Privacy Notice

Privacy notice

1. Scope

The scope of this Privacy Notice concerns all data subjects whose personal data is processed in line with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR UK). Personal data relates to a living individual (data subjects) who can be identified from that data.

2. Responsibilities

Onepoint Consulting Ltd is responsible as Data Controller for ensuring compliance with the General Data Protection Regulations and the Data Protection Act 2018.

3. Who we are

Onepoint is a boutique, values-driven, business-oriented technology consultancy.

Onepoint was established in 2005 in London to specialise in enterprise architecture consulting and open source solutions. Today we equip our clients to achieve transformational business outcomes powered by digital advances by applying world-class technology, data, and analytics expertise.

Onepoint is registered as a Data Controller with the Information Commissioner’s Office under registration reference: ZA188351

Onepoint Consulting Ltd
Alpha House, Unit 14
100 Villiers Road
London NW2 5PJ
United Kingdom


4. What is Personal data?

Under Data Protection Regulations, personal data can be defined as follows:

“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

5. Why does Onepoint Consulting process personal data?

In order for us to provide you with information about business services such as Data Management, Digital Transformation, Big Data and Data Science, Data Strategy, Data Governance, Data Analytics, Workshops, we may process your personal data. We also process personal data for the following purposes: managing staff, managing business operations, managing sales including sales to B2B, marketing, managing shareholders and investors, contract management and in order to comply with legal regulations.

We are committed to ensuring that any personal information we collect and process is appropriate for these purposes, and does not constitute an invasion of your privacy.

Onepoint Consulting will process the personal information you provide in a manner compatible with the UK’s General Data Protection Regulations. We will not share your personal data with any third parties unless required by law.

6. The right to withdraw consent at any time, where relevant

You always have the right to withdraw any consent you have provided and to object to the processing of your personal data for direct marketing purposes. You also have the right to request that your data is not used for direct marketing. 

7. The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

No automated decision making is made at Onepoint Ltd

8. Retention period

We will only retain your personal information for as long as it is necessary for the purposes set out in this policy and in line with legal obligations, and the Onepoint retention policy.

9. Details of transfers to third country and safeguards

Occasionally, the personal data shared with us may be transferred or stored outside the UK or European Economic Area (which includes the EU, Iceland, Liechtenstein and Norway). In these cases, we will ensure that the appropriate legal basis and appropriate safeguards are in place to protect your personal data, in accordance with data protection laws.

10. Data sharing

We may share your personal data with third parties to the extent necessary for the purpose, including without limitation:

  • contractors and service providers who we use for our business operations, such as recruitment services, payroll providers, IT providers, or for delivering employee benefits like healthcare providers and pension providers
  • other employees and advisers as required for the normal operation of our business and for managing the employee life cycle from recruitment to when the employee leaves the company, including maternity leave, sick leave, performance plans, disciplinary proceedings, and defending or pursuing legal claims
  • parties with whom we are negotiating for any sale or purchase of a business unit; and
  • as necessary to comply with any legal obligation, such as tax reporting to HMRC or complying with a court or other legally-binding order or decision by a competent authority.

11. Your rights as a data subject

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
  • Please contact us at if you wish to make a request.

12. Our legal basis for processing personal data

Onepoint’s legal basis for processing personal data can be one of the following:

  • Consent: you, the data subject, has given clear consent for us to process your personal data for a specific purpose.
  • Contract: the processing is necessary for a contract you have with Onepoint Consulting Ltd, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for us to comply with the law (this excludes contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. 

13. Categories of Personal Data

We currently collect and process the following information: personal identifiers, contacts and characteristics: business contact details such as business name,  business physical address, business telephone, business email and business phone number.

14. Complaints

In the event that you wish to make a complaint about how your personal data is being processed, please contact our Data Protection Officer by email All complaints will be treated in a confidential manner. 

Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to the supervisory authority in the UK, which is the ICO (Information Commissioner’s Office), or telephone number 0303 123 1113

15. Changes to this policy

This policy may be updated from time to time, and these changes will be posted on the Onepoint website with an effective date. Where appropriate, we will also send you an email to confirm the updates. We encourage you to check this policy regularly to ensure you are up to date with any changes.