This notice sets out our commitment to being transparent about how we collect, handle and protect your personal data of our customers, suppliers and other third parties. In addition, how we seek to ensure that our staff understand the rules governing their use of the personal data to which they
have access in the course of their work.

Toppesfield is committed to protecting your privacy and ensures that we comply with the data protection principles when gathering and using personal information.

For simplicity, Toppesfield Limited is referred to as ‘we’, ‘us’ and ‘our’ throughout this policy.

Data Controller

Toppesfield Limited (‘Toppesfield’), Toppesfield House, Hillview Business Park, Old Ipswich Road, Claydon, IP6 0AJ.

As a requirement we may share your personal information with other organisations, these will be data controllers in their own right.

Explanation of applicable data

For the purpose of this policy, personal data refers to information that relates to an identifiable, living individual, including information such as an online identifier for example an IP address. The General Data Protection Regulations (GDPR) applies to both automated personal data and to manual filing
systems, where personal data is accessible according to specific criteria, as well as to chronologically ordered data and pseudonymised data.

Data referred to in the GDPR as ‘special categories of personal data’ (previously termed ‘Sensitive Personal Data’) specifically includes the processing of genetic data, biometric data and data concerning health matters.

“Personal information” is therefore any information that can be used to identify you or that we can link to you and which we at Toppesfield have in our possession or control.

Information Collection

We collect and use several types of information about individuals in order to provide and improve our services to you.

We will collect and process personal information including your name, address, phone number, email address and other information that you give to Toppesfield including when you email us or contact us through various methods including:

  • Signing up for Toppesfield services: when you sign up for our newsletters, webinars, events or obtain any of our services, or when you contact us with queries, or respond to our communications the personal information you provide may include your full name, title, telephone number, email address and additional content, date and time of your email correspondence and information about your current or previous employers or your business.
  • When providing Toppesfield services: if you are a client, partner or preferred supplier of Toppesfield you will provide us with personal information when you, or the company you represent, become a client, partner or preferred supplier with us. If you are not a client, partner or preferred supplier we may still collect or receive your personal information because you are involved in one of our client’s matters.
  • When participating in recruitment activities: when you apply for any role with us, or with a client of ours if we are acting on their behalf, you may provide us with your full name, date of birth, nationality, education and qualification details, your gender, your CV, photograph, passport details, marital status, home address and home telephone number, mobile telephone number and other details set out in your communications to us
  • To enable processing of payments and fraud prevention: Financial and Payment Data Including bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information
  • To enable equality and monitoring: When applying or joining Toppesfield then your sensitive personal data (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences, or genetic or biometric data) may be collected in order to carry out monitoring and comply with the legal obligations.
  • Applying for placements and work experience: When you apply to us you for any potential work placement you may provide us with details such as your name, email address, postal address and employment details.
  • CCTV: When you visit one of our premises, CCTV is used in line with data protection principled and Toppesfield notifies staff and visitors of the purpose for collecting CCTV images via notice boards, letters and email.
  • Footage and Pictures: We may take photographs or video footage of individuals forbusiness use such as to publish on our company website, social media or recordings of  events; we shall assume we have the individual’s consent before publishing unless otherwise notified in writing.

Use of Data

We use information held about you in the following ways:

  • use it to provide Toppesfield services to a relevant client
  • use it to engage in marketing and business development activity in relation to our group services. This may include sending you newsletters, legal, human resources and health and safety updates, marketing communications and other information that we believe may be of interest to you
  • where you have applied for a position with us or with our clients that we are representing, to review and process your application
  • to comply with legal and regulatory obligations that we have a duty to discharge
  • use it to establish, exercise or defend our legal rights or for the purpose of legal proceedings
  • to record and monitor your use of our websites, social media or our other services for Toppesfield business purposes. This may include analysis of usage, measurement of website performance and generation of marketing reports
  • use it for our legitimate business interests, such as for undertaking business research and analysis, managing the operation of our business and improving our websites and interfaces
  • use it to look into any complaints, concerns or issues you may have
  • use it to prevent and respond to actual or potential fraud or illegal activities.

Sharing Data

We share personal information internally, including where required entities that make up our group. We may also share your personal information outside Toppesfield. This may include:

  • Third party agents/suppliers or contractors, bound by obligations of confidentiality, in connection with the processing of your personal information for the purposes described in this Policy. This may include, but is not limited to, our IT and communications service providers, and insurance, pension or benefit providers if you are employed by us.
  • Third parties relevant to the services that we provide. This may include, but is not limited to, counterparties to transactions or litigation, other professional service providers, regulators, authorities, governmental institutions.
  • To the extent required by law, regulation or court order, for example, if we are under a duty to disclose your personal information in order to comply with any legal obligation.

Security of Data

We are committed to the security of your personal data and have taken measures to ensure your personal data is safe from from misuse, interference, loss, unauthorised access, modification or disclosure.

Should despite of our security measures, a security breach occur that is likely to result in a risk to the data privacy of Users, we will inform the relevant Users and other affected parties, as well as relevant authorities when required by applicable data protection law, about the security breach as soon as reasonably possible.

Retention of Personal Data

We will only retain your personal data for as long as necessary to fulfil the purposes that we collected it for including for the purposes of satisfying any legal, accounting, or reporting requirements. The appropriate retention period is determined by the amount, nature, and sensitivity of the personal
data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process and whether we can achieve those purposes through other means, and the applicable legal requirements.

Upon expiry of the applicable retention period we securely destroy your personal data in accordance with applicable laws and regulations. Toppesfield ensures that the personal information that we hold is subject to the appropriate security measures.

Your Rights

We will process all personal data in line with data subjects’ rights, in particular their right to:

  • Request access to your personal data
  • Request correction of your personal data
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing your personal data
  • Request transfer of your personal data
  • Right to withdraw consent


Cookies are small text files that are created and stored on your browser or the hard drive of your device by websites that you visit and these cookies enable our systems to recognise your browser. We use cookies on our website in order to tailor our website and help improve our service and
provide you with a more personalised web service.

Cookies remain in the cookies file of your browser after the closing of the browser and will become active again when the Site is reopened, until removed. The cookie(s) can be deleted at any time by you. The cookie(s) will not collect any information when you are not accessing the Site.

Changes to this Policy

We may revise this Policy at any time by amending the content and updated version will be posted as soon afterwards.

This privacy notice was published on 1st May 2019 and last updated on 14th November 2019