Privacy Policy

Last Updated: May 2026

1. Introduction

C & A Quality Services Ltd (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect your personal data when you visit our website (https://caqualityservices.com) or engage our consultancy services.

As a UK-based company providing services to clients in the UK, the European Union (EU), and globally, we comply with the UK GDPR, the Data Protection Act 2018, and the EU GDPR where applicable.

2. Important Information and Who We Are

C & A Quality Services Ltd is the data controller responsible for your personal data.

Data Protection Officer / Information Officer: Andrew Bolton (Director)

Email: info@caqualityservices.com

Address: Norwich, Norfolk, UK

ICO Registration: We are registered with the Information Commissioner’s Office (ICO) under registration number ZC076230. You can verify our registration on the ICO website.

3. The Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, including:

  • Identity Data: Name, title, and job role.
  • Contact Data: Billing address, delivery address, email address, and telephone numbers.
  • Technical Data: Internet protocol (IP) address, browser type, and location data when you use our website.
  • Usage Data: Information about how you use our website and services.
  • Professional Data: Information regarding your organisation’s quality management systems and internal procedures provided during consultancy.

4. How We Collect Your Data

  • Direct Interactions: You may give us your data by filling in forms on our site or by corresponding with us by post, phone, or email.
  • Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment and browsing patterns via cookies.
  • Third Parties: We may receive data from business partners or public sources (such as LinkedIn or Companies House).

5. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we use your data in the following circumstances:

  • Performance of a Contract: Where we need to perform the consultancy services you have requested.
  • Legitimate Interests: Where it is necessary for our legitimate interests (e.g., to keep our records updated or to study how customers use our services) and your interests and fundamental rights do not override those interests.
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation.
  • Consent: Generally, we do not rely on consent as a legal basis for processing except in relation to sending third-party direct marketing communications via email.

6. International Data Transfers

C & A Quality Services Ltd operates in over 35 countries. Whenever we transfer your personal data out of the UK or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government or European Commission.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK (International Data Transfer Agreement) or the EU (Standard Contractual Clauses).

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your personal data to those employees, agents, and consultants who have a business need to know.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, we retain client records for 7 years following the conclusion of a contract to align with UK tax and professional liability requirements.

9. Your Legal Rights

Under data protection laws, you have rights in relation to your personal data, including:

  • Access: Request a copy of your personal data.
  • Correction: Request correction of incomplete or inaccurate data.
  • Erasure: Request deletion of your data where there is no good reason for us continuing to process it.
  • Object to Processing: Object where we are relying on a legitimate interest.
  • Restriction: Request the suspension of processing your data.
  • Transfer: Request the transfer of your data to you or a third party.

To exercise any of these rights, please contact Andrew Bolton at info@caqualityservices.com.

10. Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

11. EU Representative

While we are a UK-based company, we serve customers in the EU. For the purposes of Article 27 of the EU GDPR, our primary contact for EU-based data subjects is our Information Officer, Andrew Bolton. We ensure all processing of EU resident data remains compliant with the EU GDPR standards.