NGS Privacy Policy

1. Introduction

Northcott Global Solutions is committed to protecting and respecting your privacy. This privacy notice is designed to provide information about our practices concerning the collection, use and disclosure of your personal information in the course of providing legal, advisory and/or consultancy services, carrying out marketing and recruitment activities. This privacy notice sets out how we use and protect your personal information.

2. Who are we?

Northcott Global Solutions (“we”), are the Data Controller for the purposes of data protection law in relation to any personal information we hold about you.

Northcott Global Solutions is a limited liability company registered in England and Wales with company number 7145685 and our registered office is at One Canada Square, London E14 5AA, United Kingdom. We are registered with the Information Commissioner’s Office.

We are committed to maintaining high standards of confidentiality in relation to the information provided to us in the course of our business.  We are certified under ISO 27001, ISO 9001 and accredited under the UK Government’s Cyber Essentials security standards.

Please read this notice carefully, and should you have any questions please contact us by email at, or by writing to:

Data Protection Officer
Northcott Global Solutions Ltd
One Canada Square
E14 5AA
United Kingdom


3. Who does this privacy notice apply to?

This privacy notice applies to everyone whose personal information we collect and process (excluding our existing or former workforce, to whom a separate HR Privacy Notice applies). This includes individuals in the categories below or who work for any of the following:

  • our clients
  • our partners
  • our suppliers
  • people who are involved in contracts and transactions we are working on, such as other businesses or individuals our clients are contracting with
  • our regulators, insurers, auditors, professional advisers and certification/accreditation bodies (such as for our ISO 270001 and Cyber Essentials accreditations)
  • prospective employees, consultants and partners
  • people whose details we process in connection with our marketing activities.


4. What personal information do we collect?

Personal data, or personal information, means any information about an individual from which that person can be identified.  In the course of our business, we will need to collect and process various types of personal information for various purposes.  Given the nature of our business and the services we provide, it is impractical to list all the categories of personal information that may be collected and processed. We will however only process and collect personal information where we have a legal basis to do so.  We most commonly collect and process the following kinds of personal data about you:

  • personal contact information for individuals for the rendering of emergency assistance such as full name, job title, organisation, date of birth, address, email address, telephone number, and mobile phone number. We may collect additional information to enable the identity of individuals to be verified.
  • precise location data of an individual’s mobile device is collected and stored from the NGS Aurora App.  The background location data from the NGS Aurora App is collected.
  • financial information, including your bank account and payment card details
  • employment records, including professional membership/registration, references, proof of eligibility to work in the UK, security checks, photos
  • recruitment information, including CV’s, interview notes and assessment material
  • information regarding an individual’s legal requirements and personal or professional situation
  • information about individuals employed by or associated with our clients, advisers or the organisations involved in a matter on which we are instructed
  • information obtained as a result of investigations, consulting or penetration tests carried out in relation to client instructed engagements
  • special category personal data may be processed in the course of engagements, this includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
  • marketing and communications data, including your marketing preferences and interests and any feedback you provide to us (for example, by completing a survey). We also track when you receive and read marketing communications from us


5. How do we collect your personal information?

We use different methods to collect personal information from and about you including:

Direct interactions: you may voluntarily provide us with your personal information, for instance when you:

  • NGS collects an individual’s personal contact information if they voluntarily fill in their details on the NGS Aurora App profile page (available in the Google Play Store or Apple’s App Store) or on the Aurora platform.
  • NGS collects an individual’s precise location data from an individual’s mobile device if they have downloaded, installed, and actioned any of the following in the NGS Aurora App: complete a check-in, activate an emergency alert, activate a silent alarm, or activate their active tracking in the Settings page.  The NGS Aurora App collects location data to enable NGS to monitor an individual’s location in an emergency even when the App is closed or not in use.  Background location data is collected on the NGS Aurora App to notify the individual if there has been an incident near their location.
  • respond to a location alert email from your mobile device and/or your traditional email
  • fill out a form on our website, e.g. completing an online form sign up to our marketing list
  • correspond with us by email or post
  • speak to us in person or on the phone
  • visit our offices
  • give us feedback (for example, by completing a survey)
  • give us your business card at an event or meeting
  • register for one of our online learning tools, webinars, events and/or conferences


Automated technologies or interactions: as you interact with our website, we will automatically collect information about your browsing activities and your equipment. We collect this information by using cookies. For full details about our use of cookies, please see our Cookie Policy.

Publicly available sources: we may collect personal information available publicly from the publicly accessible and online sources such as:

  • online professional social networking services and applications, such as LinkedIn
  • your company’s website
  • the Land Registry
  • Companies House


Third party sources: we may collect personal information from the following third party sources:

  • our clients/your employers
  • our agents
  • professional advisers instructed by us
  • fraud prevention and credit reference agencies
  • subscription databases
  • government agencies


6. How do we use your personal information?

Legal basis on which we will use your personal data

We will only use your personal information when the law allows us to do so, i.e. where we have a lawful basis for processing. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you, or take any steps you ask us to before entering into a contract with you
  • Where it is necessary to do so in order to comply with any legal obligations we have, such as under money laundering laws
  • On the basis of consent:
    • Where we rely on your consent for processing this will be brought to your attention when the information is collected from you
    • You have the right to withdraw consent at any time, see the Your Rights section below for further information about how you may withdraw your consent
    • We do not rely on or require your consent for the majority of our processing.
  • Providing legal, advisory and/or consultancy services
  • Ensuring regulatory compliance and maintaining accreditations
  • Providing our clients with the best service
  • Promoting our services
  • Receiving feedback
  • Improving our services and identifying ways to grow our business
  • and/or for the legitimate purposes of our clients or other third parties in receiving those services. We will only rely on this lawful basis where we consider that your interests and fundamental rights do not override such interests.

When processing your personal information we comply with the provisions of this privacy notice and, in respect of the provision of legal services we are also bound by professional obligations of confidentiality. and/or for the legitimate purposes of our clients or other third parties in receiving those services. We will only rely on this lawful basis where we consider that your interests and fundamental rights do not override such interests.


Special category data

In most cases, when we only process special category data when encountered in the process of an engagement instruction from a client. Where Special Category Data is encountered, it is not stored or copied in any way.

Purposes for which we use your personal data

We may process your information for the following purposes:

Emergency Response services

Where we receive personal data in connection with the provision of emergency response services, we process that data for the purposes of the provision of those services. This includes:

(a) Providing emergency response, assistance, location monitoring and alerting, and related services, such as:

  • employer emergency broadcast messages
  • providing security advice
  • providing medical assistance
  • when we hold and use personal information in the course of providing emergency response services to an individual client, that client is also entitled to access that personal information. They may in turn use that information in accordance with their own privacy notice or equivalent.

(b) Complying with our legal obligations or making disclosures to government, regulatory or other public bodies where in our reasonable opinion the disclosure is appropriate and permitted by law. This includes:

  • performing checks of our clients and others as we are required to do by law or which are good practice, such as anti-money laundering and anti-terrorism checks. In undertaking such checks we may ask individuals to provide information and use publicly available information
  • disclosures required by law or court order
  • disclosures to the police, tax authorities, the National Crime Agency or other public or government authorities where in our reasonable opinion the disclosure is required in relation to any criminal investigation or prosecution
  • disclosures to our regulators, ombudsman or other government, public or regulatory authority, including any data protection supervisory authority or regulator of legal services, where in our reasonable opinion the disclosure is required or permitted by law

(c) Providing access to our files for audit, review or other quality assurance checks, by our clients, regulators, auditors, professional advisers and certification/accreditation bodies.

(d) Processing required in connection with the day to day operation of our business such as billing and payments, complaints handling and internal record keeping. For this we may use third party service providers such as IT service providers.

(e) Processing required in connection with any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business or assets.



We process personal information in connection with marketing or communications purposes, including so that we can:

  • send you invitations to our online learning tools, webinars, events, and/or conferences as and when we think they might interest you
  • register and manage your attendance at one of our webinars, events or conferences
  • on occasion, organise necessary travel or hotel arrangements for your attendance at an event
  • if you are a speaker at one of our events, promote your participation via platforms such as Twitter, LinkedIn, our website and in our marketing communications (NB: external platforms may continue to store and use your personal information after the event has ended)
  • archive event attendance information and other personal information at the end of every business year (please see our retention schedules for more information about how long we store personal information)
  • share with you news and offers about our products and services
  • email you with cyber security updates and newsletters relevant to sectors and specialisms that you are interested in
  • ask you for feedback (for instance, in a survey) about our client services, and to manage, review and act on the feedback
  • manage any changes to your marketing preferences or comply with any unsubscribe requests
  • monitor our website usage and improve our services, please see our Cookies Policy below for further information on how we use cookies to do this



We process personal information in connection with our recruitment practices for the following purposes:

  • recruiting new employees, consultants and partners
  • verifying immigration status and/or eligibility to work in the UK
  • undertaking pre-employment checks
  • obtaining references


7. Who might we share your information with?

For the purposes set out in the ‘How we use your personal information’ section above, we may share your personal information with the following categories of third parties, some of whom we appoint to provide services, including:

  • blue light services internationally
  • travel companies such as airlines, aircraft operators, taxis and personal protection firms
  • professional advisors, suppliers and sub-contractors in the course of the provision of physical or cyber security or other services or in the performance of any contract we enter into with you
  • event venues, webinar hosts and training providers to provide you with access to our events and training
  • providers of business support services including technology, banking, insurance, litigation support and security
  • analytics and search engine providers that assist us in the improvement and optimization of our site
  • providers of business development and marketing support services
  • survey or quality assurance providers in order to receive feedback and improve our services

Additionally, we will disclose your personal information to the relevant third party if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, to protect your life, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our clients, our clients people. our regulator, or others.  Where we share your personal information with third parties, as described above, we will only do so where in our reasonable opinion that information will be adequately protected.  Any other service providers with whom we share information are approved by us and subject to contractual obligations designed to ensure that those providers comply with data protection legislation.

Transferring personal information outside of the EEA

From time to time and where circumstances require it, we may transfer personal data outside the European Economic Area (“EEA”) where adequate protection measures are in place in compliance with data protection laws.  For example, this may be in relation to an international assistance task to protect life, render medical assistance following an incident, or where we are sharing information with our colleagues or third party service providers who operate outside the EEA in order to fulfil our obligations to protect you through emergency response.

We also use IT Service providers based outside the EEA who provide us with software, maintenance and support in order for us to better provide you with our services. We ensure that any related transfers are either subject to an adequacy decision or are protected by the Commission approved Standard Contractual Clauses.


Third party links

Our website may include links to third-party websites, plug-ins and applications, for example when you click the link to register for on one of our webinars, you will be taken to the third party website of our webinar provider. We do not control these third party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy policy of every website you visit.

8. How can you change your marketing preferences?

We strive to provide you with choices around what marketing communications you receive from us.  To ensure that we continue to provide you with the most relevant information, you can review and update your marketing preferences at any time by clicking ‘unsubscribe’ or ‘manage preferences’ in any of our emails.

To request that we stop processing your personal information for marketing purposes, you can opt-out of all communications at any time by clicking ‘unsubscribe’ or ‘manage preferences’ in any of our emails, or by emailing and we shall stop processing your information for those purposes.

If you have consented to receive marketing communications from us, you can withdraw this consent at any time by clicking ‘unsubscribe’ or ‘manage preferences’ in any of our emails, or by emailing, and we will stop processing your information for those purposes.

See Your Rights section below for further information about your rights to withdraw consent and opt-out.


9. How long we keep hold of your information?

We retain personal data in accordance with our retention and destruction policy.

If you unsubscribe from our marketing emails or withdraw your consent for us to contact you, we will store your information for a period of two years to ensure that you no longer receive emails from us.


10. How is your information kept secure?

We are strongly committed to data security and we take reasonable appropriate steps to protect the personal information we hold from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic and managerial procedures to safeguard and secure that information.

We are certified under ISO 27001 and accredited under the UK Government’s Cyber Essentials security standards.


11. What are your rights in respect of your data?

If we process your personal data, you have the rights listed below, in line with the UK Data Protection Act 2018 and EU GDPR.  You can exercise these rights at any time by emailing us at, or by using the other contact details given in the ‘Contact details’ section below.

You have the right:

  • to ask us not to process your personal data for marketing purposes (either by clicking ‘unsubscribe’ or ‘manage preferences’ in any of our emails, or by emailing
  • to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing
  • to withdraw your consent at any time, you can do this by emailing  However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent
  • to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest
  • to request from us access to personal data we hold about you
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete
  • to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the lawful basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services
  • to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing)
  • to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.


12. What can you do if you have concerns about our use of data?

Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting our CEO in the first instance by using the contact details below. If we are unable to resolve your concerns and you remain dissatisfied, you have the right to complain to the relevant supervisory authority, which is the Information Commissioner’s Office in the UK. The ICO’s contact details are available here:

13. How can you contact us?

Please read this notice carefully and contact us if you have any queries by emailing us at: by writing to:

Data Protection Officer
Northcott Global Solutions Ltd
One Canada Square
E14 5AA
United Kingdom


14. Will there be changes to this notice?

This privacy notice may change from time to time so we recommend that you review it periodically. This version of the privacy notice was last updated on 27 January 2023.

Northcott Global Solutions Ltd Data Protection Policy
Annex A - D.P. Policy - Privacy Notice Emergency Medical & Non-Medical
Annex B - D.P. Policy - Privacy Notice Tracking and Travel Management
Annex C - D.P. Policy - Privacy Notice Third Party AdministratorClaims Handling
Annex D - D.P. Policy - Privacy Notice Business Development
Annex F - D.P. Policy - Data Privacy Impact Assessment Medical and Non-Medical
Annex G - D.P. Policy - Data Privacy Impact Assessment Tracking and Travel Management
Annex H - D.P. Policy - Data Privacy Impact Assessment Third Party Administrator
Annex I - D.P. Policy - Data Privacy Impact Assessment Business Development
Annex P - D.P. Policy - Data Subject Consent Form General
Annex Q - D.P. Policy - Parental Consent Form
Annex R - D.P. Policy - Parental Consent Withdrawal Form
Annex S - D.P. Policy - Data Subject Consent Withdrawal Form General
Annex T - D.P. Policy - Data Subject Access Request Form
Northcott Global Solutions Ltd Anti-Slavery Policy