected after the date of the updated privacy policy.

 

Cookies

 

Cookies are small pieces of text that are stored by your browser. Each cookie has a name and is associated with a particular site. When your browser sends a request to a site (for example, to download a page, image, or video), the computer that responds (known as a server) may tell your browser to set one or more cookies. When your browser makes further requests to the same site it sends the cookies back to the server. This allows the server to remember you as you browse the site, and provide features such as shopping baskets or password-protected areas. For more information on the cookies we use, see our cookie policy.

 

Data collected when you contact us Comments

 

When you submit a comment through a ‘Leave a comment’ form on our site we collect your name, e-mail address, and comment. We may choose to publish your name and comment on our site. Comments are submitted to the Akismet anti-spam service in order to detect and block spam. For more information on how Automattic (the operator of Akismet) handles the data it collects, see Automattic’s privacy policy.

You can delete a comment by contacting us with your request.

Lawful basis for processing: Consent given by data subject

Why? You have given your consent by checking the box on the ‘Leave a comment’ form

 

Data collected by third parties on our behalf Spoton.net

 

Our site is hosted by Spoton.net Limited (registered company number 06139437 in England and Wales). Spoton.net logs all requests in order to determine the causes of reported faults and to detect and block suspicious traffic. The log records the time of the request, your IP address, the requested resource, the referring site (if specified by your browser), and your browser’s user agent string (which will usually include the name and version of your browser and operating system). Log files are deleted after ninety days.

Lawful basis for processing: Compliance with a legal obligation

Why? To comply with the GDPR obligation to implement appropriate technical measures to protect data

Cloudflare

 

Our site is served through Cloudflare. Cloudflare helps our site load faster by storing copies of our content in data centres around the world, and defends our site from attacks by logging requests to detect and block suspicious traffic. For more information on how Cloudflare handles the data it collects, see Cloudflare’s privacy policy.

Lawful basis for processing: Compliance with a legal obligation

Why? To comply with the GDPR obligation to implement appropriate technical measures to protect data

 

Google Ads

 

We use Google Ads to track visitor interaction with our site in order to measure the success of our advertising and target it more effectively. Google collects details of the adverts with which you interact, pages you view and the time you viewed them, the features of your browser, and your IP address. For more information on how Google handles the data it collects, see Google’s privacy policy.

To opt out of Google Ads tracking on our site, see the Google Ads section of our cookie policy. To opt out of Google Ads tracking on all sites, see Google’s Ad Settings.

Lawful basis for processing: Pursuance of our legitimate interests

Why? To allow us to analyse the effectiveness of our advertising

NPD & Company (UK) Ltd

Last Updated: 08 December 2025

NPD & Company (UK) Ltd is committed to safeguarding the privacy of individuals and businesses whose information we process. This Policy explains what personal data we collect, how it is used and the rights available to data subjects under UK GDPR.

1. Who We Are

NPD & Company (UK) Ltd

Company No. 07559807

Registered Office: 14 Vandyke Close, Woburn Sands, Milton Keynes,MK17 8UX

Telephone: 020 8665 6666

Email: sales@npdandco.com

For the purposes of UK GDPR, we act as the Data Controller.

We process all personal data lawfully, fairly and transparently, in accordance with UK GDPR and the Data Protection Act 2018. We will comply with any lawful request from a data subject to access their personal information held by us.

2. Personal Data We Collect

We may collect the following categories of personal data:

Website Users

    • – Name and contact details provided via online forms
  • – IP address and technical usage data collected through analytics

Clients and Prospective Clients

  • Business contact details
  • Job titles and professional communications
  • Billing and account information

Debtors (Individuals / Sole Traders / Directors)

When instructed to recover commercial debts or assess credit risk, we may collect:

    • – Contact details, trading names and identifiers
    • – Commercial invoicing and payment history
    • – Public legal records (e.g. CCJs, insolvency filings)
  • – Debt-recovery communications and outcomes

We only process personal data necessary for our services.

3. How We Collect Data

Data may be collected from:

    • – Information provided directly by website users or clients
    • – Public sources: Companies House, The Gazette, court records
    • – Credit-reference and tracing agencies
  • – Information generated through our own debt recovery and credit assessment activities

4. Lawful Basis for Processing

We process personal data under these lawful grounds:

    • – Legitimate interests — to pursue unpaid commercial debts, prevent financial loss and support safe trading

  • – Contract     — where required to deliver services to clients

    • – Legal obligation — compliance with court processes, regulatory requirements

– Consent — where required (e.g., certain marketing communications)

We ensure our legitimate interests do not override the rights and freedoms of individuals.

5. How We Use Personal Data

We may use data to:

    • – Manage and progress debt-recovery instructions
    • – Support commercial credit-risk assessment
    • – Provide credit reports and intelligence
    • – Maintain business accounts and records
    • – Improve Website functionality
  • – Comply with legal obligations

We do not use personal data for automated decision-making with legal or significant effects.

5A. The NPD Credit Information Database

We operate the NPD Credit Information Database, which contains commercial credit intelligence including:

  • – Shared payment performance data from our clients
  • – Debt-recovery outcomes
  • – Court and insolvency records
  • – Trading status and business associations

Where this Database includes personal data — typically relating to:

    • – Sole traders
    • – Partnerships
  • – Directors whose identity is commercially connected to credit risk

— such data is processed strictly under UK GDPR.

Payment-performance and credit-risk data may be made available to other subscribing businesses under controlled contractual terms, for legitimate commercial purposes.

Information relating solely to incorporated businesses is not personal data and therefore falls outside the scope of GDPR.

We take reasonable steps to ensure accuracy.
Individuals may challenge and request correction of inaccurate data (see Section 10).

6. Data Sharing

Personal data may be shared where necessary with:

    • – Clients (for case progression)
    • – Courts and enforcement agencies
  • – Credit-reference and tracing partners
    • – Verified subscribers to the Database
  • – Technology and data-service providers acting under confidentiality obligations

We do not sell personal data.

7. International Transfers

Data is normally stored and processed in the United Kingdom.

If processed outside the UK, we will ensure suitable safeguards such as:

    • – Standard Contractual Clauses
  • – UK adequacy decisions

8. Data Retention

We retain personal data only as long as necessary:

CategoryTypical Retention
Debt recovery filesUp to 6 years after closure
Website enquiriesUp to 12 months
Credit information recordsAs long as necessary for lawful legitimate interests

Data may be retained longer where legally required.

9. Security

We use appropriate technical and organisational measures to protect data from:

    • – Unauthorised access
    • – Loss or damage
  • – Alteration or disclosure

– Access to personal data is role restricted.

10. Your Rights

Individuals have rights under UK GDPR, including:

    • – Right of access
    • – Right to rectification
    • – Right to erasure (subject to certain exceptions)
    • – Right to restrict or object to processing
    • – Right to data portability
  • – Right to withdraw consent (where consent applies)

– Requests can be made using the contact details in Section 1.

Identification may be requested where necessary to verify the requester.

You may complain to the Information Commissioner’s Office (ICO): www.ico.org.uk

11. Cookies

The Website uses strictly necessary cookies and may use analytics cookies to improve performance.

Further details are provided in our Cookies Policy.

12. Changes to This Policy

We may update this Policy periodically.

The changed version will be published on this Website with a new Last Updated date.

13. Contact

If you have any questions regarding this Policy or your data rights, please

contact:

NPD & Company (UK) Ltd

Email: sales@npdandco.com

Tel: 020 8665 6666

Address: 14 Vandyke Close, Woburn Sands, Milton Keynes, MK17 8UX

Verified by MonsterInsights