top of page

Key information

Privacy notice

This privacy notice sets out:

  • who we are;

  • why we need to collect your personal data;

  • the general categories of personal data that we may process;

  • the purposes for which we may process your personal data;

  • the legal bases of the processing;

  • who has access to your data and who the data may be shared with;

  • how we will protect your data;

  • how long we will retain your data;

  • your rights as a data subject; 

Who we are

EMB-Group Limited (company number 07087597)(EMB Group) is the data controller. EMB Group’s registered address is 5 Merus Court, Meridian Business Park, Leicester, LE19 1RJ.

EMB Group is committed to being transparent about how it collects and uses personal data and to meeting its data protection obligations.


EMB Group’s Data Protection Lead can be contacted at:

Why we need to collect your personal data


We need to collect personal data in order to maintain records and in order to communicate with you or your organisation about the services that we provide to you or your organisation.


The categories of personal data that we may process


The personal data that we normally collect includes your name, job title, address and contact details, including email address and telephone number. For certain projects or contracts that we deliver, we may be required to collect other data, including sensitive personal data. Where this is the case, we will explain the purpose and lawful basis for processing your sensitive personal data before requesting the data.


When visiting our website, we may also automatically collect technical information such as the IP address used to connect your computer to the internet, your geographic location, browser type and version, browser plug-in types and versions and operating system and platform. For more details on how we use cookies and similar tools, please see the Cookie Policy on our website.

Purposes of the processing


The purposes for which we may process your personal data are:

  • to maintain records of our customers for legal or contractual purposes;

  • to communicate with you or your organisation in order to make appointments, to send invoices or similar (service communication);

  • to send you marketing information about similar services that we offer.

Lawful basis for the processing


Personal data may be processed by EMB Group under a number of lawful bases:

  • Contract: Processing of your personal data may be necessary for the performance of a business or employment contract to which you are party or in order to take steps at your request prior to entering into a contract.

  • Legal Obligation: Processing of your personal data may also be necessary to enable EMB Group to comply with legal obligations to which EMB Group is subject, for example, we may be required to collect personal data of interviewees in the course of an audit.

  • Legitimate Interest: Personal data may be collected to respond to enquiries and to supply relevant marketing information about our services. Personal data will also be collected in response to job advertisements or recruitment enquiries.

Who has access to your data?


Your information may be shared internally, including with EMB Group staff and managers and IT staff if access to the data is necessary for performance of their roles.


Your data may also be shared with third parties who provide certain business functions or process data on behalf of EMB Group and its clients or where there is a legal or contractual requirement for EMB Group to do so. EMB Group does not permit data processors acting on its behalf to use the data for any other purpose.

How does EMB Group protect your data?


EMB Group takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorised employees in the performance of their duties. The EMB Group of companies holds ISO27001:2013 information security certification as well as Cyber Essentials Plus certification.


Where EMB Group engages third parties to process personal data on its behalf, those third parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.


EMB Group will not transfer your data to countries outside the European Economic Area.

Retention period


EMB Group’s Data Retention Policy requires personal data to be deleted or securely destroyed when it is no longer required for the purpose for which it was originally obtained.

EMB Group normally holds data for seven years after performance, except where we are under contractual obligations to retain the personal data for longer periods.

Where we are using your details for direct marketing, EMB Group will keep such data until you notify us to delete the data or withdraw your consent.

Data held by EMB Group is securely destroyed at the end of the retention period in accordance with our information security policies.

Consequences of failure to provide personal data

Failure to provide the required personal data may mean that EMB Group is unable to provide you with services.

Automated decision making


EMB Group does not use automated decision-making.

Your rights as a data subject


As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;

  • require the organisation to change incorrect or incomplete data;

  • request the organisation to delete or stop processing your data, when the data is no longer necessary for the purposes of processing.


If you would like to exercise any of these rights, please contact EMB Group’s Data Privacy Manager by e-mail at:


If you believe that EMB Group has not complied with your data protection rights, you can complain to the Information Commissioner’s Office:

Learn more about EMB Group

bottom of page