Data Protection and Cookie policy


Montrose Associates Limited (“we”, us”, our” etc.) is committed to protecting your privacy. We are the controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise). This policy explains how we process personal information, referred to here as personal data, your rights and how to contact us if you need to. 

The nature of our services means that we often collect information about individuals and business situations by indirect means. This policy explains how we process that information and protect individuals’ privacy rights.

1. Information we collect about you 

We may process your personal information if: 

  • You or the company you work for are a client or a supplier of ours.
  • You or the company you work for have access to our services.
  • You work for a client or a supplier of ours, or for someone who uses our services.
  • You are someone (or you work for someone) to whom we want to market our services.
  • You are a person of interest to a client of ours which may mean you are: 
    1. a prospective employee;
    2. a prospective business partner or employee of a prospective business partner;
    3. a prospective investor or employee of a prospective investor; or
    4. a competitor or employee of a competitor of one of our clients.

2. How we collect information about you 

We may process your personal information that we have either obtained from you, or obtained from somewhere else. Personal information which is not collected directly from you may be collected: 

  • From your employer in connection with your job and how it relates to us or one of our clients.
  • From third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services and open source research providers).

3. Personal information relating to you that we process 

This may include: 

  • Your name.
  • Who you work for, your job function, career history and professional achievements.
  • Your address, phone number, email address or other contact details — these details may relate to your work or to you personally, depending on the nature of our relationship (or that of our client) with you or the company that you work for.
  • Information about you that you give us by communicating with us by post, by phone, by e‑mail or otherwise. It includes information you give us or that we obtain when you use our services, supply us with goods or services, enquire about a service, pay for our services, or contact us to report a problem, or do any of these things on behalf of the person that you work for, or in the context of a contract that we are executing for a client. .
  • Information relating to transactions with us involving you or the company you work for i.e. details of services that we have supplied to you, goods and services that we have obtained from you or the person you work for.
  • Other information relating to you which it is necessary for us to process in order to enter into or perform a contract with you or the company you work for.
  • Information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events.
  • Information relating to you that you give us or we otherwise obtain when you visit us at our offices or in any other location.
  • Some information that could be seen as special category data under applicable data protection law.

4. How we will use your personal information 

Your personal information, however obtained, will be used by us for the purposes set out in this policy. In particular,: 

  • to take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you or the company you work for and us;
  • to supply services to you or the company you work for or receive goods or services from you or the company you work for, as the case may be (this may include investigating your background using public and third party sources);
  • to administer your/​your company’s relationship with us;
  • to verify and carrying out financial transactions in relation to payments you make in your own capacity or on behalf of your company;
  • to notify you about changes to our services.
  • to provide you with information about our services, if you have given your consent to receiving marketing material from us at the point we collected your information;
  • to investigate persons and situations of business interest to our clients;
  • to provide you with information you have requested and to correspond with you in general;
  • to process your application for a job with us;
  • to satisfy legal obligations which are binding on us;
  • for the prevention of fraud or misuse of services; and/​or
  • for the establishment, defence and/​or enforcement of legal claims;
  • for the preparation of reports responding to specific questions from our clients.

5. Our lawful basis for processing your personal information 

We are required to rely on one or more lawful grounds to collect and use your personal information. We consider the following to be relevant: 

  • Where you have given your consent for us to use your personal information in a certain way.
  • Where necessary so that we can comply with a legal obligation to which we are subject.
  • Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering such a contract.
  • Where it is in your/​another person’s vital interests.
  • Where there is a legitimate interest’ in us doing so.

The law allows us to collect and use personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights). 

In broad terms, our legitimate interests’ are the interests of running Montrose Associates Limited as a private company and providing intelligence services to our corporate clients. 

When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law). 

6. Cookies 

We only use cookies on our website which are required for the functioning of the website. These do not store any IP addresses, information on web browsers types or operating systems. 

7. Who we give your information to 

We may disclose your personal information to third parties in order to achieve the purposes set out in this policy. These third parties may include: 

  • Our clients, for the purpose of supplying services to them – this may include your employer or prospective employer, an organisation you invest in, partner with, or propose to invest in or partner with, or a business competitor of yours or of your employer;
  • third party suppliers and sub-contractors (for the performance of any contract we enter into with them, for example IT service providers);
  • professional service providers such as lawyers;
  • regulatory authorities; and/​or
  • insurers and banks.

We also reserve the right to disclose your personal information to third parties: 

If Montrose Associates Limited is acquired by a third party, in which case personal information held by it about its customers would be one of the transferred assets. If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the company you work for; or to protect the rights, property, or safety of Montrose Associates Limited, our clients, employees or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. 

8. Where do we store and transfer your information to? 

The information that we process in relation to you may be transferred to, and stored at, a destination outside the UK and the European Economic Area (“EEA”) that may not be subject to equivalent data protection law (and therefore may have a lower standard of protection, including lower security requirements and fewer rights for individuals). It may also be processed by staff situated outside the UK and EEA who work for us or for one of our suppliers. 

We may transfer your personal information outside the UK and the EEA

  • In order to store it.
  • In order to enable us to provide services to and fulfil our contract with you or the company your work for. This includes processing of payment details and the provision of support services.
  • Where we are legally required to do so.

Where your information is transferred outside the UK and the EEA, we will take all steps reasonably necessary to ensure that your information is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism (for example, European Commission-approved standard contractual clauses, or the EU-US Privacy Shield), and that it is treated securely and in accordance with this privacy policy. If you have any questions about the adequacy safeguards we have put in place, please contact us using the details below. 

9. Right of Correction or Completion 

If personal information we hold about you is not accurate, out of date or incomplete, you have a right to ask for the information to be rectified, updated or completed. Therefore, please advise us of any changes to your information. You can let us know by contacting us using the details in the Contacts section or use the address at the bottom of this page. We may need to verify the accuracy of the new information you provide to us. 

10. Right of Data Portability 

In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format. 

You can ask us to transmit that information to you or directly to a third-party organisation. 

The above right exists only in respect of personal information that: 

  • you have provided to us previously; and
  • is processed by us using automated means.

The right also only applies where the lawful basis for processing the personal information is consent or when necessary for performance of a contract. While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organisation’s systems. Also, we may be unable to comply with requests that relate to personal information of others without their consent. 

You can exercise this (or any other) rights by contacting us. 

Privacy rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights. 

11. How long we keep your personal information 

Any personal information we hold will be kept for the period necessary to fulfil the purpose for which it was collected or, where the information is required for longer, in accordance with our data retention policies. However, you may always ask us to permanently erase your information and in certain circumstances you have a legal right to request such erasure. 

Any payment details you provide us will be securely transferred to our banking partners to fulfil agreed payment for services. 

We retain personal information generally for administrative purposes for as long as you have a relationship with us in order to meet our contractual obligations to you or your employer as long as is reasonably necessary after that to identify any issues and resolve any legal proceedings. 

We retain personal information collected and processed in order to deliver our services to clients for the minimum period necessary. Where possible we use automatic mechanisms to enforce our data retention policies and we periodically check to ensure that our policies are being adhered to. Personal information collected and processed in order to deliver our services to clients may be retained longer if we are required to preserve records for legal purposes. 

12. Security of your personal information 

We implement security safeguards designed to protect your data. We regularly monitor our systems for possible vulnerabilities and attacks. We regularly assess the effectiveness of the security mechanisms we have implemented, and make improvements as we deem necessary. However, we cannot warrant the security of any information that you send us. 

13. Your rights 

In addition to the rights set out in sections 9 and 10, you also have the right, under certain circumstances: 

  • to be provided with a copy of your personal information held by us;
  • to request the rectification (see section 9 above) or erasure of your personal information held by us;
  • to request that we restrict the processing of your personal information (while we verify or investigate your concerns with this information, for example);
  • to object to the further processing of your personal information, including the right to object to marketing;
  • to request that your provided personal information be moved to a third party (see section 10 above).

Please note that we do not apply any solely automated decision making processes to your personal information. 

To exercise any of these rights, please contact us. Please note that we may ask you for additional information to confirm your identity before disclosing personal information to you, and that some of these rights apply in limited circumstances and are subject to legal exemptions. 

14. Your right to withdraw consent 

Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us. 

15. How to make a complaint 

If you are unhappy with the way we process your personal information, you may approach your local data protection authority. The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal information, as well as deal with any complaints that you have about our processing of your personal information. We ask that you consider contacting us first so that we have an opportunity to resolve your concerns before this step becomes necessary. 

16. Changes to this policy 

We may update this policy from time to time. We will notify you of any significant changes by contacting you directly where reasonably possible for us to do so and any changes we make to our privacy policy in future will be posted on our website. This policy was last updated in February 2020

17. Contact details 

Montrose Associates Limited
97 Jermyn Street
United Kingdom
Tel +44 (0)20 7811 0270
Fax +44 (0)20 7811 0271
Email: info@​montroseassociates.​biz