Last updated: May 2026 – Compliant with UK GDPR and the Data (Use and Access) Act 2025
121prodata Ltd is a company based in the United Kingdom. 121prodata controls personal data about our business contacts and their representatives.
121prodata is registered in England and Wales under registration number 05832245, and our registered office is at 14th Floor, 33 Cavendish Square, London, W1G 0PW, United Kingdom. Our principal place of business is 1 Ashway, Northleach, Cheltenham, Gloucestershire GL54 3PB. ICO registration no. Z2480925.
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: 1 Ashway, Northleach, Cheltenham, Gloucestershire GL54 3PB
Email: privacy@121prodata.co.uk
Telephone: 01451 860805
121prodata Ltd does not currently appoint a Data Protection Officer, as we do not meet the threshold requiring one under UK data protection law. All data protection queries, including any complaints, should be directed to the contact details above.
This privacy notice is kept under regular review and updated as necessary. We will post any changes on this page with a revised date. Where changes are significant, we may also notify you by email.
This section explains the purposes for which we use personal data about our business contacts and their representatives. More detail about the types of personal data that we might use for these purposes can be found in section 4 below.
Marketing
We use personal data for marketing purposes, typically in relation to current or potential clients and their representatives. This includes providing you with original insight, commentary and research on data, marketing and research, early notifications of exclusive events, webinars and updates on our products and services.
We will not make contact with you for marketing purposes through any channel (such as email, telephone or post) if you have told us that you don’t want to hear from us in that way. Please note that if you ask us not to contact you for marketing purposes, you might still hear from us for other reasons – for example, as part of our ordinary relationship management activity.
Relationship management
We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with our clients, suppliers and their representatives. This could include activities such as letting you know about service changes, projects and campaigns, planned maintenance activity, contacting you with billing enquiries, inviting you to events and webinars, dealing with your enquiries, or asking you about what sorts of services you want us to develop.
Providing services
We use your personal data to provide you with information and services that you have asked for. For example, if you commission a project or campaign, we will use your contact details to keep you informed of progress. If you sign up to one of our events or webinars we might use your contact details to let you know how to access it.
Monitoring and improving our website
We use information such as how different people navigate around our website, how long they spend on particular pages, and whether they download any of our content (including service information, agreements, white papers and so on) in order to help improve the user experience of our website. It also allows us to tailor the website to match your interests and preferences better and helps us understand who has visited which pages to determine the most popular areas of the website. This information is also used for security and system administration and to generate aggregate non-personalised information for use by us.
Some of this monitoring is carried out using cookies. Where cookies are used for analytics, functional or security purposes and pose a low privacy risk, we rely on the updated rules under the Data (Use and Access) Act 2025, which no longer require your explicit consent for these types of cookies. You can find full details of the cookies we use, and how to manage or opt out of them, in our Cookies Policy.
Handling data protection complaints
We maintain an internal process for handling complaints from individuals about how we use their personal data. If you make a complaint to us, we will use your contact details and relevant correspondence to investigate and respond to it. See section 9 for further details of this right.
Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data, or complying with our obligations under UK data protection law.
The United Kingdom’s data protection law allows the use of personal data where the benefits (or “legitimate interests”) of doing so outweigh the possible negative implications for the relevant individuals. The Data (Use and Access) Act 2025 now confirms in statute that direct marketing activities can constitute a legitimate interest, although a Legitimate Interest Assessment (LIA) is still required. We have conducted an LIA for our marketing activities. If you object to us using these grounds you can do so at any time as explained in section 9.
The benefits that are being pursued are:
| Interest | Explanation |
|---|---|
| Marketing | We have an interest in promoting our services to our clients and potential clients by email, telephone and post. 121prodata Ltd is a well-established UK-based direct marketing consultancy with specific expertise in supporting clients requiring Corporate/Telephone Preference Service (C/TPS) telephone number screening and help with data, direct and digital marketing, campaign outsourcing and GDPR/ePrivacy Regulation support. To grow and generate profits, 121prodata needs to market its services to existing clients and potential clients. The Data (Use and Access) Act 2025 confirms in statute that direct marketing can be a legitimate interest. A Legitimate Interest Assessment (LIA) was conducted to establish this as a lawful basis for processing personal data for these purposes. |
| Helping people learn about services that might be of use to them | Our clients and potential clients have an interest in learning about services that they might find useful. |
| Maintaining and using our business relationships; understanding and keeping in touch with our clients and suppliers | We have an interest in maintaining and making use of our relationship with you. For example, if you work for one of our clients we may need to contact you in connection with one of the services that your employer has purchased from us. Or if you work for one of our suppliers we may need to contact you about a service that your employer supplies to us. We also have an interest in understanding what kinds of people use our services and how they use them. |
| Commercial Interests | Like any commercial organisation, we seek to earn revenue through services that we provide to our clients. |
In some circumstances, we may have other grounds to process personal data. These are set out in the following table, along with examples of the circumstances in which they might apply.
| Grounds | Examples |
|---|---|
| Consent | We may in some circumstances rely on your consent. For example, before certain cookies are set on this website (see our Cookies Policy). In those circumstances you will be specifically asked whether you agree to us using your data in specified ways. You can withdraw consent and ask us to delete your information at any time – please see section 9. |
| Necessary for performance of a contract with the relevant individual, or to take steps for entering into a contract | If you sign up to one of our services, it will often be necessary for us to use your details in order to provide that service. |
| Necessary in order to comply with a legal obligation | Regulators, government bodies and courts have powers to order us to provide information and, like any other organisation, we sometimes have to comply with their requests. |
We obtain and use information from various different sources.
| Type of information | Description | Source |
|---|---|---|
| Name and contact details | This is basic personal data about you at your place of work, and how to get in touch with you, including your name, job title, location, telephone numbers, email address and social media profiles. | This information is usually provided directly by the relevant individuals; it could for example be given over the telephone, in an email, through our websites, or in person at an event. In addition, we may use publicly-available and website sources, like LinkedIn, or marketing lists from carefully selected data suppliers. We produce these records ourselves. |
| Organisation-related details | This is information about your organisation, your role within it and who your colleagues are. | |
| Contact history | This is information about our dealings with you, such as what information we have sent you, who at 121prodata knows you, and what meetings, events or webinars you have attended. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails, clicked on a link or watched a video. | |
| Telephone numbers submitted for TPS/CTPS checking | Numbers submitted by you or your organisation for screening against the TPS/CTPS registers. Where these relate to identifiable individuals (e.g. sole traders or personal mobile numbers), they may constitute personal data. | Provided directly by you as part of the TPS/CTPS checking service. |
| Device information | This is information about the device you are using to access our website, such as the type of device, its operating system, browser, IP address and what cookies are on it. | We produce these records ourselves by monitoring your use of our website. |
| Website usage | This is information about your use of our website, such as what pages you have visited, which online services you have used and what content or data you have downloaded. | |
| Login credentials | This is information such as your username and password which are processed if you sign up to use this website or require FTP access to securely share files. | This information is provided by you or may sometimes be generated by us (for example if we set or reset your password). |
Service providers
We may provide your information to third parties who help us use it for the purposes described in section 2. Our key service providers and the locations where they process data are set out in section 6 below. These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
Online Advertising Platforms
We may use third party advertising platform providers such as Google to serve advertisements to you. These third parties may use information about your visits to these and other websites in order to provide you with advertising about products and services that may be of interest to you.
Sometimes we may provide information associated with you to third parties who operate other websites (such as social media platforms) so that we can show you relevant advertisements while you are using those websites. This information will be protected so that you can only be identified if the third party already knows you – the information we provide only tells them that you are a user of our websites.
You can configure your advertising preferences on social media such as Facebook, LinkedIn, Twitter/X or Instagram by accessing your settings or preference options on the relevant platform. You can also opt out of interest-based advertising by visiting the IAB opt-out platform at www.youronlinechoices.com.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
Business Transfers
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
Regulators
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office (ICO), or its successor body the Information Commission.
We are based in the United Kingdom, and will normally access and use your information from here. The table below sets out our key service providers, the types of data they process on our behalf, and where that data is hosted.
| Service Provider & Purpose | Data Hosted | Location & Safeguards |
|---|---|---|
| Namesco / Names.co.uk (Team Blue Internet Services UK Ltd) |
Website, C/TPS checker and API user data | UK data centres in the Thames Valley. Namesco is a UK-based provider operating in accordance with UK GDPR. Data does not leave the UK. |
| Microsoft 365 | Prospect and customer data in emails and documents | Hosted within the EU/EEA. For any transfers to the US, Microsoft is certified under the UK Extension to the EU-US Data Privacy Framework (UK-US Data Bridge), providing a lawful basis for UK-to-US transfers. |
| Google Workspace | Prospect and customer data in emails and documents | Hosted within the EU/EEA. For any transfers to the US, Google is certified under the UK Extension to the EU-US Data Privacy Framework (UK-US Data Bridge), providing a lawful basis for UK-to-US transfers. |
| CapsuleCRM | Prospect, customer and supplier data | CapsuleCRM is a UK-based provider. Data is hosted within the EU/EEA. See capsulecrm.com/privacy for current details. |
| Lemlist (lempire SAS, France) |
Direct marketing email campaigns | All data hosted exclusively within the EU on servers in France (hosted by OVH). No personal data is exported outside the EEA. Safeguarded by SCCs with a UK Addendum where applicable. |
| Xero | Customer billing and financial data | Xero is a New Zealand-based provider. Data may be hosted in Australia, New Zealand or the USA. Xero operates under an IDTA and/or SCCs with UK Addendum. See xero.com/uk/legal/privacy for details. |
International transfers – safeguards
The Data (Use and Access) Act 2025 updated the rules on international transfers of personal data. Where we transfer data outside the UK, we do so only where the level of protection available is appropriate, assessed against UK data protection standards. Safeguards we use may include:
If you would like further information about the safeguards in place for any particular transfer, please contact us using the details in section 1.
We apply the following general retention periods. You can request earlier deletion as explained in section 9.
| Category of data | Retention period |
|---|---|
| Business contact data (name, email, phone, job title) | Retained while you or your employer has an ongoing relationship with us, or for up to two years from the date of your last demonstrated interest in our services. |
| Account credentials and login data | Retained for the life of the account and deleted within a reasonable period following account closure. |
| Website usage and device data | Retained for the period necessary to fulfil the analytics or security purpose for which it was collected, typically no longer than 26 months. |
| Financial transaction and billing records | Retained for 7 years to comply with HMRC requirements. |
| TPS/CTPS checking logs and submitted telephone numbers | Retained for the period necessary to provide the service and demonstrate compliance, then securely deleted. |
| Data protection complaint records | Retained for the period necessary to resolve the complaint and for up to 3 years thereafter, in case of any regulatory enquiry. |
We use certain profiling techniques in order to help us to understand our clients and potential clients. This in turn helps us to understand which people might be interested in which of our products and services.
Under the Data (Use and Access) Act 2025, restrictions on automated decision-making now specifically apply where significant decisions are based on the processing of special category data. We do not process special category data, and our profiling activities are used only to better understand and segment our audience – they do not result in any legally or similarly significant effects on you. We do not use automated decision-making to set the prices that we charge for our products and services.
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.
Access: You have a right to find out what personal data we hold about you and certain other information such as how we are using it. You also have a right to receive information in a portable format in certain circumstances. If we need further information from you to clarify the scope of your request, we may ask for this – in accordance with the Data (Use and Access) Act 2025, the response period will pause (“stop the clock”) while we await your reply. We will respond within one month of receiving all necessary information, or within three months where the request is complex.
Right to complain directly to us: You have the right to lodge a complaint directly with 121prodata about how we handle your personal data. To do so, please contact us by email at privacy@121prodata.co.uk, by post or by telephone (details in section 1). We will acknowledge your complaint promptly and respond within one month, or within three months where the complaint is complex. If you remain dissatisfied with our response, you can escalate to the ICO as described in section 10. Note: this becomes a statutory right under the Data (Use and Access) Act 2025 on 19 June 2026. We are implementing this process now in anticipation of that requirement.
Objection to direct marketing: You can let us know that you object to us using your personal data for direct marketing. Please unsubscribe from our emails using the link in any email we send, or contact privacy@121prodata.co.uk.
Rectification: If you believe that the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
Objection to legitimate interests: If you disagree with us relying on the legitimate interests ground for using your personal data (see section 3 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances. In the case of emails that are sent on the basis of legitimate interests (see section 3), you can do this by clicking on the ‘unsubscribe’ link.
Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However this usually won’t apply to all of your data because we might have good reason for needing to keep some of it – for example, so that we do not subsequently contact you if we receive your details again in the future.
Restriction: In certain circumstances you can ask us to restrict the ways in which we use your personal data, such as while we are verifying whether the information is accurate. While the information is restricted, it can only be used for certain limited purposes such as bringing or defending legal claims, or protecting another person.
Portability: You have the right to receive certain limited types of information in a portable, machine-readable format.
We encourage you to contact us in the first instance so that we can investigate your concerns (see also your right to complain directly to us in section 9):
Post: 1 Ashway, Northleach, Cheltenham, Gloucestershire GL54 3PB
Email: privacy@121prodata.co.uk
Telephone: 01451 860805
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
Please note: Under the Data (Use and Access) Act 2025, the ICO is expected to be renamed the ‘Information Commission’ in due course. The contact details above remain valid in the interim.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. This includes:
Whilst we take all reasonable steps to protect your personal data, no transmission over the internet can be guaranteed as completely secure. If you have concerns about the security of your data in our systems, please contact us using the details in section 1.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and/or the ICO in accordance with our legal obligations.
You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
We keep this privacy notice under regular review and will update it to reflect any changes in our data processing activities, changes in the law, or feedback from you. Any changes will be published on this page with an updated revision date at the top of the notice. Where changes are significant, we may also notify you directly by email.
This notice was last reviewed and updated in May 2026.
