Evalian® Limited
Privacy Notice

Last Updated: 14th October 2022

About Us

Evalian® (“we”, “our”) is an information assurance business. We provide consultancy and support services to other businesses to help them manage risk, meet their compliance obligations and improve their information security.

Key Information

Data protection is what we do for a living and we believe in the importance of meeting our obligations. We will always process your personal data lawfully, fairly and transparently and in the same manner that we would expect others to process our personal data.

We keep the personal information we collect to a minimum and we protect it. You have rights you can exercise, explained below, and you can contact us to ask about the personal information we hold about you or to exercise your rights.

If we are making decisions about the purposes for which we process your personal information, and the means of doing so, we are acting as a data controller. In this case, the data controller is evalian® Limited. Our ICO registration reference number is ZA444797.

If we are processing your personal information on the instructions of one of our customers (such as your employer, for example), it is likely we are working with it as a data processor in line with a written contract. In this case, the data controller will be our customer and your personal data will be processed as set out in their privacy notice.

Personal Data We Collect and Why

We collect and use certain categories of personal data for the following purposes:

If you contact us

If you contact us using our website, by email or through social media, we collect the personal information you provide to us. This typically includes your name, job title, employer business address, business email and any additional information you include in your message.

We use the personal information you provide to us to respond to your enquiry. It is in our legitimate interests to communicate with you in response to your message.

If you sign up to our newsletter

We provide a newsletter to individuals who have signed up to receive it. We use your name and email address to send the newsletter. We send our newsletter to you with your consent.

You can withdraw your consent or object to us sending it to you at any time by unsubscribing using the link in the email or by contacting us using the details below.

If we provide services to your organisation

Where we provide services to your organisation, we are likely to process your personal data for one of two purposes:

Firstly, we will collect and process your name, job title, employer business address and business email if you are a key contact for the service we provide. It is in our legitimate interests to collect and process personal information about individuals working at client organisations for the purpose of providing them with services, communicating about requirements, promoting our services and taking instructions.

Secondly, we will collect and process your name, job title, employer business address and business email if we need to communicate with you in relation to a service we are providing to your employer, such as where we are acting as a data protection officer or consultant or you are accessing our online data protection training. In this case, we will be collecting your personal information as a data processor, and acting in accordance with written instructions issued by our client.

If we promote our services to you

We may contact you using data provided by our supplier Cognism to promote our services and, hopefully, build a sales relationship with you. The data we receive from Cognism covers your name, business email address, job title, employer details and your telephone number.

We will only contact you using the data provided by Cognism if we think our services are a good fit for your organisation and will always do so respectfully. Any emails will be personally sent and we won’t add you to automated sales marketing lists (because we don’t use them).

Whilst this might sound like generic corporate flannel, we genuinely mean it so please contact us if you think we haven’t met this standard when contacting you to promote our services and we’ll look into it.

When we use data from Cognism to contact you we do so because it is in our legitimate interests to promote our services to individuals at organisations that we think may be interested in or would benefit from those services. You can object to us contacting you to promote our services by telling the person that telephones you, replying to their email or by contacting us.

To understand how Cognism collected and processes your personal data, please view their privacy policy. You can also request that Cognism deletes your data here.

If you submit a job application to us

If you have applied for a job with us or submitted your CV (or similar employment information) to us, we process your personal data as set out in our privacy notice for recruitment candidates.


We use cookies on our website to improve site performance and to help us track visitor numbers to the site. Cookies are small text files that are downloaded to your device when you visit a website. You can learn more about cookies by visiting

You can manage and delete cookies through your web browser settings, as set out in our Cookies Notice.

Sharing Your Data

We share your personal data with our cloud service provider, Microsoft, whose Office 365 services we use for file storage and email. Our Microsoft hosting is located in the UK and they act as our processor.

We may also add your contact information to other cloud platforms we use to send you newsletters or to manage customer relationships. All such suppliers are processors to Evalian and we carry out data protection compliance and information security due diligence on all suppliers with access to our data before working with them and during the period they provide services to us.

We may also share your personal information with our professional advisers including our lawyers and auditors where it is strictly necessary. It is possible that we may be required to share your data to comply with applicable laws or with valid legal processes, such as in response to a court order.

It is unlikely that we’ll ever share your personal data outside the UK or European Union (EU) or European Economic Area (EEA). If, however, it becomes necessary for the purposes of providing our services to you, we will only share it with organisations located in countries based on the UK adequacy regulations or benefiting from a European Commission adequacy decision or on the basis of Standard Contractual Clauses approved by the European Commission or the IDTA approved UK government which contractually oblige the recipient to process and protect your personal data to the standard expected within the EU/EEA or UK.

How Long We Keep Your Data

We retain your personal information for as long as it is reasonably necessary for the purpose of our relationship, for as long as we are legally obliged or until you object to us processing your data or withdraw your consent to us doing so.

Your Rights

You have the following rights in respect of your personal data:

  • You have the right of access to your personal data and can request copies of it and information about our processing of it.
  • If the personal data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
  • Where we are using your personal data with your consent, you can withdraw your consent at any time.
  • Where we are using your personal data because it is in our legitimate interests to do so, you can object to us using it this way.
  • Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
  • In some circumstances, you can restrict the controller from processing your data, request a machine-readable copy of your personal data to transfer to another service provider and compel the controller to erase your personal data.
  • You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

If you wish to exercise your rights, please contact us at

You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at:

Contact Us

If you have any questions or wish to exercise any of your rights, then you can write to:

Evalian® Limited
West Lodge,
Leylands Business Park,
Colden Common,
SO21 1TH,

Alternatively, you can email us at You can also call us on 03330 500 111.


We may update this Privacy Notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to services we offer. When changes are made, we will update the ‘Last Updated’ date at the top of this page. Please review this Privacy Notice periodically to check for updates.