Privacy Policy



DDCAP Limited, DD&Co Limited and DDGI Limited (collectively referred to hereinafter as “DDCAP”, “we” or “us”) understand that your privacy is important to you and that you care about how your personal data is used in the course of our business and commercial relationship with you. We respect and value your privacy and will only collect and use your personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under English law.

This Data Protection and Privacy Policy (“Privacy Policy”) sets out the obligations of DDCAP regarding data protection and the rights of clients and suppliers, as well as visitors to our website, (“Website”) in respect of their personal data under the Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR).(“GDPR”).

This Privacy Policy sets out the procedures that DDCAP, its employees, agents, contractors, and other parties working on behalf of DDCAP are to follow when dealing with personal data.  DDCAP is committed not only to the letter of the law but also to the spirit of the law, and places high importance on the correct, lawful and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.

Please read this Privacy Policy carefully and ensure that you understand it.

If either now or in the future you enter into a contractual arrangement with DDCAP (whether as a client, a supplier or otherwise), you will be required to read and accept this Privacy Policy, or otherwise agree to contractual provisions complying with the DPA 2018 and UK GDPR. In particular, as part of our ongoing business relationship with you, we may need to have in place up to date Know-Your-Customer, Anti-Money Laundering and Combat Terrorist Financing information from you, which may include your personal data (as defined below). In the course of updating such information, we may ask you (or the company you work for) to amend our existing contractual documentation with you in order to ensure that both you and DDCAP are in compliance with GDPR. If you are a visitor to our Website, your acceptance of our Privacy Policy is deemed to occur upon your first use of the Website.

We may amend this Privacy Policy from time to time.


DDCAP Limited is a private limited company incorporated and registered in England under company number 05493658, whose registered address 

DD&Co Limited is a private limited company incorporated and registered in England under company number 00228785, whose registered address is 36 Shad Thames, Core 1A – Butler’s Wharf Building, London, SE1 2YE. 

DDGI Limited is a private limited company incorporated and registered in England under company number 03393586, whose registered address is 36 Shad Thames, Core 1A – Butler’s Wharf Building, London, SE1 2YE. 


You can contact us with any questions regarding your personal data or this Privacy Policy using the details set out in section 13 below.



    The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a data subject) and an ‘identifiable natural person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.


    This Privacy Policy explains what we do with your personal data, whether we are providing you with a service, receiving a service from you or you are simply visiting our Website.

    It describes how we collect, use, and process your personal data, and how, in doing so, we comply with our legal obligations to you.  Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

    If you are a visitor to our Website, please note that this Privacy Policy only applies to your use of our Website. Our Website may contain links to other websites. Please be aware that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.


    Depending upon your relationship with us and/or your use of our Website, we may collect some or all of the following personal and non-personal data from you:


    In order to deliver services to you and to comply with our regulatory requirements, we may collect some or all of the information listed below.  The following list is not exhaustive:

    • name;
    • contact details including telephone number, email address and residential address;
    • a copy of your driving licence and/or passport/identity card; and
    • financial information including bank account details.


    The data we collect about suppliers is limited.  We simply need to make sure that our relationship with you runs smoothly. We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you.  We may also hold extra information that someone in your organisation has chosen to tell us.

    Website Users

    We collect a limited amount of data from visitors to our Website, which we use to help us to improve your experience when using the Website and to help us manage the services we provide. This includes information such as how you use our Website, the frequency with which you access our Website, your browser type, the location you view our Website from and the times that our Website is most popular.

    If you contact us via the Website, for example by completing a contact form or asking to be added to our mailing list, we will collect any information that you provide to us.

    See section 12 (Cookies) below for further details.


    Personal data that you give to us.
    Where you contact us proactively by phone or by email or where we contact you, either directly or as a result of our business development activities more generally.

    Personal data that we receive from elsewhere.
    Where appropriate and in accordance with any local laws and requirements, we may seek more information from other sources by way of due diligence or other market intelligence.

    Personal data we collect automatically.
    Where you read or click on an email from us, where appropriate and in accordance with any local laws, we may automatically collect certain information such as your IP address.

    In addition, where you visit our Website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the Website and the way you browse its content. We also collect your data automatically via cookies, in line with the cookie settings in your browser. See section 12 (Cookies) below for further details.


    All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected.  We will comply with our obligations and safeguard your rights under the GDPR at all times. For more details on data security, see section 6 below.

    Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g., by subscribing to emails), or because it is in our legitimate interests.


    We have listed below the various ways in which we may use your data in order to establish and maintain our relationship with clients:

    • due to the nature of our business, we are required to carry out certain due diligence and identification checks on our clients before we are able to provide services to you.  We may therefore process and store your personal data (and update it when necessary) for these purposes;
    • storing your contact details (and updating them when necessary) on our database, so that we can contact you to inform you of our services (and to perform them for you or with you), to send you our brochure(s), to provide you with information, and respond to your enquiries;
    • keeping records of our conversations and meetings, so that we can provide targeted services to you ;facilitating our accounting and invoicing processes;
    • carrying out customer satisfaction surveys;
    • processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you; and
    • to comply with our legal and/or regulatory obligations.

    We may use your personal data for the above purposesif we deem it necessary to do so for our legitimate interests.  

    We will not, as a matter of course, seek your consent when sending marketing messages to a corporate postal or email address.

    In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer ‘personal data’ for the purposes of UK GDPR.If you have concerns about how we may be using your data, in certain circumstances you have the right to object (see sections 9, 10 and 11).


    We have listed below the various ways in which we may use your data in order to establish and maintain our relationship with Suppliers:

    • to store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements;
    • to offer services to you or to obtain support and services from you;
    • to perform certain legal obligations; and
    • to help us to target appropriate marketing campaigns.

    We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests.  We will not, as a matter of course, seek your consent when sending marketing messages to a corporate postal or email address.

    If you have concerns about how we may be using your data, in certain circumstances you have the right to object and/or opt out (as appropriate) (see sections 9, 10 and 11).

    Website Users

    We use your data to help us to improve your experience of using our Website


    Data security is very important to us and we have taken suitable measures to safeguard and secure data collected directly from you or through our Website.

    Your data will only be stored in the UK or in a jurisdiction subject to equivalent data protection regulation as UK GDPR

    Steps we take to secure and protect your data include (but are not limited to):

    • firewalls;
    • user authentication protection
    • Restricted Access and password protection for certain categories of data; and
    • where hard copies of documentation are held, access is restricted, and cabinets are secured.

    We will periodically review our security policies and implement changes from time to time.  However, the Internet is not a risk-free place for communication and for that reason, we cannot and do not guarantee complete security, as it does not exist on the Internet.  It is your responsibility to ensure that you have adequate and up-to-date anti-virus software and firewalls installed on your device.


    We only keep your personal data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it.

    We will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for seven years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data).  After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.

    When we refer to “meaningful contact“, we mean, for example, communication between us (either oral or written), or where you are actively engaging with our services.  Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.

    When we refer to “delete” in this Privacy Policy, we mean that we will endeavour to permanently erase or destroy your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so.  However, despite our efforts, some of your data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists on an archive system, it cannot be readily accessed by any of our operational systems, processes, or staff.


    We may share your data with other companies in our group that are based in the UK. For the purposes described above, we may have to transfer your personal an affiliate of DDCAP or a third party outside the UK and in a jurisdiction not being subject to an adequacy decision of the UK Government  We will always ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your personal data is treated in a manner that is consistent with, and respects GDPR.

    We may sometimes contract with third parties to supply services to you on our behalf.  These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing.  In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.

    We may compile statistics about the use of our Website.  All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you.  We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

    In certain circumstances, we may be legally required to share certain data, which may include your personal data, for example, where we are involved in legal proceedings or where we are complying with legal requirements, a court order or a request from a government authority.

    We may be involved in the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.  In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes. We will not, however, otherwise sell your personal data to any third party.


    As a data subject, you have the following rights under the GDPR, which this Privacy Policy and our use of personal data have been designed to uphold:

    • the right to be informed about our collection and use of personal data;
    • the right of access to the personal data we hold about you (see section 10);
    • the right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 13);
    • the right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained in section 7, but if you would like us to delete it sooner, please contact us using the details in section 13);
    • the right to restrict (i.e., prevent) the processing of your personal data;
    • the right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
    • the right to object to us using your personal data for particular purposes; and
    • rights with respect to automated decision making and profiling.

    If you would like to exercise any of these rights or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), details of how to contact us are set out in section 13.  Please note that we may keep a record of your communications to help us resolve any issues which you raise.

    If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.

    For further information about your rights, please contact the Information Commissioner’s Office:


    You have the right to ask for a copy of any of your personal data held by us (where such data is held).  Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge.  However, we may charge a reasonable fee if your request to exercise your rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

    You may exercise your right to access your personal information and right to rectify it by contacting us using the details in section 13. We may need to verify your identity prior to disclosing any personal information in order to ensure that we are not disclosing personal information to, or about, the wrong person.


    In addition to your rights under the GDPR, set out in section 9, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).

    You may also wish to sign up to one or more of the preference services operating in the UK.  These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.


    Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our site. By continuing to browse the Website, you are agreeing to our use of cookies.

    A “cookie” is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

    We use the following types of cookies on our Website (which may include cookies from third party sites):

    • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
    • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

    You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies {including essential cookies} you may not be able to access all or parts of our Website.


    If you have any questions about this Privacy Policy, the practices of this Website, or our use of Cookies, you can contact us as follows:


    By post, at:

    DDCAP Limited
    36 Shad Thames
    Core 1A – Butler’s Wharf Building

    SE1 2YE
    United Kingdom

    Tel.: +44 (0)20 7863 1250
    Last updated: September 2021