Contact Us

Privacy Policy

Introduction 

This Privacy Notice explains how we process your personal data. If you have any questions or concerns, please contact us on bilal@practicaldataprotection.com 

  

Data Controller 

 

Practical Data Protection Ltd is the data controller for your data.  

We do not sell or authorise any processors to sell your information or to use it for any purpose other than those specified. 

    

Information Commissioner’s Office (ICO) under registration number ZB844000. 

   

Personal Data 

 

In general, we collect only names and contact details of potential or actual clients (or their staff) in order to deliver consultancy or training. We do not look at your clients’ data.  

  

Special Category Data 

There is usually no reason to collect any special category data – but occasionally, a client may let me know they are unwell (I hope not to do this, but I might tell you the same). This data is deleted as soon as possible.  

  

Similarly, if I am delivering training and am told something about accessibility needs, I delete this as soon as possible.  

  

Legal Basis for Processing 

I only use your personal data when there is a lawful reason under the UK GDPR/GDPR.  The main legal bases I rely on are: 

  • Legitimate interests – to answer a query that you have put to me, or where you are the employee of an organization with which I have a contract. 
  • Contract – when processing is needed to enter into or perform a contract with you. 
  • Consent – when you have given clear permission, for example for marketing updates or newsletters. 
  • Legal obligation – when the law requires me to process certain data. 

  

Consent 

don’t really rely on consent, unless it is to do with marketing. But if I do, you can withdraw it at any time by contacting me. You can also object to processing based on legitimate interest unless I have a lawful reason to continue. 

  

You can manage cookie consents using the options in the banner.  

  

International Transfers 

I am afraid that I work internationally – I am often to be found in the UK, any one of the Gulf countries (Saudi Arabia, UAE, Bahrain, Oman, Qatar, but never, until now, in Kuwait, although that is a possibility). I am occasionally in Turkey or Singapore. I also spend a large chunk of my time in Pakistan.  

 

Most of these places have decent data protection laws. Pakistan, however, is a relatively lawless disaster.  

 

That is why we minimize data collection, only work on specific devices and work within  secure SaaS environments, such as Microsoft 365. We believe that the data we collect, which is usually just contact details of staff, is likely not very high risk.  

  

Systems and Software 

I use Microsoft 365 services to manage data securely in a cloud environment.  

I take the usual steps, such as MFA and whole disk encryption to look after your data.  

 

This website is built on WordPress. I use two widgetsElementor and Dynamic Content for Elementor. 

  

To learn more about how your data is stored by these services, you can view their privacy notices: 

     

     https://privacy.microsoft.com/en-gb/privacystatement 

     https://elementor.com/about/privacy/ 

       https://www.dynamic.ooo/privacy-policy/

 

 

Information Sharing, Security and Retention 

I do not share your data with any third party for marketing purposes. Where I use other professionals or suppliers, they act as data processors and only process your data under my instructions, under contract.  

  

Personal data is kept only for as long as needed to meet legal, regulatory or contractual obligations. Most data is kept for 7 years if it relates to a contract – otherwise, 2 years is about it.  

  

I do not download sensitive information to my devices. My work phone and laptop are protected by encryption and multi-factor authentication. In the event of an incident involving personal data, I can remotely wipe all information from both devices. 

  

I work entirely paperlessly. Other than books and tissues, there is no paper at all in the office.  

Your Data Protection Rights 

You have rights under UK data protection law, including: 

  • The right to access your personal data 
  • The right to have inaccurate data corrected 
  • The right to request deletion of your data in certain cases 
  • The right to restrict processing in certain cases 
  • The right to object to processing based on legitimate interest 
  • The right to data portability where processing is based on consent or contract 

  

If you make a request, I will respond within one month and always as soon as possible. 

 

Cookies 

Cookies are small text files stored on your device when you visit a website. I use necessary and analytics cookies to help the site work properly and to understand how visitors use it. 

 

You can manage your cookie preferences at any time through the settings on my website or in your browser. You do not have to accept non-essential cookies to use this site. 

  

Artificial Intelligence and Automated Decision-Making 

Nothing I do involves automated decision-making that would infringe on your individual rights. Let’s face it, I am too old to learn about AI. Also, I don’t trust it as far as I can throw it.  

  

If you have any concerns 

If you have any concerns about how your personal data is handled, please contact me at bilal@practicaldataprotection.com  

  

You can also try referring any concerns to the ICO, contact details for which are at https://ico.org.uk 

  

Review and Updates 

 

Last reviewed: December 2025