Your privacy is not just a legal obligation for us — it is the foundation of everything we do. The nature of our work means that the people who contact us are often in a vulnerable and emotionally difficult position. We treat every piece of information you share with us with the utmost discretion and care.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under UK law. Please read it carefully.
This entire document requires review by a qualified UK solicitor before publication. Specific items to confirm: ICO registration number (insert once registered), company registered number (insert once incorporated), lawful basis for processing in investigation contexts under UK GDPR, data retention periods, and any obligations under the Investigatory Powers Act 2016.
The Green Dot Agency ("we", "us", "our") is a private investigation agency operating across the United Kingdom. We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Company full legal name, registered address, Companies House number, and ICO registration number to be inserted here once registration is confirmed.
For any questions about this policy or how we handle your data, please contact us at: [[email protected]]
We collect personal data in the following circumstances:
Important: We understand that many people who contact us are in sensitive situations and may not wish to use their real name. You are welcome to use a pseudonym in your initial enquiry. We will only ask for your full details if and when you formally engage our services and only to the extent necessary to carry out the work.
Under UK GDPR, we must have a lawful basis for processing your personal data. Depending on the circumstance, we rely on one or more of the following:
Where you have engaged us to carry out an investigation, we process your data because it is necessary to fulfil the contract between us.
For enquiries that do not proceed to a formal engagement, we may retain limited contact information for a short period to enable us to respond to your query and follow up, where you have indicated this is welcome.
We may be required to process or disclose certain data to comply with applicable law — for example, in response to a lawful request from a court or law enforcement authority.
The lawful basis for processing data about third-party subjects of investigations (i.e., the people being investigated, not the clients) under UK GDPR requires specific legal advice. This section needs confirmation of the appropriate basis — likely legitimate interests with a full balancing test — before publication. Refer also to the ICO guidance on processing personal data for investigatory purposes.
We use the personal data we collect solely for the following purposes:
We will never use your data for marketing purposes without your explicit consent. We will never sell, rent, or share your data with third parties for commercial gain.
We treat all client data as strictly confidential. We do not share your personal data with any third parties except in the following limited circumstances:
We use a small number of carefully selected third-party service providers to operate our business — for example, our encrypted email provider, our secure enquiry form processor, and our payment processor. These providers are contractually bound to process your data only on our instructions and in accordance with UK data protection law.
Where you have engaged us to prepare evidence for use in legal proceedings, we may share relevant materials with your nominated solicitor or barrister. We will only do this with your explicit instruction and consent.
We may disclose data where we are legally required to do so — for example, in response to a valid court order, search warrant, or lawful request from a law enforcement authority. Where legally permitted to do so, we will inform you of any such request.
We will never disclose any information about your identity or your case to the subject of an investigation, to their associates, or to any other party not listed above. Discretion is the foundation of our service.
Specific retention periods need legal advice to confirm. Suggested starting points are listed below but must be reviewed against PI industry norms, potential litigation timelines, and ICO guidance on data minimisation before publication.
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law.
When the applicable retention period expires, data is securely and permanently deleted or anonymised.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you directly as soon as practicable.
Under UK data protection law, you have the following rights in relation to your personal data:
You have the right to request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one month.
You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.
You have the right to ask us to delete your personal data in certain circumstances — for example, where it is no longer necessary for the purpose for which it was collected, subject to any legal retention obligations.
You have the right to ask us to restrict how we process your data in certain circumstances — for example, while a dispute about its accuracy is resolved.
Where we process your data on the basis of consent or contract, you have the right to receive that data in a commonly used, machine-readable format.
You have the right to object to our processing of your personal data where we rely on legitimate interests as our lawful basis.
Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at [[email protected]]. We will respond within one month and will not charge a fee in ordinary circumstances.
If you are not satisfied with how we handle your request or your data generally, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Our website uses a minimal number of cookies to ensure it functions correctly and to understand how visitors use it. We do not use advertising cookies or third-party tracking cookies.
These are required for the website to function. They cannot be disabled. They include session management and security cookies.
We may use privacy-respecting analytics (such as a self-hosted or anonymised analytics tool) to understand how visitors use our site — for example, which pages are visited most often. No personally identifiable information is collected. You can opt out of analytics cookies at any time.
If Google Analytics is used, this section needs updating to reference Google's data processing and the need for cookie consent under PECR. Consider using a privacy-first alternative such as Fathom Analytics or Plausible to avoid PECR complexity entirely — especially appropriate for a sensitive-subject site.
Our website may contain links to third-party websites — for example, legal resources or support organisations. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any personal data to them.
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Continued use of our services after any changes constitutes your acceptance of the updated policy.
For any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact our data controller at:
The Green Dot Agency
Email: [email protected]
[Registered address to be added]