Privacy Policy

Privacy Notice (UK)

SGS & Partners Ltd – Privacy Notice

Last updated: 13 January 2026
This Privacy Notice explains how SGS & Partners Ltd (“we”, “us”, “our”) collects and uses personal data. It is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018

1) Who we are (data controller)

SGS & Partners Ltd is the data controller for personal data described in this notice (meaning we decide how and why your data is used).

2) Contact details

Name: SGS & Partners Ltd
Address: 2nd Floor, 33 Newman Street, London, England, W1T 1PY
Phone: +44 20 3916 5295
Email: info@sgs-partners.com

If you have any questions about this notice or how we use your data, contact us using the details above.

3) The personal data we collect

We may collect and process the following categories of personal data (depending on your interaction with us):

  • Identity and contact details: name, job title, company, email address, phone number, postal address
  • Enquiry and service information: details you provide when requesting information, a quotation, or services; correspondence with us
  • Client onboarding / verification information (where applicable): identification details (e.g., passport or driving licence details) and related information required for due diligence
  • Website and device data: IP address, browser type/version, device identifiers, pages visited, and similar analytics/cookie data
  • Marketing preferences: whether you opt in/out of marketing and your communication preferences

We do not intentionally collect “special category” data (e.g., health, biometric, religion) unless you choose to provide it and there is a clear lawful basis to process it.

4) How we collect personal data

We collect personal data in the following ways:

  • Directly from you when you contact us, request a quotation, engage us for services, complete forms, send emails, or provide feedback
  • Automatically when you use our website (via cookies and similar technologies)
  • From third parties (where relevant) such as professional referrers, publicly available sources (e.g., company websites / professional networks), or service providers supporting identity verification and fraud prevention (only where necessary and appropriate)

5) Why we use your data (purposes) and our lawful bases

UK GDPR requires us to have a lawful basis for each processing purpose. 
We typically use your personal data for:

  1. Responding to enquiries and providing quotations
  • Purpose: respond to messages, calls, requests for information, and quotations
  • Lawful basis: legitimate interests (running our business and responding to requests) and/or steps prior to entering a contract
  1. Providing services and managing our relationship with you
  • Purpose: deliver services, manage accounts, administer the engagement, provide support, send service communications
  • Lawful basis: performance of a contract (or steps prior to contract)
  1. Legal, regulatory, and risk management obligations (where applicable)
  • Purpose: comply with legal and regulatory duties (e.g., record keeping), handle complaints, protect our legal rights
  • Lawful basis: legal obligation and/or legitimate interests
  1. Fraud prevention / security checks (where applicable)
  • Purpose: prevent fraud, protect systems, verify information where proportionate (may include using verification/fraud-prevention providers)
  • Lawful basis: legitimate interests (security and fraud prevention) and, where required, legal obligation
  1. Marketing communications
  • Purpose: send updates about our services and insights we think may be relevant
  • Lawful basis: consent where required (especially for email marketing to individuals) and/or legitimate interestswhere permitted (e.g., some B2B contexts). You can opt out at any time. Electronic marketing rules under PECRalso apply. 
  1. Website functionality and analytics (cookies)
  • Purpose: operate the website, improve performance, understand how visitors use our site
  • Lawful basis: legitimate interests for strictly necessary cookies; consent for non-essential cookies (e.g., analytics/marketing cookies), where applicable

6) Marketing: how to opt out

If you opt in to marketing, you can opt out at any time by:

  • using any unsubscribe link in our emails (if present), or
  • emailing info@sgs-partners.com.

We do not send marketing emails or texts to individuals unless permitted under PECR (consent or a valid “soft opt-in” scenario). 

7) Who we share your data with

We may share your data with trusted third parties where necessary, including:

  • IT and hosting providers (e.g., cloud hosting, email systems, website providers)
  • Professional advisers (lawyers, accountants, auditors, insurers)
  • Payment providers (if you pay us electronically)
  • Verification / fraud prevention providers (where applicable and proportionate)

We require service providers to protect personal data and only process it under our instructions.

We do not sell personal data. We will not share your data with partner companies for their own marketing without your clear permission.

8) International transfers (important: AWS US region)

You stated your data is stored on Amazon Web Services (AWS) in the United States (US East). That involves transferring personal data outside the UK, which UK GDPR treats as a “restricted transfer” unless appropriate safeguards are in place. 

Where we transfer personal data outside the UK, we use one or more of the following safeguards (as appropriate):

  • the ICO’s International Data Transfer Agreement (IDTA), or
  • the UK Addendum to the EU Standard Contractual Clauses,
    and we carry out transfer risk assessments where required. You can contact us for more information about the safeguards used for a specific transfer. 

9) How we keep your data secure

We use appropriate technical and organisational measures to protect personal data, including access controls, secure systems, and confidentiality measures with suppliers. (No method of transmission or storage is 100% secure, but we work to protect your data.)

10) How long we keep your data (retention)

We keep personal data only for as long as necessary for the purposes described in this notice, including legal, accounting, or reporting requirements. We do not keep data indefinitely “just in case”. 

Typical retention periods (adjust these to match your actual practices):

  • Enquiries / quotations (non-clients): up to 12 months after last contact
  • Client relationship records: up to 6 years after the end of the relationship (to manage legal claims and record keeping), unless a longer period is required
  • Marketing contacts: until you opt out, or we remove inactive contacts in line with periodic list cleaning
  • Website analytics/cookie data: according to our cookie settings and deletion schedules

If you request deletion, we will action it where we can. In some cases we may need to retain limited information (e.g., for legal obligations or to establish/exercise/defend legal claims). We will explain this if it applies. 

11) Your data protection rights

Under UK data protection law, you have rights including: access, rectification, erasure, restriction, objection, and data portability. We will respond within one month in most cases.

To exercise your rights, contact info@sgs-partners.com.

12) Complaints

If you have concerns, please contact us first at info@sgs-partners.com.

You can also complain to the UK regulator:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

13) Changes to this notice

We may update this Privacy Notice from time to time. The “Last updated” date at the top shows when it was last revised.

Scroll to Top