Privacy Policy

Last updated: March 2026

Compliance Counsel Limited (trading as Regulatory Counsel), registered in England and Wales under company number 11642313, with its registered office at 2 Frederick Street, London WC1X 0ND ("we", "us", "our"), is the data controller responsible for your personal data. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.

1. Information We Collect

We collect and process the following categories of personal data:

  • Identity data: Full name, job title, position, and professional qualifications.
  • Contact data: Email address, telephone number, postal address, and company name.
  • Enquiry data: Details of your regulatory enquiry, business model description, and any information you provide in correspondence with us.
  • Technical data: IP address, browser type and version, time zone setting, operating system, and platform when you visit our website.
  • Usage data: Information about how you use our website, including pages visited, time spent, and navigation paths.
  • Engagement data: Records of consultations, meetings, communications, and advisory services provided.

2. How We Collect Your Data

We collect personal data through:

  • Direct interactions: When you contact us via our website contact form, email, telephone, or in person; when you engage us to provide advisory services; or when you attend our events or webinars.
  • Automated technologies: When you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns using cookies and similar technologies.
  • Third parties: We may receive personal data from referral partners, professional networks, and publicly available sources such as Companies House and the FCA Register.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: Where processing is necessary to perform our advisory services or to take steps at your request prior to entering into a contract.
  • Legitimate interests: Where processing is necessary for our legitimate business interests, including responding to enquiries, marketing our services to existing and prospective clients, improving our website, and managing our business operations, provided these interests are not overridden by your rights.
  • Legal obligation: Where processing is necessary to comply with a legal obligation to which we are subject, including anti-money laundering regulations, professional obligations, and tax requirements.
  • Consent: Where you have given explicit consent to the processing of your personal data for specific purposes, such as receiving marketing communications.

4. How We Use Your Information

We use your personal data for the following purposes:

  • To respond to your enquiries and provide initial consultations.
  • To deliver our regulatory advisory services, including licensing, compliance, and strategic advisory.
  • To manage our client relationships and maintain engagement records.
  • To send relevant regulatory updates, insights, and information about our services where you have consented or where we have a legitimate interest to do so.
  • To comply with our legal and regulatory obligations, including AML requirements and professional duties.
  • To improve our website, services, and client experience.
  • To administer and protect our business and website, including troubleshooting, data analysis, and system testing.

5. Data Sharing

We do not sell your personal data to third parties. We may share your data with:

  • Service providers: IT hosting, email services, and website analytics providers who process data on our behalf under appropriate contractual safeguards.
  • Professional advisers: Lawyers, accountants, and insurers who provide us with professional services.
  • Regulatory authorities: Where required by law, we may disclose personal data to the FCA, HMRC, the ICO, or other regulatory bodies.
  • Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity.

6. International Transfers

Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements. This includes transfers to countries with an adequacy decision from the UK Secretary of State, or transfers subject to appropriate safeguards such as standard contractual clauses approved by the Information Commissioner's Office (ICO).

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. For client engagement records, we typically retain data for a minimum of six years following the conclusion of our engagement, in accordance with professional obligations and limitation periods. Enquiry data from prospective clients who do not proceed to engagement is retained for up to two years. You may request deletion at any time, subject to our legal and regulatory obligations.

8. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls, secure hosting, regular security assessments, and staff training on data protection. While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: The right to request a copy of the personal data we hold about you.
  • Right to rectification: The right to request correction of inaccurate or incomplete personal data.
  • Right to erasure: The right to request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restrict processing: The right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: The right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: The right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at info@regulatorycounsel.co.uk. We will respond to your request within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

Our website uses cookies to enhance your experience. For full details of the cookies we use and how to manage them, please see our Cookie Policy.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

12. Contact

If you have any questions about this privacy policy or our data protection practices, please contact us at:

Compliance Counsel Limited
2 Frederick Street, London WC1X 0ND
Email: info@regulatorycounsel.co.uk