Privacy Policy

Who are we?

We are Nine Consulting Limited, trading as ‘9ine’. We provide consultancy services and cloud based products to client organisations to assist with their risk management in the areas of technology, data protection, cyber security, and safeguarding.

We are registered in England and Wales under company number 06829839. Our registered offices are at 20 Goodwood Way, Cepen Park South, Chippenham, SN14 0SY and we are based at Second Floor, Wonersh House, The Guildway, Old Portsmouth Road, Guildford, Surrey, GU3 1LR.

What is personal data?

The term ‘personal data’ refers to any information which identifies you or can be used to identify you when used in conjunction with other information. The personal data most commonly used by us will be your name, your job title and your email address.

The term ‘data subject’ describes the person about whom the personal data is about.

What personal data do we collect about you?

We will usually collect and process:

  • Names
  • Email addresses
  • Job titles
  • IP address
  • Location data
  • Website statistics

We may also collect and use anonymous or aggregated data relating to your use of our products and services in order to improve them, refine them and develop our business.

How do we obtain your information?

Much of the personal data we process about you will be provided directly by you. We will collect your personal information to contact you when:

  • You have expressed an interest in the use of our products and services (including trial products and services).
  • You have registered to attend (or have attended) one of our events (or one of our sponsored events).
  • You have attended an event, webinar or conference that we have participated in and you have consented to your data being shared with us.
  • You visit our websites.
  • You sign up to receive newsletters, digests, blogs or surveys.
  • You have expressed an interest in working for, or with, us, or.

How do we use your personal data?

We use your personal data for the purposes you provide the information for, including communicating with you to maintain and expand our relationship with you.

We may also use your personal data:

  • To tell you about the services or products we have developed that might be appropriate to you or your role.
  • To analyse patterns and trends of your service usage, to help us plan our services, inform our product development and develop our business.
  • To help us verify your identity and your position within an organisation when you register for our services or express an interest in developing a business relationship with us.
  • To monitor our performance in how we respond to you.
  • To make recommendations for products or services from trusted third parties that may be of interest to you. Please note that we may receive commission for purchases made through the 9ine App (at no additional cost to you).
  • To help us investigate any concerns you may have about any of the services or products you receive from us.
  • To ask you for feedback on the services or products you have been using.
  • To tailor your content for your particular role, region, interests or preferences.

What are our responsibilities for looking after your personal data?

We are registered as a Controller with the Information Commissioner’s Office under number Z2290134.

We are also a Processor of information for other organisations.

In every case, when we are collecting or using personal data, we will comply with the requirements of data protection legislation, including the General Data Protection Regulation (Regulation (EU)2016/679) (the GDPR) and the Data Protection Act 2018.

What is our legal basis for using your personal data?

Under the GDPR, we are required to have a legal basis to process your personal data.

Where we are acting as a Controller, our lawful basis may be based upon:

  • Your consent, which you can withdraw at any time by contacting
  • Our contractual obligation.
  • Our legal obligation.
  • Our legitimate interest.

Where we are acting as a Processor, our legal basis will mirror that of our Controller. We will only process personal data in accordance with our Controllers instructions and in compliance with our contractual obligations.

We may share your personal data with selected external service providers acting on our behalf, under contract, to complement the services we are providing for you. These service providers maybe based outside of the EEA. We may also be required to share your personal data with other organisations for legal or statutory purposes, or where we have your consent to do so.

What rights do you have over your personal data?

You may ask us for information about the personal data we hold about you and what we are using it for.

You may also ask us to:

  • Stop using your personal data for the purposes of direct marketing.
  • Rectify any inaccurate information we hold about you.
  • Restrict our use of your personal data.
  • Erase your personal data.
  • Provide your personal data to another data controller.

If you have any questions or concerns about how we are using your personal data or if you would like to exercise any of your information rights, please contact us at

If you consider your personal data is not being used appropriately and you have not received a satisfactory response from us, then you are entitled to lodge a complaint with the Information Commissioner’s Office.

How do we retain and store your personal data?

All personal data is securely stored and is deleted when it is no longer required.

How do we keep your personal data secure?

We have procedures and technologies in place to maintain the security of all personal data from the point of collection to destruction.

We use industry-standard security measures to protect your personal data against unlawful or unauthorised processing, and against accidental loss, destruction or damage.

We hold Cyber Essentials+ and ISO 9001 certifications. We undertake regular WebApp cybersecurity assessments, auditing our code on a regular basis and following best practice in Cyber Security by design methodologies.

We will only use data processors who have provided us with sufficient guarantees that they have implemented appropriate technical and organisational measures to comply with the data protection legislation.