Duo Group Holdings Limited Privacy Policy


This document refers to personal data, which is defined as information concerning any living Person, that is not already in the public domain.

The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of individuals. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain.

Our GDPR statement of compliance

Duo Group Holdings Limited and its subsidiaries and associated companies is committed to protecting and respecting your privacy. This privacy policy sets out how Duo Group Holdings Limited and its subsidiaries and associated companies uses and protects any information collected from you, or that you provide to us, or is processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.
It tells you how we process this, who we share it with and how we dispose of it. It also informs you of your rights and how to exercise these.

Information we collect from you 

For us to provide you with the products and services you have requested from us, we will need to collect and process certain personal data about you.

The types of information we may collect from you include, but isn’t limited to:

  • Name and job title
  • Company name and address
  • Contact information including email address and telephone number
  • Demographic information such as postcode, preferences and interests
  • Company registration number
  • Company Bank Details including account number and sort code
  • Other information relevant to customer surveys and/or offers

Where we collect the data from:

  • We might collect your personal data from various sources including:
  • When you apply for our products and services
  • When you talk to us on the phone or in person
  • Online enquiry forms on our website
  • In emails and letters
  • In client surveys
  • Payment and transaction data

Information we obtain from other sources

We may obtain information from third parties if this is permitted by law or use legal public sources to obtain information about you, for example, to verify your identity. This includes, but isn’t limited to, companies such as Creditsafe.

This information shall only be obtained from companies that we are satisfied meet the requirements of GDPR

Why we collect data 

Data protection law allows us to use your personal data provided we have acceptable reasons for doing so. The law categorises these acceptable reasons as follows:

  • to fulfil our contractual obligations to you, or because you have asked us to do something before entering into a contract (contract); or
  • when it is our legal duty (legal obligation); or
  • when it is in our legitimate interests (legitimate interests); or
  • when you consent to it (consent).

A legitimate interest is when we have a business or commercial reason to use your information. However, our legitimate interest must not unfairly go against what is right and best for you.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and for the following reasons:

  • Internal record keeping
  • to respond to you
  • to send you quotations, invoices & statements
  • We may use the information to improve our products and services.
  • We may periodically send promotional mailshots and emails about new products, special offers or other information which we think you may find interesting using the information collected. You have the right to opt out at any point.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

We always undertake to protect your personal data, in a manner which is consistent and in line with GDPR concerning data protection. We also take reasonable security measures to protect your personal data in storage. We will never sell or share your information with any third party unless required to by law. It may be necessary for us to transfer your information to mailing houses and email marketing service providers, if we do, we will make sure such information is adequately protected.

Cookies used on our website

We use Google Analytics to monitor traffic levels, search queries and visits to this website.

Google Analytics stores IP address anonymously on its servers in the US, and neither Duo Group Holdings Limited or Google associate your IP address with any personally identifiable information.

These cookies enable Google to determine whether you are a return visitor to the site, and to track the pages that you visit during your session.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Disclosure of your personal information

We will keep information about you confidential. We may also share information to satisfy compliance or audit requirements. This may include allowing regulatory companies, such as the ISO or the FCA, temporary access to personal data. Duo Group Holdings Limited will ensure that any access is limited and under strict supervision.

We will not share your information without obtaining your express consent except with the following third parties where we need to share this in our role as intermediary and to satisfy our contract with you:

  • Any contractor and/or adviser that provide a service for us or act as our agents on the understanding that they collect and process data in line with Duo Group’s standards and who we are satisfied with all requirements of the GDPR
  • Anyone to whom we transfer our rights and duties under any agreement we have with you
  • Any legal or crime prevention agencies and/or to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so.

All Duo Group’s employees have received a briefing on protecting personal data and are duty bound as part of their contract of employment to confidentiality and data protection.

How long do we keep this information about you?

Our data retention periods are in line with the amount of time we need to keep your personal information to manage the business. We will also retain your personal data to comply with any legal, statutory and regulatory obligations. In all cases our need to keep your personal data will be reassessed on a regular basis and information which is no longer required will be disposed of permanently and confidentially.

Where your data is kept 

Your personal data is kept on our Company IT systems which meets with all the requirements of GDPR.

Subject access requests

You have the right to access personal data that we hold about you. This is referred to as a subject access request. To make a subject access request please write to the Data Protection Officer at Duo Group Holdings Limited, 4 Rye Hill Office Park, Birmingham Road, Allesley, Coventry CV5 9AB.

Our response to a formal request shall include details of the personal data we hold about you, including the following:

  • Sources from which we acquired the information
  • The purposes for processing the information
  • Persons or entities with whom we are sharing the information
  • Right to rectification

You have the right, without undue delay, to have any personal information about you which is not accurate, corrected. You also have the right to any incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure

You have a right to request for us to erase personal data concerning you, without delay. This refers only to data that we are not legally required or entitled to keep for a specified length of time in order to comply with any legal, statutory and regulatory obligations.

Right to the restriction of processing

Subject to exemptions, you have the right to restrict the processing of your personal data when:

  • You are contesting the accuracy of the data, and restrict the processing until the accuracy of the data has been verified
  • The processing is unlawful, and you oppose the erasure of the personal data but instead request the restriction in its use.
  • We no longer need the personal data for processing, but it is required by you for the establishment, exercise or defence of claims
  • You object to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.

We shall communicate any rectification or erasure of personal data as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.

Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit this data to another controller without hindrance from us.

Right to object

You have the right to object on grounds relating to your situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to necessary processing for the performance of a task carried out in public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, or in the establishment, exercise and defence of legal claims.

 Right to not be subject to decisions based solely on automated processing 

We do not carry out any automated processing, which may lead to an automated decision based on your personal data.

Invoking your rights

If you would like to invoke any of the above data subject rights with us please write to the Data Protection Officer at Duo Group Holdings Limited, 4 Rye Hill Office Park, Birmingham Road, Allesley, Coventry CV5 9AB.

Accuracy of information

To provide the highest level of customer service we need to keep accurate personal data about you. We take reasonable steps to ensure accuracy of personal data or sensitive information we obtain. We ensure that the source of any personal or sensitive data is clear. We will consider when it is necessary to update the information, such as names and/or addresses and you can help us by informing us when these changes occur.



If you have any queries which are not answered by this Privacy Policy or have any concerns about how we use the personal data we hold, please write to the Data Protection Officer at Duo Group Holdings Limited, 4 Rye Hill Office Park, Birmingham Road, Allesley, Coventry CV5 9AB.

Policy changes

Duo Group Holdings Limited will review this policy regularly to make sure we meet the highest standards and the protect your information. We reserve the right to update this policy at any time. We will not significantly change how we use data given by you to us, without your prior agreement.


If you have a complaint please write to the Data Protection Officer at Duo Group Holdings Limited, 4 Rye Hill Office Park, Birmingham Road, Allesley, Coventry CV5 9AB.

If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed because of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.