Data Protection Policy 

A R Wilson & Co Data Protection Policy


A R Wilson & Co (AW&Co) is the trading name of A R Wilson (1985) Ltd which is a company limited by sharer (No 8713334) and is committed to protecting the privacy of all personal information or data provided by those that use our services.  Personal information and data is described as “any information relating to an individual, whether it relates to his or her private, professional or public life.  It can by anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”.  This policy explains how we collect, use and store the personal information provided to us.


AW&Co commits to abide by the Data Protection Act 1998 (DPA) and the General Data Protection Regulations 2017 (GDPR) in all areas of its operation.  This policy applies to everyone who works on its behalf and they are expected to work within the legislation.  This policy sets out in detail the procedures in place to ensure that personal data relating to our users and those that enquire about our services are treated in the appropriate way.

AW&Co acknowledge that individuals have the right to expect that appropriate and reasonable safeguards will be operated by AW&Co and any third parties engaged to protect the confidentiality, integrity and security of their personal and sensitive personal data.  Where third parties process data on our behalf we will ensure through a legal agreement that the third party also operates in accordance with the DPA and the GDPR.

The DPA and the GDPR require that organisations process personal data in accordance with the eight Data Protection Principles and AW&Co has adopted those principles, which are:

  • Fair and lawful
  • Specific to purpose
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Kept for no longer than necessary
  • Processed in accordance with data subjects rights
  • Kept secure
  • Not transferred overseas without suitable safeguards

ARW&Co will never share or sell your data to other 3rd party organizations for their marketing purposes, unless required by law (ie by public bodies is respect of prevention or detection of crime).

AW&Co may allow consultants acting on our behalf to access and use your information for the purposes for which it is intended (for example for undertaking professional services on your behalf or transmission to potential legal advisors/other professionals acting on your behalf or for processing payments).  ARW&Co will ensure that they are provided with the relevant data and ensure the information is treated with the same level of care we would do so ourselves.

AW&Co’s website has links to websites owned and operated by third parties.  These third parties have their own privacy policies, and will control the information we provide to them in accordance with their respective policies.

Policy Statement

AW&Co has adopted this policy.  The core requirements relate to the collection, storage, processing, records, confidentiality, security, incident management, retention and deletion, management, availability, integrity and secure disposal of our users personal and sensitive date.

AW&Co will only collect and process personal and sensitive data that has been obtained fairly and lawfully and for a specific set of purposes connected with the company’s activities or where we have a legitimate purpose under law to do so.  Data will be adequate and relevant and only used for the purposes collected.  It will be maintained, kept accurate and not retained for any longer than is necessary.  Before collecting any information AW&Co will consider:

  • What details are necessary for our purposes
  • How long we are likely to need this information
  • What the information will be used for

AW&Co may use your personal information for a number of reasons.  These include:

  • To disseminate and publish such information as is provided by you to us in respect of the professional services we undertake on your behalf either under contract or by specific consent
  • All and any correspondence regarding the work of AW&Co restricted for the purposes above
  • Administrative purposes – to include all internal record keeping and auditing
  • Data collection providing such data does not disclose the personal details of the users but gives a broad idea of users so we can adapt our services to suit our users

AW&Co will endeavour to contact you insofar as you are happy for us to do so in connection with fulfilling our contract with you to provide professional services, and in the event you change your preferences we shall act swiftly to ensure that our contract and associated information is adjusted as appropriate.

Data Security

AW&Co will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure.  The following measures will be taken:

  • Password protection and up to date internet security on computers (not networked)
  • Daily back up data on computers
  • Password protected attachments for ‘sensitive’ personal information sent by email or stored on computers/laptops/phones
  • Laptops taken out of the office or used by home based staff are always password protected and have up to date internet security (not networked)

Access Requirements

AW&Co will ensure that anyone whose personal information we process has the right to know:

  • What information we hold and process on them
  • How to gain access to this information
  • How to keep it up to date
  • What we are doing to comply with the regulations

They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block, or erase information regarding as wrong or if consent is withdrawn.

Individuals have the right under the DPA and the GDPR to access certain personal data being kept about them on computer and certain files.  Any person wishing to exercise this right should apply in writing to the Data Compliance and Data Control Officer, Adrian R Wilson by email

The following information will be required before access is granted:

  • Full name and contact details of the person making the request
  • Their relationship with AW&Co
  • Any other relevant information, eg timescales
  • We may also require proof of identity before access is granted

Queries about handling personal information will be dealt with swiftly and politely.  AW&Co aim to comply with requests for access to personal information as soon as possible but will ensure it is provided within the 40 days required by the DPA and the GDPR.

For further current information see

Version 1:  May 2018

Last upate:  December 2020