1. Who we are

This Privacy Notice describes how Sandberg LLP, Building Testing Limited (BTL) and Midland Corrosion Services Ltd (MCS) (in this Privacy Notice, “Sandberg Group”) collects and uses personal data. It applies to existing clients, prospective client’s website visitors and Sandberg suppliers.

  • References to “us“, “we“, “our” or “Sandberg Group” are to: Sandberg LLP, a company registered in England and Wales (Company number OC304229) with a registered address at 40 Grosvenor Gardens, BTL, a company registered in England and Wales (Company number 03776954) at 12 Wintonlea Industrial Estate, Monument Way West, Woking, Surrey, GU21 5EN and MCS, a (Company number 04259561) at Stancliffe House Whitworth Road, Darley Dale, Matlock, England, DE4 2HJ
  • The Sandberg Group acts as data controller in respect of your personal data that we process. Our Privacy and Data Compliance Officer is the Partnership Secretary. If you have any questions about this Privacy Notice and how we use your personal data, please get in touch with us via the contact details below:
    • Post: Ewan Maclean, at Sandberg LLP, 40 Grosvenor Gardens, London, SW1W 0EB.
    • E‐mail: ewan.maclean@sandberg.co.uk Telephone: +44 (0) 2075657000
  • This Privacy Notice supersedes any previous Privacy Notice. We may update this Privacy Notice from time to time to ensure that it remains accurate. If we do so, we will provide an updated copy of this notice as soon as reasonably possible on our website.
  • This Privacy Notice was last updated on 5th November 2018.

2. What data do we collect?

The personal data that we collect will depend on your relationship with us. Please see below for detailed information regarding the types of information we collect and use about you.

Clients / prospective clients:

  • Name, business address, job title, e‐mail address, telephone number, and (if applicable) employer name;
  • Names of personal referees as shown on CVs (position, home address and phone);
  • Qualifications certificates and number reference which may contain pictures and an individual’s date of birth;
  • Opinions on competence.


  • Name, business address, job title, e‐mail address, telephone number, and (if applicable) employer name;
  • Names of personal referees as shown on CVs (position, home address and phone);
  • Qualifications certificates and number reference which may contain pictures and an individual’s date of birth;
  • Opinions on competence

3. Who do we collect your data from?

We collect your personal data:

  • Directly from yourself via the information you provide to us;
  • From your company/employer;
  • From third parties, such as:
  • Accreditation Scheme owners
  • Credit referencing agencies
  • Regulatory bodies
  • Lead generation companies and mailing houses
  • Publicly available sources, such as;
  • Social media sites such as LinkedIn, Twitter and Youtube
  • Web searches

4. How do we collect your data?

We collect your personal data:

  • Face to face when you meet us;
  • Via regular mail (in writing);
  • By telephone;
  • By e‐mail;
  • Via website registration;
  • Via the internet

We collect and use your personal data for a number of different purposes:

  • To prepare a proposal for you regarding the services we offer;
  • To provide you with the services as set out in our Standard Terms and Conditions of Engagement and our contract with you or as otherwise agreed with you from time to time;
  • To deal with any complaints or feedback you may have or are involved with;
  • To meet our compliance and regulatory obligations and as required by tax authorities or any competent court or legal authority;
  • For marketing to you. Please see the separate section on Marketing below;
  • For the administration and management of our business, including but not limited to organising, recovering debts and archiving or statistical analysis;
  • Seeking advice on our rights and obligations, such as where we require our own legal advice.

For each purpose, we must have a legal ground for such processing. In respect of your personal data, the legal grounds we rely on are:

  • Our performance of a contract with you;
  • Us having an appropriate business need to use your data, and such need does not overly prejudice you;
  • You having given your explicit consent for us to use your personal data;
  • Us having a legal or regulatory obligation to use your data; and
  • The necessity to use your data to establish, exercise or defend our legal rights.

6. Who do we share your data with?

We may share your personal data with our internal staff/departments via internal reports and via access to central IT systems.

We also disclose your personal data to the third parties listed below:

Group companies;

  • Third parties whom we engage to assist in delivering the services to you, such as IT providers and data storage providers, sub‐consultants, contractors.
  • Agents, advisers, intermediaries you advise us to share your data with;
  • Our professional advisers where it is necessary for us to obtain advice and assistance, such as lawyers, accountants, auditors;
  • Debt collection agencies and credit referencing agencies; and
  • Relevant regulatory authorities or law enforcement agencies, subject to your agreement via a waiver of confidentiality.

7. Your rights

Under the GDPR you have certain rights in relation to the personal data that we hold about you. You may exercise these rights at any time by contacting us using the contact details set out further below in this section.

Please note that in some cases we may not be able to comply with your request because of our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we cannot comply with your request, we will tell you why.

Your rights are:

  • The right to access your data

    You are entitled to a copy of the personal data we hold about you and certain details of how we use it. Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible. Subject to certain circumstances, there will not be a charge for dealing with these requests.

  • The right to rectification

    We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.

  • The right to erasure

    In certain circumstances, you have the right to ask us to erase your personal data.

  • The right to restriction of processing

    In certain circumstances, you are entitled to ask us to stop using your personal data.

  • The right to data portability

    In certain circumstances, you have the right to ask that we transfer any personal data that you have provided to us to another third party of your choice.

  • The right to object to marketing

    You can ask us to stop sending you marketing communications at any time.

  • The right to withdraw consent

    For certain uses of your personal data, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal data.

  • The right to complain

  • If you are not happy with the way your personal data is held or processed please tell us using the contact details above.

You also have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any use of your personal data by us is in breach of applicable data protection laws and regulations. Making a complaint will not affect any other legal rights or remedies that you have.

We are committed to protecting and safeguarding your privacy on the Internet.

8. Sandberg Website

You do not have to give us personal information to visit our site although you may then not be able to participate in certain promotions or receive relevant information.

Personal information collected

Sandberg does not collect any personally identifiable information without your consent.

The only personal information we may request from you is contact information (for example when you fill in an enquiry form on this site). This can consist of such information as your name, e‐mail, telephone number, etc. By entering the information in the fields requested you enable Sandberg to provide you with the information or services you request.

In the event that you request us to send you electronic newsletters, we will collect and hold your name and email address (as provided by you in the subscription form). You may at any time remove yourself from our mailing list by following the link provided in every newsletter.

Sandberg will not trade, sell or share your personal information for use by any other business or third party.

Use of cookies

What is a cookie?

A cookie is a brief amount of data, usually containing a unique identifier, sent to your browser software from a website and recorded on your computer’s storage. Each website may set one or several such cookies on your computer, but your browser will only allow a website to access the cookie(s) it has set and deny access to other websites’ cookies.

Cookies record information about your preferences and allow websites to customize your experience. They are also used for handling user authentication in members‐only areas of a website. Users have the option to be forewarned before accepting a cookie, review cookies already stored on their computer’s permanent storage and even delete them if so required. Your web browser software gives you these options. Each web browser handles these features in a different way, so you have to consult your web browser’s help/user guide/manual to learn more about this.

How are cookies used on the Sandberg GPR website?

Sandberg does not set any cookies.

Sandberg does not use any third-party cookies.

9. Marketing

We may also use your personal data to provide you with information about services we provide which may be of interest to you where you have provided your consent for us to do so. This information may include alerts and newsletters. We will communicate this to you in a number of ways including by post, telephone, email or other digital channels.

We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving. If you wish to unsubscribe from marketing communications sent by us, you may do so at any time by contacting us in one of the following ways:

  • By registered post ‐ Ewan Maclean, at Sandberg LLP, 40 Grosvenor Gardens, London, SW1W 0EB.
  • By e-mail to ho@sandberg.co.uk
  • By using the unsubscribe link in the footer of our Newsletter.

10. What is our approach to international data transfers?

In principle, we do not store or process personal data that we collect about you in countries outside the European Economic Area (EEA). However, some of the third parties we share personal data with (as set out in this Privacy Notice), may be located outside the EEA. In those circumstances, please note that your personal data will only be transferred outside the EEA on one of the following bases:

  • The country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data;
  • The transfer is to a recipient in the United States of America who has registered under the EU/US Privacy Shield;
  • The recipient has entered into European Commission standard contractual clauses with us; or

Please contact us if you require further information about this.

11. How long do we keep your data?

We will only retain your personal data for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice and in order to comply with our legal and regulatory obligations. Please contact us if you would like further information regarding the periods for which your personal data will be stored.

12. What we do to safeguard your data

Sandberg Group is committed to protecting your privacy. Our staff use mobile devices, such as laptops and mobiles that are accessed by password. Our staff receive periodic training on data protection and all our contracts with third parties include relevant confidentiality and data protection provisions.