Dandi’s Contextual Recruitment Software
Introduction
Welcome to our privacy notice!
This privacy notice only applies to the personal data we process to operate our contextual recruitment tool. For information about how we process personal data in connection with our recruitment services, please see our privacy policy, 'Dandi's Recruitment Services'.
We may collect your personal data when you:
visit our website
contact us to purchase to, or to explore purchasing, our software products and services
register for a Dandi Passport and create a candidate profile with us.
This privacy notice tells you about how we collect, use and look after your personal data. It also tells you about your rights and how the law protects you.
Our website, software products and services are not intended for, and we do not knowingly collect data relating to, individuals under 16 years old. We know that candidates registering for a Dandi Passport or creating a candidate profile with us may be aged between 16-17 years old, so we have also followed the UK Age Appropriate Code Design in writing this notice.
We keep this privacy notice under regular review to ensure it provides accurate and up to date information. This version was last updated on 13 March 2026.
1. Important information and who we are and how to contact us
Controller
We are Dandi Legal Limited (company number 13562020), the so-called controller of your personal data (referred to as "we", "us" or "our" in this privacy notice). By law, we are responsible for looking after your personal data and making sure we use it fairly and safely.
We have a Data Protection Officer whose role includes answering your questions about this privacy notice, what we do with your personal data or about your privacy rights.
Contact details
If you have any questions, or if you wish to exercise your privacy rights, please contact our Data Protection Officer, George Catt, in the following ways:
Email address: georgec@dandilegal.co.uk
Postal address: 76 Cannon Street, London, EC4N 6AE.
You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance to help us address your concerns.
Please tell us about any changes to the personal data we hold about you
It is important that the personal data we hold about you is accurate and current. Please tell us if your personal data changes during your relationship with us.
2. The personal data we collect about you
Personal data, or personal information, means any data/information that identifies you or another individual. It does not include data/information where the identity has been removed (i.e., anonymous data).
We may collect, use, store and transfer the following types of personal data about you:
Identity Data - first name, last name, job title, position and name of the organisation where you work.
Contact Data - personal email address, work email address and contact telephone number.
Technical Data - internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform, information about your visits to our website including the URL you came from, the search terms you used in our website, page interaction information (such as scrolling, clicks, and mouse-overs) and other technology on the devices you use to access our website/application.
Profile Data - username and password for accessing your candidate profile, Dandi Passport ID.
Usage Data - information about how you use our website, and other software products and services.
Marketing and Communications Data - your choices about how you’re happy for us to send you marketing and about how you’re happy for us to contact you.
Personal data we collect about you, if you’re a candidate:
If you’re a candidate registering for a Dandi Passport and creating a candidate profile with us, then, as well as collecting, for example, Identity Data, Contact Data and Profile Data, we will also ask you to confirm that you are happy for us to store and use your Candidate Form Data.
Candidate Form Data is the information you give us if you complete our contextual recruitment questionnaire. It can include things like whether you’ve spent time in local authority care, if you had caring responsibilities during your studies, your refugee or asylum seeker status, and whether you experienced a family bereavement during your studies. It also covers your education (such as your school, subjects, grades, or university), the job you were applying for when you completed the questionnaire, your work history, and some information about your financial background (for example, your parents’ jobs or whether you were eligible for free school meals).
We do ask whether or not you or immediate family members had any serious or chronic medical condition during your studies that you feel significantly impacted your education. We only ask you to answer “Yes” or “No” and we don’t ask for any details of who had the medical condition or what the condition was/is. We treat this like all other personal data that we carefully collect and use, but not as sensitive health data because, in isolation, it does not tell us anything about a particular person’s health. You also have the option to select “Prefer not to say”.
Using aggregated or deidentified data:
We also use and share information in a way that doesn’t identify you. This is called aggregated data. It’s created by combining lots of people’s data to look at overall patterns, like how people use our website or software products and services. On its own, this type of data can’t be linked back to you. But, if we ever combine it with your personal data in a way that could identify you, we treat it as personal data and protect it in line with this privacy notice.
Do we collect sensitive personal data about you?
We do not collect any particularly sensitive types of personal data about you. These are things like your race or ethnicity, your religious or philosophical beliefs, your sex life or sexual orientation, your political opinions, whether you’re in a trade union, your genetic and biometric data, or information about criminal offences.
What might happen if you choose not to provide us with your personal data
It is up to you whether or not you provide us with your personal data. However, if we need to collect your personal data to do something we’ve promised to do for you (e.g. to provide you with software products and services, or to give you a Dandi Passport), and you choose not to provide that data when requested, we may not be able to do what we promised. We will tell you if this is the case at the time.
3. How we collect your personal data
We use different methods to collect your personal data, including through:
Direct interactions. You may give us certain personal data, such as your Identity Data and Contact Data, through your interactions with us. This includes personal data you provide when you:
visit our website;
contact us to purchase to, or to explore purchasing, our software products and services
register for a Dandi Passport and create a candidate profile;
request marketing to be sent to you;
enter a competition, promotion, or survey; or
give us feedback or contact us.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Policy for further details.
Other organisations or public sources. This includes:
Identity and Contact Data from social media platforms such as LinkedIn, or gathered from attending networking events.
Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register.
Technical Data from the following parties:
analytics providers such as Google; and
search information providers such as Woo.io.
4. How we use your personal data
What allows us to use your personal data (the lawful basis)
We will only collect and use your personal data when the law allows us to. Depending on what we’re doing, we rely on one or more of the following legal reasons:
When we have legally promised to do something for you (i.e. to perform a contract with you): This applies when we need to collect and use your personal data to provide you with our software products and services, or to use our website, or when we need to take steps before we agree to provide you with something.
When it’s in our legitimate interests: Sometimes we use your personal data because it helps us run and improve our business in ways you would reasonably expect. Before we do this, we think carefully about how it might affect you and make sure it doesn’t unfairly impact your rights. Examples include:
understanding who uses our website, software products and services
improving our website, software products and services (and planning new ones)
managing our relationship with you and keeping our records up to date
protecting our systems and making sure our software products and services work properly
dealing with legal claims or preventing fraud
We don’t use this reason if it would have a bigger negative impact on you than a benefit for us, unless the law requires it or you’ve agreed to it.
When the law requires us to: Sometimes, we must use or share your personal data because the law says so. For example, we may need to keep certain records or provide information to authorities.
When you’ve given us your consent: We use this when you’ve clearly agreed that we can use your personal data for a specific purpose - for example, if you sign up to receive our email newsletter. You can change your mind at any time.
Why we will use your personal data (the purposes)
The table below tells you about all the ways we plan to use your personal data, and why the law lets us use your personal data in those ways. We have also identified what our legitimate interests are, where that’s relevant.
Please contact our Data Protection Officer (see Section 1 ‘Contact details’ above) if you want to understand more.
Relevant to you, if you are a: | Why we are using your data (the purposes) | What data we use (see Section 2 above for details) | Why the law lets us use your personal data (see above for further explanation) |
Customer | To register you as a customer and provide you access to our software products and services | (a) Identity (b) Contact | (a) To perform a contract with you |
Candidate with a Dandi Passport | To register you for a Dandi Passport and create your candidate profile to allow for your Candidate Form Data (defined above) to be stored by us so you don’t have to duplicate your responses every time you apply to a different organisation | a) Identity (b) Contact (c) Candidate Form Data | (a) To perform a contract with you |
Customer | To process your order, including to: (a) Manage your payments, fees, and charges (b) Collect and recover money that you owe to us | (a) Identity (b) Contact | (a) To perform a contract with you (b) In our legitimate interests (to recover debts due to us) |
Customer / prospective customer Candidate with a Dandi Passport | To manage our relationship with you, for example, for: (a) Telling you about changes to our terms or privacy notice (b) Asking you to leave a review or take a survey(c) Dealing with your requests, complaints and queries | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | (a) To perform a contract with you (b)To comply with the law (c) In our legitimate interests (to keep our records updated, to manage our relationship with you, and to study how customers/candidates use our software products/services) |
Customer / prospective customer Candidate with a Dandi Passport Using our website or software products | To allow you to take party in a prize draw, competition or survey that we may be running | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications | (a) To perform a contract with you (b) In our legitimate interests (to study how customers, candidates and website visitors use our website and software products and services, to develop them and grow our business) |
Customer / prospective customer Candidate with a Dandi Passport Using our website or software products | To run and protect our business, our website, and our software products and services (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) In our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation) (b) To comply with the law |
Using our website | To provide content and advertisements to you, via our website, and to understand how effective our advertising is | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical | (a) In our legitimate interests (to study how customers / prospective customers / website visitors use our software products and services, to develop them, to grow our business and to help design our marketing strategy) |
Using our website or software products | To use data analytics to improve our website and our software products and services, marketing, customer and candidate relationships and experiences and to understand how effective our communications and marketing are | (a) Technical (b) Usage | (a) In our legitimate interests (to understand more about types of customers for our software products and services, to keep our website updated and relevant, to develop our business and to help us design our marketing strategy) |
Customer / prospective customer Candidate with a Dandi Passport | To send you marketing and newsletters and to make personalised suggestions and recommendations to you about products or services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile(f) Marketing and Communications | (a) In our legitimate interests (to send you marketing, develop our products/services and grow our business) (b) Consent, where you have provided your consent to receiving marketing from us |
Sending you marketing about our business
If you’re a candidate and choose to register for a Dandi Passport and create a candidate profile with us, or if you’re a customer contacting us to purchase, or to explore purchasing, our software products and services, we will ask you to tell us how you’d like us to send you marketing about our business.
We sometimes look at the information we have about you - like your contact details, how you use our services, and your preferences - to understand what you might find useful or interesting. This helps us suggest products, services, or offers that could be right for you. We do this in a fair and careful way, and you can always choose not to receive these suggestions.
Do we share your personal data with other businesses so they can send you marketing?
No. We don’t, unless we get your consent to do so.
What to do if you change your mind about us sending you marketing about our business
You can ask us or organisations sending you marketing on our behalf to stop at any time by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting our Data Protection Officer (see Section 1 ‘Contact details’ above).
If you ask us to stop, you will still receive service-related communications that are essential for us to run our business, for example, relating to software products and services that you have purchased, appointment reminders, updates to our terms and conditions, checking that your contact details are correct.
Cookies
In your internet browsing settings, you can set your internet browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information about what cookies are and the cookies we use, please see our Cookie Policy.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless it is reasonable for us to use it for another reason connected with the original purpose.
If we need to use your personal data for an unrelated purpose, we will tell you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, if we have to by law, or if the law lets us.
5. Sharing your personal data with others
Do you share my personal data with other people or organisations?
Yes, sometimes.
If we need to for the specific purposes we collect and use your personal data (set out in Section 4 above), we may share your personal data with:
Companies within the same group of companies as us (for example, our parent company (the company that owns us), our sister companies (companies that has the same parent company as us) and our subsidiaries (companies that we own or control)
People or organisations we use to help run our business and deliver our software products and services (for example, marketing agencies, software development and maintenance consultants, website and database hosts and website analytics providers; IT and system administration services, our banks).
We only allow those people or organisations to handle your personal data if we are satisfied they will properly look after it and only use it to provide services to us and to you.
We or the people and organisations listed above may also sometimes share your personal data with:
Independent auditors, who check our accounts and are obliged to keep your data confidential.
Professional advisors, such as lawyers, who are also obliged to keep your data confidential.
Police, courts, or regulators, when we have to share your data to follow the law.
Another business that buys our business. Usually, we only share data in a way that doesn’t identify you but this may not always be possible. Anyone who receives your personal data must keep it confidential.
If you would like more information about who we share your data with and why, please contact our Data Protection Officer (see Section 1 ‘Contact details’ above).
6. Transferring your data outside of the UK
Do you transfer my personal data outside of the UK?
Normally, we do not transfer your personal data outside the UK.
We know that countries outside of the UK have different laws around protecting your personal data, and that some of these may provide your personal data with lower levels of protection than in the UK.
To make sure this doesn’t happen, we always comply with UK laws designed to ensure the privacy of your personal data overseas, if we ever need to transfer your personal data to countries outside the UK. For example, your personal data may need to be transferred outside of the UK where we use suppliers located, or which store data on our behalf, outside of the UK.
This means we are only allowed to transfer your personal data to a country outside the UK if:
the UK government has decided the country has laws that mean your personal data is adequately protected (known as an ‘adequacy regulation’). A list of “safe” countries the UK currently has adequacy regulations in relation to is available here or:
we use specific standard contractual terms approved by the UK government (designed to give personal data the same protection as it has in the UK) in our contract with the supplier or other third party who we are sending the data to.
If you would like further information about data transferred outside the UK, please contact our Data Protection Officer (see Section 1 ‘Contact details’ above).
7. Looking after your data
How do you protect my personal data?
We have security measures in place to prevent your personal data from being accidentally lost, or used, accessed, altered or disclosed in an unauthorised way.
We also limit access to your personal data to those of our employees, agents, contractors and other third parties who need it. They will only do things with your personal data on our instructions, and if they commit to keeping it confidential.
Finally, we have written policies and procedures to make sure that we properly deal with any suspected personal data breach (the formal term for when your personal data is accessed, shared, lost, changed, or used in a way that wasn’t meant to happen). If a breach happens, we will tell you and any applicable regulator, if we are legally required to do so.
8. Keeping your data
How long will you use my personal data for?
We collect and use your personal data for specific purposes (see Section 4 above) and we only keep your personal data for as long as we need it for those purposes, including to comply with legal or regulatory obligations. We may keep your personal data for longer if there is a complaint or if we think there might be a dispute between us.
In deciding how long we keep your personal data, we think about the amount, nature and sensitivity of the personal data, what harm might be caused from unauthorised use or disclosure of it, the purposes for which we collect and use it, and our legal and regulatory obligations.
If you want to know more about how long we keep your personal data, please contact our Data Protection Officer (see Section 1 (see Section 1 ‘Contact details’ above).
Sometimes, we will anonymise your personal data (so that it can no longer be connected with you) for research or statistical purposes, in which case we may use this information indefinitely without telling you.
9. Your legal rights - If you wish to exercise these rights, contact our data protection officer (contact details in section 1 above)
By law, you have the following rights in relation to your personal data:
Right to request access to your personal data (commonly known as a "data subject access request"). This means you can get a copy of the personal data we hold about you and to check that what we do with it is lawful.
Right to request correction of the personal data that we hold about you. This means you can tell us to correct any incomplete or inaccurate data we hold about you (though we may need to verify the accuracy of the new data you provide to us).
Right to request erasure of your personal data. This means you can ask us to delete or remove personal data where we don’t have a lawful reason for doing anything with it. We will do this unless there are specific legal reasons preventing us, which we will tell you about, if applicable, at the time of your request.
Right to object to processing of your personal data. This means you can tell us to stop doing things with your personal data where:
we are relying on legitimate interest as our lawful basis for processing it (see Section 4 above for an explanation of what legitimate interest means); and
you feel that what we’re doing impacts on your basic rights, which are important protections that everyone has, like privacy, fairness and being treated with respect
You also have the right to object when we are using your personal data for direct marketing purposes.
Sometimes, we may be able to show that we do have lawful grounds to do what we do with your information. We will discuss this with you, if this is the case.
Right to request restriction of processing of your personal data. This means you can ask us to pause processing your personal data if:
you are concerned about the accuracy of the data and want us to check it;
our use of the data is unlawful, but you don’t necessarily want us to erase it;
you need us to keep the data even if we no longer need it because it helps you to exercise or defend your legal rights; or
you have objected to our use of your data and we are in the process of showing that we do have lawful grounds to do what we do with your information.
Right to request the transfer of your personal data to you or someone else (if what we are doing with it based on consent or performance of a contract (see Section 4 above)).
Right to withdraw consent at any time where what we are doing with your personal data is based on your consent. If you withdraw your consent, it may be difficult for us to provide certain of our software products or services to you. We will tell you if this is the case.
No fee usually required
You don’t have pay us anything to access your personal data (or to exercise your rights), unless your request is made without valid basis, or is repetitive or unreasonable.
What we may need from you
We may need you to provide evidence of who you are to ensure that your personal data isn’t disclosed to someone else. We may also contact you to ask you for further information to help us deal with your request more quickly.
Timeframe for us to respond
We try to respond to you within one month. Occasionally, it could take us longer if your request is particularly complex or you have made multiple requests. In this case, we will tell you and keep you updated.
Dandi's Recruitment Services
Dandi Legal Limited respects your privacy and is committed to protecting your personal data. This privacy notice provides information on how we collect and process your personal data through our website, and when you contact us by phone, email, or by writing to us.
Purpose and scope of privacy notice: Data Controller contact information
Dandi Legal Limited (“Dandi”) is a company incorporated in England with company registration number 13562020 whose registered office is at First Floor, 5 Fleet Place, London, United Kingdom, EC4M 7RD.
Dandi is a specialist recruitment and consultancy agency and our website and services are intended for adults aged 18 and over: we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Our affiliate EJ Legal Limited is the controller and responsible for your personal data. EJ Legal Limited (“EJ”) is a company incorporated in England with company registration number 02636241 whose registered office is at First Floor Thavies Inn House 3-4, Holborn Circus, London, EC1N 2HA.
Dandi is the processor and processes your personal data in accordance with EJ’s instructions.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice or the ways in which Dandi processes your personal data, please contact the data privacy manager email on info@ejgroup.co.uk or by writing to EJ Legal Limited, 76 Canon Street, London EC4N 6AE, marking the letter for the attention of The DPO. Please make it clear that your enquiry relates to Dandi Legal Limited.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
1. The data we collect about you
Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you. This includes your full name, marital status, title, date of birth, gender, contact details including personal and business email addresses and phone numbers; your job title and role, current and previous employers, your education, academic record and professional qualifications, your notice period, current salary and other relevant information that you may provide when you send a CV to us or engage us to source candidates for you, roles that you have been put forward for and interviews that you have attended, roles that may be of interest to you based on your profile and what you have told us; information about how you use our website.
2. How is your personal data collected?
We use different methods to collect data from and about you including where you contact us to apply for one of our advertised vacancies or with a speculative application and as you use our website, we may automatically collect data about your browsing actions. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for more information on our use of cookies. Occasionally, we may collect data about you from public sources including public websites and articles in the press to the extent that this is relevant to our recruitment business.
3. Contextual data collection
Applicants may be asked to provide information relating to their educational background and social mobility. This may include, without limitation: educational details (such as school or college subjects and grades and the university attended), employment undertaken during education, Local Authority Care (LAC) status, refugee or asylum seeker status, eligibility for Free School Meals (FSM), factors that may have impacted education (including medical or chronic illness, family-related circumstances, or caring responsibilities) and postcode data/parental occupation.
Dandi’s contextual recruitment software (Dandi's Diversity Lens) is used by Dandi and EJ, to help prospective employers understand your achievements within context. Your contextual data will be linked to your candidate record, and may be shared with our clients and prospective clients, to support your application and to promote the use of contextual data in our recruitment services. For further information on how we process your contextual data in relation to the 'Dandi Passport', please refer to our Privacy Policy that applies to our contextual recruitment tool.
4. How we use your personal data and the lawful basis for doing so
We will use your personal data as required for the services that we provide as a specialist recruitment and consultancy agency: these uses include presenting roles or candidate profiles that may be of interest to you; managing the recruitment and interview process for clients and candidates; and using data analytics to improve our website. The lawful basis for us doing so is that this is necessary for the performance of a contract with you and/or for our legitimate interests in the efficient running our recruitment and consultancy business, and to keep our website updated and relevant. If you do not agree to our processing of your personal data as required to manage the recruitment process then we will not be able to present roles or candidates to you.
5. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
6. Sharing your personal data
We will only share your personal data with: (a) EJ which is the controller and owner/licensee of the shared IT system on which all of our data (including your personal data) is stored; (b) EJ’s third party service providers of our cloud back-up storage system; (c) other third parties, where such disclosure is necessary to comply with applicable laws; (d) the acquirer(s), in a reorganisation or sale of our company or assets, (e) employers or candidates who will need to receive your personal data as required for the recruitment process. We may discuss candidates with our client(s) on a no names basis but we do not provide a C.V. or any identifying information without the candidate's express consent.
7. International transfers
Normally, we do not transfer your personal data outside the UK.
We know that countries outside of the UK have different laws around protecting your personal data, and that some of these may provide your personal data with lower levels of protection than in the UK.
To make sure this doesn’t happen, we always comply with UK laws designed to ensure the privacy of your personal data overseas, if we ever need to transfer your personal data to countries outside the UK. For example, your personal data may need to be transferred outside of the UK where we use suppliers located, or which store data on our behalf, outside of the UK.
This means we are only allowed to transfer your personal data to a country outside the UK if:
the UK government has decided the country has laws that mean your personal data is adequately protected (known as an ‘adequacy regulation’). A list of “safe” countries the UK currently has adequacy regulations in relation to is available here or:
we use specific standard contractual terms approved by the UK government (designed to give personal data the same protection as it has in the UK) in our contract with the supplier or other third party who we are sending the data to.
If you would like further information about data transferred outside the UK, please contact our Data Protection Officer (as described in the section 'Purpose and scope of privacy notice: Data Controller contact information').
8. Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
For more information about the cookies we use, please see our cookie policy
9. Data security
We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected personal data breach and will notify the ICO and/or you of a personal data breach where we are legally required to do so.
10. Data retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, and in line with our data retention policy.
Your legal rights and how to exercise them
You have the following data protection rights in relation to your personal data that apply in certain circumstances:
Right to erasure: You can ask us to erase or delete all or some of your personal data.
Change or correct data: You can also ask us to update the data we hold about you.
Object to, or limit, our use of your data: You can ask us to stop using all or some of your personal data or to limit our use of it.
Subject access requests and portability right: you can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
If you wish to exercise any of the rights set out above, please contact info@ejlegal.co.uk.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Last updated: March 2026