At Andrew Alonzi Limited (hereafter ‘AAL’ , ’we’), we understand how important it is to our clients that the information they provide to us, including personal data is stored and handled securely and lawfully, and that we are transparent in how we use data supplied to us in connection with our work. 

This Privacy Policy sets out how we process personal data and our lawful basis for doing so, because we want you to understand how we may collect, store, use and protect any personal data. We will not share your information with anyone except as described in this Privacy Policy.  

We ask that you read this website privacy policy carefully as it contains important information on:

  1. who we are
  2. how and why we collect, store, use and share personal data
  3. your rights in relation to your personal information
  4. how to contact us and supervisory authorities in the event you have a complaint.


This Privacy Policy is divided into the following sections:

  1. Who we are
  2. Visitors to this website
  3. Cookies
  4. When you contact us
  5. The personal data we collect and use
  6. How we will use your personal data
  7. How long we will hold your personal data
  8. Transfer of your personal data out of the EEA
  9. Keeping your personal data secure
  10. Legal basis for processing personal data
  11. Your rights
  12. Links to other websites
  13. Changes to our Privacy Policy
  14. How to contact us

Who we are

Andrew Alonzi Limited (trading as Andrew Alonzi Learning and Development) is a private limited company registered in England and Wales with company number 06951343.  Its registered office address is The Old Barn, Church Lane, Besthorpe, Newark, Nottinghamshire, NG23 7BN.  AAL’s services include the delivery of training and consultancy services.  Consultancy services include research and evaluation and software design.  In this Privacy Policy, these are collectively known as ‘services’.  

AAL collects, use and is responsible for certain personal data about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom). We are responsible as controller of that personal information for the purposes of those laws.

AAL will adhere to the six principles of the General Data Protection Regulation.  We will also ensure that we will:

  1. clearly set out the company policies in relation to the management of information
  2. ensure our employee, servants and / or agents do not infringe current laws and regulations
  3. ensure our IT systems do not infringe current laws and regulations
  4. minimise the risk of loss or damage to personal data
  5. identify risks and implement measures to control these risks

Visitors to this website

When someone visits, we use a third party analytics service to collect standard internet log information and details of visitor behaviour patterns. We do this to find out:

  1. the aggregate number of unique website hits in a given period
  2. the number of unique visitors to individual pages of the site
  3. in each case, the browser used to access the site  

This information is only processed in a way that does not identify anyone. We do not make, and do not allow the third party analytics service to make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will make this clear and only do so on the basis of informed consent, explaining what we intend to do with it.


We (including any service providers we engage) may place cookies on your computer or device. Cookies are small data files that identify you when you use our services. You have the option to decline our cookies by using your browser’s settings tools. Please note that this may interfere with your use of our website.

When you view our website, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocoladdress, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. This log file information is automatically reported by your browser each time you access a web page.

Cookies and log file information are used to remember information so that you will not have to enter it again when you visit the AAL website, to make the content more specific for you, to monitor how services are performing, to identify the number of visits to the site and pages viewed, to identify and fix technical problems reported to us and to help you sign in and update and retrieve your information.

Please refer to our Cookies Policy for more information.

When you contact us

By telephone

When you telephone us, we collect only the information that you are willing to give us over the telephone.  We may prepare a short typed note of that conversation.  If we do, that note will be saved as an encrypted file and retained for a period of 6 years,.

By email

We use Google Mail, which uses ://https encrypted connections whenever we log in to Google Mail.  Please note that while Google Mail uses Transport Layer Security (TLS) to automatically encrypt incoming and outgoing emails, this only works if the email providers of both the sender and the recipient always use TLS.

The personal data we collect and use

AAL adheres to the principles that no more than the minimum amount of data will be kept in order to process it lawfully, and that personal data will only be obtained for specified, explicit and legitimate purposes. 

In the course of delivering our services we collect the following personal information when you provide it to us:

If you are a client or an employee, servants and / or agent of a client

We will collect your data from your directly, from publicly accessible sources of information and from third parties with a connection to the matter involving us. The personal information we will collect about you will vary depending on the reason why you are seeking our assistance. This includes:

  1. your contact details (name, address, telephone number, email)
  2. your qualifications, role and work details
  3. your working practises and connection with the matter in relation to which we are instructed
  4. payment information
  5. your regulatory and audit history, if relevant to our instruction
  6. training and evaluation data, audio recordings and transcripts of semi-structured interviews, which will always be anonymised at the point of data collection, and obtained only in accordance with an informed consent process in order to meet research ethics standards

If you are a supplier, or a provider of professional services or one of their employees

We may collect the following information about you:

  1. your contact details (name, address, telephone number, email)
  2. your qualifications and experience
  3. your bank account information and associated financial records with regard to payment of your
  4. invoices and fee notes
  5. feedback regarding the work you have done for us
  6. details of your availability to undertake work
  7. details of your health only insofar as this is relevant to your ability to undertake work we may week to instruct you on.
  8. Information may be obtained from third parties including:
  9. your representatives and any office support
  10. publicly accessible directories, including websites and professional directories
  11. clients
  12. others who have previously utilised your services.

Marketing contacts

We collect information relating to clients, employees of clients, attendees at our training courses or other events in order to promote our services and activities as permitted by law. The data we collect for these purposes relates to:

  1. your contact details (name, address, telephone number, email)
  2. your professional / learning and development interests
  3. the likelihood of you requiring our services

Occasionally, these details may be collected from third parties including:

  1. your employer
  2. an event organiser
  3. publicly accessible information from web pages or directories.

How we will use your personal data

In general, AAL will use your personal data in order to provide training and other consultancy services, in order to comply with our contractual obligations, statutory and / or regulatory requirements (for example by ensuring we have effective conflict checking measures in place), and to support our business management and development needs. 

AAL may share your personal data with third parties where this is a necessary part of our delivery of our services: 

  1. with clients and prospective clients, such as other local authorities, NHS Trusts and private organisations who require training and consultancy services
  2. with suppliers and providers of professional services, such as researchers, transcribers, software developers and administrative support
  3. with law enforcement, courts, tribunals, regulatory bodies and other authorities if required by applicable law

Such sharing is limited only to the extent that this is necessary.

We may also share your data with third parties that are contractually bound to process data on our behalf, for example, in connection with payments, event organisers, archiving services and the hosts of our IT Services.  In these circumstances, your personal data is protected by binding confidentiality arrangements protecting your data protection rights.

More specifically, the purposes we use your data for are as follows:

If you are a client or an employee, servants and / or agent of a client

We will use your data in order to:

  1. verify your identity
  2. understand your need for our services, the context in which you are operating and the nature of the issue requiring our services
  3. confirm your instructions to us and to provide our services in accordance with those instructions
  4. manage our invoicing, billing and payment requirements, including on occasion credit checking and payment chasing activity
  5. maintain the necessary records for our legal, ethical and regulatory purposes. Our insurers will also require us to maintain records in case of any subsequent legal claims arising out of the provision of our services.

If you are a supplier, or a provider of professional services or one of their employees

We will use your data:

  1. for the purposes of providing services to our clients
  2. for the purposes of administering agreements between us and our other suppliers, including dealing with administrative queries, managing payments and the performance of contracts with these suppliers or with you
  3. for  legal and regulatory purposes, including, where necessary, meeting the requirements of our insurers in order to manage any actual or contemplated litigation against us.

Marketing Contacts

We use your data to keep you informed of AAL’s services, including providing briefings and legal updates and inviting you to training events. 

We will only use you data for marketing purposes where permitted by the GDPR and in accordance with the Privacy and Electronic Communications (EC Directive) Regulations 2003, where applicable. 

How long we will hold your personal data

We hold onto your personal data for as long as is necessary to fulfil the purposes outlined in this Privacy Policy and to comply with our own legal obligations. 

In general, and unless required to adopt a longer retention period by our clients, we will hold your personal information (for example, name, address and contact details) for 6 years following conclusion of the advice or transaction.

If you indicate that you do not wish to receive direct marketing material we will keep this personal information (instruction) indefinitely, to ensure that we can follow your wishes.

Transfer of your personal data outside the European Economic Area

Occasionally, your personal data may be transferred to and stored outside the European Economic Area. A transfer of data outside the European Economic Area means that the data would be stored in a jurisdiction which does not provide equivalent safeguards and rights protecting your data as would be available within the United Kingdom and the European Union. 

However, if we are transferring your data outside the European Economic Area, we will be either doing this in circumstances where:

  1. the law recognises that the arrangements we have put in place provide equivalent protection to your data by, for example, using binding contractual terms approved by the European Union as providing appropriate protection; or
  2. the law recognises that a transfer outside the European Economic Area is lawful, for example, where a a provider or professional services (such as off-shore software development) is resident outside the European Economic Area. 

In any event, we require those receiving the data to keep such data secure and protected and will take all possible steps to ensure that this is done. 

Keeping your personal data secure

AAL adheres to the principle that personal data will be kept in a form which permits identification of data subjects for no longer than is necessary. 

We only use systems that are resilient, which handle your personal data confidentially and with integrity. We use encryption and authentication techniques to keep your data safe and secure.  We have organisational arrangements to ensure that your personal data is only accessible by authorised people who have a legitimate reason for using your personal data, including the use of password protected computer software, encrypted mobile devices and locked storage areas. 

Legal basis for processing personal data

AAL collect and process personal data on the legal basis that:

  1. we need it in order to perform a contract with you (if we have a contractual arrangement with you), including evaluating data to gauge the success of a training intervention (for example, evaluation surveys which are anonymised at the point of collection in accordance with research ethics standards)
  2. we are taking steps in order to enter into a contract with you
  3. we are processing the data in order to comply with a legal obligation specific to our organisation
  4. we need it for our legitimate business purposes and in the course of assessing these, we have taken into account your rights and freedoms.

Our legitimate interests are the delivery of training and other consultancy services as required by our clients, including the need to: 

  1. perform activities in order to operate the business of a training and  consultancy services provider, including the management and financial planning activities associated with this
  2. maintain records for our regulatory and ethical obligations
  3. maintain records in order to comply with the reasonable requirements of our insurers
  4. address any complaint or claim, including the need to provide instructions to our insurers and legal representatives
  5. comply with the legal obligations that require us to maintain and, in certain circumstances, disclose data
  6. prevent and detect fraud
  7. promote our services by providing briefing documents, newsletters and advertising our training events.

Your rights

Under the General Data Protection Regulation you have a number of important rights in relation to your personal data, free of charge. In summary, those include the right to:

  1. request access to the personal data we hold about you including the right to a copy of such personal data
  2. request the correction of inaccurate personal data and the right to have incomplete personal data completed
  3. request that data about you be deleted in certain circumstances
  4. ask that we restrict how we process your personal data in certain circumstances.
  5. object to us processing data in certain circumstances, including the right to object to your data being processed for direct marketing purposes. 
  6. data portability (a transfer of the data we hold to a new data controller) in certain circumstances. 

If you would like to exercise any of those rights, please contact us and address your request to the Data Manager.  Please include your name, email address and postal address in your request. We may also ask for proof of your identity. 

Where we collect data from you directly, except where we are required to process your data by law, when we ask you to provide data, you are not obliged to provide it. 

Where we need the information in order to fulfil our obligations to you or to others (whether as a result of contractual or regulatory obligations) a failure to provide the information we reasonably require may mean that you are subject to adverse consequences – for example, we may have to cease acting for you as a client. 

Please contact us if you are not satisfied with any aspect of the way we process your personal data.  If we are unable to resolve your complaint to your satisfaction and you continue to have any concerns about how we are handling your personal data, you may lodge a complaint at any time with the Information Commissioner’s Office. The Information Commissioner can be contacted at Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF or contacted via  

Links to other websites

We are not responsible for the content or practices used by other websites which may be linked to or from Please remember that when you use a link to go from to another website, this Privacy Policy is no longer in effect.  Your browsing and interaction on any other website, including those that have a link on our website, is subject to the rules and policies belonging to that website.

Changes to our Privacy Policy

This Privacy Policy was last updated in may 2018.  We may change this Policy at any time. If we change this Policy, we will give details on the Andrew Alonzi Learning & Development Website and, unless otherwise stated, any revised Policy will be immediately effective.

How to contact us

If you have any comments or questions about our Privacy Policy, please contact:

Mr Andrew Alonzi, Andrew Alonzi Limited, The Old Barn, Church Lane, Besthorpe, Newark NG23 7BN

01636 322001 and 07515 118174

or contact us here.