Home Hero1

Terms & Conditions

CP Data Protection Terms & Conditions
July 2024


‘CP Data Protection®’ is a trading name of ‘Clare Paterson Ltd’, who owns and runs this ‘Website’ (www.cpdataprotection.com)

These ‘Terms and Conditions’ apply to your use of this Website and any of the ‘Services’ (free-of-charge and charged-for consultancy, training, documents, templates, and any other support) provided to ‘Clients’ by CP Data Protection.

If you engage CP Data Protection to undertake a significant piece of consultancy work, especially if the work is likely to involve acting as a Processor on your behalf of any Personal Data, we will ask you to sign a Consultancy Agreement, which includes more detailed clauses than in these T&Cs. If there is any conflict between these T&Cs and the Consultancy Agreement, the Consultancy Agreement takes precedent over these T&Cs.

Our company details are:

Registered Address:41 Wolverhampton Road, Codsall, Wolverhampton, WV8 1PT
Company No:10814591 Registered in England
Email:Clare Paterson, director; Clare@cpdataprotection.com
Sue Penny, customer service; Sue@cpdataprotection.com
VAT Registration No:279688619

If you have any queries about these Terms or anything related to this Website or the Services, you can contact our director, Clare Paterson, using the above contact details.

Your use of this website and our Services is subject to these Terms and Conditions. We may alter or vary them from time to time and the changes will take effect as soon as they are posted on this website.

Content of this Website & of the Services

Copyright materials on this Website and the materials provided as part of our free and paid-for Services are owned by Clare Paterson Ltd T/A CP Data Protection® unless otherwise stated. Unauthorised use of the material without the prior written consent of Clare Paterson Ltd or, where applicable, the respective copyright owner(s) is prohibited.

The information on this site and provided in our training and membership is for general information purposes only and does not claim to be or provide legal advice. If you require advice on specific issues please contact us.

We provide both free and paid-for Services, including consultancy, training, events and a membership organisation, to support organisations regarding Data Protection related work and compliance; for the avoidance of doubt, CPDP is a specialist consultancy and training provider, not a law firm.

CP Data Protection has taken all reasonable steps to ensure that the information on this Website and provided in our Services is accurate and current at time of publishing and we may make changes to the information we provide, without prior notice.

The information and content on this Website may become out of date and CP Data Protection accepts no responsibility for any losses or damages arising out of errors or omissions contained in the website or arising from reliance on information contained in the website.

Confidential Information

CP Data Protection will keep all Client Confidential Information secret and not disclose it without written consent of the Client, unless required to do so by law. Confidential Information includes secret or confidential commercial, financial or technical information, data, knowhow, trade secrets, inventions, software and other information, in any format.

The only exceptions are when any piece of information; is already in or later enters the public domain (other than as a breach of this undertaking), or was already known to CP Data Protection prior to disclosure by the Client, or is disclosed to CP Data Protection independently by a third party entitled to disclose it.

For the purposes of providing the Services, CP Data Protection may make available to the Client, documentation and guidance which are CP Data Protection’s information including its Confidential Information. CP Data Protection asserts and retains Copyright and all intellectual property rights over that information and the Client is licensed to use the information for its own purposes only, and shall not reproduce, copy, sell or otherwise share the information without prior written approval from CP Data Protection.

As part of the Services, including as a member or event attendee, Clients may share, and be privy to, Confidential Information relating to themselves and/or organisations they have or had a connection with. Clients are required to treat any such information as strictly confidential and follow our rules of conduct when interacting with others as part of the Service, which are:

Be kind and respectful (even during debates!)
No hate speech or bullying of any kind.
No spam or selling to other Clients or attendees, unless with prior written consent.
And finally, respect everyone’s privacy (of course!)

Data Protection and Processing

Personal Data and other phrases that relate to data protection are given the meaning in the Data Protection Legislation (all laws that CP Data Protection or you are subject to that relate to the Processing of Personal Data or to privacy.)

If you submit your own personal data to CP Data Protection via this Website, email, or any other contact method, our use of your data is covered by our Privacy Notice.

If you provide any other Personal Data to us as part of us providing you with a free or charged-for Service so that we can Process that data on your behalf, for example Personal Data about your clients or employees so we can assist you with a data protection query, we are acting as a Data Processor on your behalf and you guarantee that you have the necessary legal basis to Process that Personal Data.

When acting as your Data Processor, CP Data Protection will: Process the Data only on your documented instructions unless required to do otherwise by law; handle the Data as confidential; engage Sub-Processors as necessary but only with the legally required controls in place; assist the Data Controller as far as possible with responding to requests  from Data Subjects related to their Data; use appropriate security measures; make available to the Controller reasonably requested information to demonstrate compliance with our legal Data Protection obligations and submit to reasonable audits and reviews; at the choice of the Controller delete or return all Personal Data when requested unless we have a legal basis to retain it.

For the avoidance of doubt, CP Data Protection is a Data Controller for other Personal Data obtained and handled as part of providing our free and charged-for Services, including information about clients, prospective clients, other stakeholders and business contacts, where we are Processing that Data for our own purposes, and not on the instructions of a client.   

Bookings & Payments

VAT is payable to CP Data Protection and the VAT amount will be added at invoice stage for most Services including training bookings and consultancy work. VAT is included in the price displayed for purchases made directly via this website.

The default payment method for most of the Services is direct bank transfer but the Client can request the functionality to pay via credit card or debit card. If a request is made, CP Data Protection will provide an invoice with links to pay via the credit/debit payment processor Stripe.

Toolkits, Templates & Similar

Purchases made via this website’s shop, including for online Toolkits, can be paid by either direct bank transfer or by credit card or debit card (via Stripe, or via Apple or Google Pay where available). An invoice is not automatically raised for purchases made this way, but can be raised and provided for your records upon request by the Client. A receipt is emailed automatically for payments made by credit or debit card.

When payment has been made for an online Toolkit, you will you will receive access to set up an account on this website. Each membership account is for only one person, and only that one person is permitted to have direct access to the content purchased, unless consent is given in writing by CP Data Protection. We will not unreasonably withhold our consent.

When you purchase an online Toolkit you receive a non-commercial license. This means you may adapt the documents as required or use them exactly as they are, and you may use them for your own use and your employer’s use. You are not permitted to share or sell the documents in any form without the written permission of the copyright holder – CP Data Protection® – and doing so could result in legal action.

Membership Subscriptions

When a membership subscription, including the Data in Social Housing Membership (the ‘DiSH’) is purchased through this website, payment can be made by credit or debit card, which will recur on a monthly basis until you cancel by filling in the cancellation form, accessible on the My Account page. If a recurring payment is unpaid for whatever reason, including if a credit/debit card has expired, the subscription will be cancelled after 15 days of non-payment. We may use our discretion to cancel or reduce payments for members on a case-by-case basis, and we will not raise prices without at least one month’s notice in writing to members.

When payment has been made for the membership, you will receive access to set up an account on this website. Each membership account is for only one person, and only that one person is permitted to have access to the content, events and community provided by the membership, unless consent is given in writing by CP Data Protection.

Members are expected to act with integrity and in the spirit of collaboration, and continued learning and growth. Members will not always agree, but any discussions should be handled with respect and politely at all times. CP Data Protection reserves the right to eject any member who is disrupting the membership, without any refund, but future payments will be cancelled.

When you purchase a membership subscription, you receive a non-commercial license. This means you may use the content provided within the membership for your own use (including if you are self-employed or a company owner) and for your employer’s use. You are not permitted to share or sell the content in any form without the written permission of the copyright holder – CP Data Protection® – and doing so could result in legal action.

For online or in-person events, including training sessions, workshops, VIP days, or similar, we require payment in full at least 7 days before the session is scheduled to be held, otherwise we reserve the right to postpone the session until 7 days from payment.

Most work is carried out remotely, but travel costs will be quoted and invoiced if any in-person attendance is requested and agreed.

Ad hoc work is charged on a fixed fee basis quoted in advance, which is our preference, or on an hourly rate, unless otherwise agreed in writing. Part or full payment may be required in advance, or work may be invoiced soon after completion or after the end of the month. Time is charged by the tenth of an hour (period of 6 minutes), or each part of a tenth of an hour spent on the work, as reported by CP Data Protection.

Payment terms are 7 days of receipt of an invoice, and we reserve the right to invoice each project, or discrete phase of a project as appropriate, either in advance or in two parts: 50% when the work is agreed and 50% soon after the work has been completed. Invoices are emailed via Xero. We may exercise the statutory right to claim interest (at 8% over the Bank of England base rate) and compensation for debt recovery costs under the Late Payment legislation, if we are not paid according to these terms.

Cancellations & Substitutions

As a company, CP Data Protection may substitute the individuals who provide the Services, including trainers and consultants, without notice where necessary. You can find information about some of the CP Data Protection team on our About page.

The Client may substitute delegates, attendees or main contacts at any point without any fee, unless otherwise included in additional terms of service for any specific service.

Organisations can usually cancel an order for CP Data Protection Services within 7 days of placing the order, where placing an order is; booking a place on a training course (by email or via any electronic diary management tools made available by CP Data Protection such as Calendly), or accepting a proposal for consultancy, or agreeing to purchase documents, templates or Toolkits.

These cancellations must be in writing, including email to clare@cpdataprotection.com or sue@cpdataprotection.com.

If an organisation cancels an order within the 7 days’ timescale, any money already paid to CP Data Protection for the order will be refunded in full as soon as possible, and within 30 days of the cancellation at the most.

After the 7 days right-to-cancel period, and up to 14 days before the Service provision, cancellations will receive a refund of between 90% and 50% of any money already paid to CP Data Protection. After the 7 days right-to-cancel period, and if less than 14 days before the Service provision, cancellations will not usually receive a refund, but we can make exceptions in extreme circumstances so please contact us.

Alternatively, we can offer a substitute Service, if appropriate.

An exception to the right to cancel is when delivery of the Service(s) has begun within 7 days of the order being placed, and you had agreed to the Service(s) beginning in that time frame. This will be the case if you place an order for training due to begin within 7 days of your booking or agree to the provision of consultancy work that starts within 7 days of the agreement. The right-to-cancel period ends at the point the Service provision begins.

For individuals purchasing any Services such as a membership, or attendance at training or an event, a full refund will be given if attendance is cancelled prior to the Services being provided.

An exception to the right to cancel – for both organisations and individuals – is when purchasing digital downloads including documents and toolkits or on-demand online training; due to the immediate nature of the purchase and delivery, we cannot accept returns or provide refunds so please ask any questions before purchase. If a digital product or Service is faulty we will of course do everything possible to make it right as quickly as we can.

Technical: For content delivered over Microsoft Teams or another remote method as stated in advance, you are responsible for ensuring you can access and use Teams or other stated method, and CP Data Protection is not liable or responsible for any technical issues which you may experience including as a result of your hardware, software, or internet connection, and CP Data Protection is not liable or responsible for any delay, disruption or disturbance in the operation of the internet. 

If any Services cannot be provided due to disruption or disturbance in the operation of the internet, or any other causes outside of our control, CP Data Protection will provide the Services at another suitable time. That time will be within 30 days of the original date of Service provision unless otherwise agreed with the Client.

Disclaimers & Warranties

CP Data Protection does not warrant that the functions contained in this Website will be uninterrupted or error free, that defects will be corrected, or that this Website or the server that makes it available are free of viruses.

We are not responsible for the contents or the reliability of linked third-party Websites.

When working at our own premises, CP Data Protection is responsible for its own and its employees’, associates’, and other contacts’ own health and safety. CP Data Protection has in place and will maintain Professional Indemnity Insurance and Public Liability Insurance.

If there is anything about the Services that is not going or has not been as you hoped, or if you have any query or complaint, please speak to us as soon as possible so any problems can be resolved amicably.


These Terms and Conditions shall be governed and construed in accordance with the laws of England. Any disputes arising here shall be exclusively subject to the jurisdiction of the courts of England. 

Dated July 2024