Home Hero1

Privacy Notice

CP Data Protection Privacy Notice
June 2024


CP Data Protection (‘CPDP’) is a trading name of ‘Clare Paterson Ltd’, who is the ‘Controller’ of the information (‘personal data’) that we collect about you, our ‘data subjects’, which means we are responsible for how your data is processed. The word ‘process’ covers the things that can be done with personal data, including collection, storage, use and destruction of data.

This privacy notice explains why and how we process your personal data, and explains the rights you have, including amongst others, the right to access your data, and to object to the way it is processed. Please see the section on ‘Your rights as a data subject’ for more details on your rights and how to exercise them.

Our contact details are:

Registered Address:41 Wolverhampton Road, Codsall, Wolverhampton, WV8 1PT
Telephone number:07745 880105

If you have any queries about this notice or anything related to data protection, you can contact our director, Clare Paterson, using the above contact details.

Personal data

‘Personal data’ is any information that relates to a living, identifiable person. This will usually include your name, address, contact details, and other information we collect as part of our relationship with you, whether you are a customer or anyone else we come into contact with through our work.

That information can also include ‘special categories’ of data, which is the official term for information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation.

The use of this type of data, and of information about criminal convictions and offences, is subject to strict legal controls, and we do not foresee collecting or using any of that type of data about you.

We only process data if we need to for a specific purpose, as explained below. Most often, we collect your personal data directly from you, through our contact with you.

Your data and how and why we process it

Our data processing is so we can manage and support our relationship with you, comply with legal obligations, improve our services and achieve our legitimate business aims. The information below gives more details about our purposes for processing data, and the legal basis for each type of processing.

When you get in touch to buy from us, or consider buying from us, we will use your contact details to be able to provide you with our products or services. This includes your name and contact details including an email address for contacting you, including raising and sending invoices, payment details, and a delivery address. This processing is based on it being necessary for you to enter into a purchase contract with CPDP. If you choose not to provide an email address, payment details or delivery address, you will not be able to purchase any goods from CPDP in the usual way.

We use email addresses to send you our CPDP emails, usually based on your consent, but may be based on what is known in the legislation (Privacy Electronic Communications Regulations – PECR) as a soft opt-in, when you have provided your email address as part of entering into a purchase contract with us. You can unsubscribe at any time by letting us know or by clicking the unsubscribe link in an email.

For corporate email addresses, we use email addresses to send you information we believe you may find useful by email, based on our legitimate business interests. You can unsubscribe at any time by letting us know or by clicking the unsubscribe link in an email.

If you contact us over email, phone, or social media with comments or queries, we will use your contact details to be able to communicate with you, based on the legitimate interests of both CPDP and yourself to answer your comments or queries.

We do not normally need to collect or process any of your ‘special category data’, which would be health, ethnicity, religion, sexual orientation, and other similarly sensitive information. If you choose to share any information with us so that we can make adjustments, for example health or disability related information, we process that data on the basis that it is necessary for the exercise of legal rights or obligations including health and safety law.

Who we share your data with

Sometimes we share the data we process with other organisations so they can process it on our behalf, as pat of the service they provide us with, subject to contracts and controls.

Your invoicing, delivery and payment details are shared only on a need-to-know basis, with our service providers, who are our ‘Data Processors’ who need that information to help support our order fulfilment. These include Xero for invoicing, Stripe for payments, and usual business support including Microsoft Office products and our IT support, and our web developers and website host, and our mass email provider.

How and where we store your data

Your personal data is held securely in both hard copy and electronic formats.

We store personal data in the UK and EEA and transfer it only where it can be expected to be protected and where we can provide appropriate safeguards for your data and your rights.

Where any of our Data Processors process data in the USA, we have signed appropriate contracts in order to provide appropriate safeguards for your data.

How long we keep your data

Some of our retention periods are based on legal requirements, and others are based on the practical reasons we need to keep the data for a certain period of time, but we only keep your data for as long as we need to keep it.

Once we reach the retention period, we will securely delete the relevant data, unless we are legally required to keep it longer, or there are legal reasons why we should keep it longer.

Your rights as a data subject

As a data subject, you have the following rights in relation to your personal data:

  • To be informed about how and why your data is handled;
  • To gain access to copies of your personal data;
  • To have errors or inaccuracies in your data changed;
  • To have your personal data erased, in limited circumstances (sometimes known as the ‘right to be forgotten’);
  • To object to the processing of your personal data for marketing purposes or when the processing is based on the public interest or other legitimate interests;
  • To restrict the processing of your personal data, in limited circumstances;
  • To obtain a copy of some of your data in a commonly used electronic form, in limited circumstances;
  • Rights around how you are affected by any profiling or automated decisions.

If you wish to exercise any of these rights, please contact us.

For more information about these rights, please see the ICO’s website https://ico.org.uk/ or contact our director, Clare Paterson on clare@cpdataprotection.com.

Withdrawing consent

If we are relying on your consent to process your data, you may withdraw your consent at any time by contacting us.

Complaints to the Information Commissioner

You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO’s website https://ico.org.uk/.


This website uses essential cookies so that we can provide you with the best user experience possible. These cookies enable core functionality such as security, network management, and accessibility. Cookie information is stored in your browser and performs functions such as allowing you to make purchases in our online shop. You may disable these by changing your browser settings, but this may affect how the website functions.