Privacy Policy

Privacy notice

Last Updated: 30th June 2020

RPS Group is committed to protecting your privacy, so before providing us with any of your details, you must read the following important information.  This sets out the basis on which any personal data we collect, or you provide to us, will be processed, stored and/or transferred by us. Group Plc, its subsidiaries and business segments.

RPS Group ('we', 'us', 'organisation') is the Data Controller for the information you provide to us.  We are committed to being transparent about how we collect and use your data and meeting our data protection obligations.

If you have any questions about the process, please contact us at:

RPS Group Plc, 20 Western Avenue, Milton Park, Abingdon, Oxfordshire OX14 4SH (FAO: Data Controller)

What information do we collect?

RPS Group may collect and process a range of information about you for the services we offer through our numerous divisions. This will depend on the nature of our relationship with you.

  • your name, address and contact details, including email address and telephone numbers
  • any other personal information you submit or provide to the organisation

RPS Group will only seek information from third parties with your consent.

Specific privacy notices are available at the point of collection from any of our websites or where processing of personal data takes place.

On what legal basis does the organisation process personal data?

Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisations). For some processing, more than one legal ground may be relevant (except where we rely on a consent). We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you
  • Where we need to comply with a legal obligation
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

We may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests)

Where it is needed in the public interest [or for official purposes]

Who has access to the data?

Your information may be shared for the purposes of processing on specific service(s) you have entered with the organisation. Information may be shared with the following parties, including (but not limited to):

  • Managers, project team members, sales teams & consultants
  • Third parties to whom we choose to sell, transfer, or merge parts of our business or our assets
  • Third party suppliers to us, including (for example) insurance providers, brokers, client entities

More information can be found for the specific services we offer at the point of collection from the organisation’s website.

IT staff may also be required to access your data if it is necessary for the performance of their roles, routine administration, and in the management of our internal IT systems.

RPS Group will not share your data with third parties unless there is a requirement to do so.

How long does the organisation keep data?

We will keep your personal data for the period necessary to fulfil the purposes for which it was collected and to comply with legal obligations. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may continue to use such information without further notice to you.  Once this data is no longer required, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

Your rights

Here is a list of the rights that all individuals have under data protection laws. They may not apply in all circumstances. If you wish to exercise any of them, we will explain at that time if they are applicable or not:

  • The right to be informed about your processing of your personal information
  • The right to have your personal information corrected if it is inaccurate, and to have incomplete personal information completed
  • The right to object to processing of your personal information
  • The right to restrict processing of your personal information
  • The right to have your personal information erased (the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it (see below for further details)
  • The right to move, copy or transfer your personal information (“data portability”)
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

You have the right to complain to your supervisory authority, details of which can be accessed here.

Access to personal data

In the first instance, you should make any request for access to your data via

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights), however we may charge a reasonable fee if your request for access is clearly unfounded or excessive.  Alternatively, and in exceptional circumstances only, we may refuse to comply with the request in such circumstances.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to RPS Group. However, if you do not provide the information necessary, then the organisation may not be able to provide the services necessary to fulfil any contractual duties we engage in.

How we protect and store your personal data

The organisation takes the security of your data seriously.  Internal policies and controls are in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Data will be stored in a range of different places within the organisation's IT systems (including the organisation's email system).

Is personal data transferred outside the UK or the EEA?

Your personal information may be transferred or the European Economic Area. If it is processed within Europe or other parts of the European Economic Area (EEA), then it is protected by European data protection standards. Some countries outside the EEA also have adequate protection for personal information under laws that apply to us. We will make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA that do not have adequate protection under laws that apply to us, except in cases where ‘derogations’ apply.

Automated decision-making

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Changes to this Privacy Notice

Any changes we may make to our privacy notice in the future will be representative of the effective date confirmed above.


For more information please see our Cookies Policy.


If you have any queries about this privacy notice, or in general about the personal data which we may hold about you, please contact:

RPS Group Plc, 20 Western Avenue, Milton Park, Abingdon, Oxfordshire OX14 4SH (FAO: Data Controller)