PRIVACY NOTICE
Last updated: January 2026
‍
1. Introduction
Caroline Preston Partners (“we”, “our”, “us” or “the Company”) is committed to protecting the privacy of individuals whose personal data we process, including website users, clients, professional contacts, and candidates.
This Privacy Notice explains how we collect, use, disclose and protect personal data, and how you can exercise your rights under UK data protection law.
Caroline Preston Partners processes personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and related UK data protection legislation, including the Data (Use and Access) Act 2025 (together, Data Protection Laws).
This Privacy Notice applies to personal data collected through our website and in the course of our business activities. It should be read alongside any supplementary privacy notices provided at the point of data collection, which complement but do not override this Notice.
Contact details:
Email: info@cprestonpartners.com

Post: 27 Hill Street, London W1J 5LP
‍
2. Data Controller
For the purposes of Data Protection Laws, Caroline Preston Partners is the data controller and is responsible for determining how and why personal data is processed.
‍
3. Personal data we collect
We aim to collect only the personal data that is necessary for legitimate business purposes.
3.1 Contacts and marketing audiences
- Identity data: name, title, job role, organisation
- Contact data: business email address, telephone number, business address
- Marketing and communications data: communication history and preferences
3.2 Clients
- Identity data: name, job title
- Contact data: billing address, email address, telephone number
- Financial data: payment and invoicing information
- Transaction data: details of services provided
- Marketing and communications data
3.3 Automated and technical data
When you visit our website, we may collect:
- Technical data: IP address, browser type and version, operating system, time zone
- Usage data: information about how you use our website
- Website interaction data: pages viewed, links clicked, time spent on pages
This data is collected using cookies and similar technologies (see section 13).
‍
4. How we collect personal data
We collect personal data when you:
- Contact us by email, phone, post or via our website
- Engage with us through professional networking or social media platforms
- Subscribe to marketing communications
- Are introduced or referred to us
- Are identified through publicly available sources (e.g. company websites)
- Engage with us in the course of providing or receiving professional services
We may also receive personal data from third parties such as business partners, analytics providers or professional advisers, where appropriate safeguards are in place.
‍
5. How we use personal data and lawful bases
We only process personal data where we have a lawful basis under UK GDPR.
5.1 Performance of a contract
To provide services, manage client relationships, and administer billing and payments.
5.2 Legitimate interests
We process personal data where necessary for our legitimate business interests, provided these are not overridden by your rights and freedoms. These interests include:
- Operating and developing our business
- Managing professional relationships
- Improving our services and website
- Ensuring network and information security
- Communicating with individuals in a professional capacity
Where we rely on legitimate interests, Caroline Preston Partners has carried out and documented Legitimate Interests Assessments to ensure that the processing is proportionate and does not unduly impact individuals’ rights and freedoms.
You have the right to object to processing based on legitimate interests.
5.3 Consent
We rely on consent where required by law, including for certain marketing communications and non-essential cookies. Consent may be withdrawn at any time.
5.4 Legal obligations
Where processing is necessary to comply with legal or regulatory requirements.
‍
6. Disclosure of personal data
We do not sell personal data.
We may share personal data with trusted third parties where necessary, including:
- Service providers and suppliers
- Professional advisers
- IT and hosting providers
- Analytics and website service providers
- Public authorities where required by law
- Third parties in connection with a business sale or restructuring
All third parties are required to protect personal data and process it only for lawful purposes.
‍
7. International transfers
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
- Transfers to countries subject to UK adequacy regulations; or
- Use of the UK International Data Transfer Agreement (IDTA) or other UK-approved safeguards.
‍
8. Data security
We implement appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access or disclosure. Access is limited to those with a legitimate business need and subject to confidentiality obligations.
‍
9. Data retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting or regulatory requirements.
Personal data relating to professional contacts or candidates with no ongoing relationship is typically retained for no longer than three years from the last meaningful contact, unless a longer retention period is required or justified.
‍
10. Your rights and complaints
You have the following rights under UK GDPR:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to object
- The right to data portability
You can exercise these rights by contacting us at info@cprestonpartners.com.
Requests are handled free of charge, unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by law.
If you raise a concern or complaint about how we handle personal data, we will investigate it promptly and respond within a reasonable timeframe.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.
‍
11. Automated decision-making
Caroline Preston Partners does not carry out automated decision-making or profiling that produces legal or similarly significant effects.
If this changes, and we introduce automated decision-making that has legal or similarly significant effects, we will update this Privacy Notice in advance and provide clear information about the processing, the safeguards in place, and your rights.
‍
12. Marketing
We may send marketing communications where permitted by law. You can opt out at any time using the unsubscribe link in our communications or by contacting us directly.
‍
13. Cookies
Our website may use cookies and similar technologies.
- Essential cookies are required for website functionality
- Non-essential cookies are used only with your consent
If cookies are used, you can manage cookie preferences through our cookie banner or browser settings.
‍
14. Third-party links
Our website may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to read their privacy notices.
‍
15. Changes to this Privacy Notice
We may update this Privacy Notice from time to time. The most recent version will always be available on our website.
‍