This privacy notice will help you understand how Fifth Square uses and protects your personal data.

We are Fifth Square Limited, registered in England and Wales at 36 Pine Walk, Weybourne, Holt, Norfolk, NR25 7HJ with company number 08503695.

You can contact our voluntarily appointed Data Protection Manager at if you have any concerns or wish to exercise your rights.

If you are an EU Data Subject you can contact our EU Representative, Rune Peterson, at Our EU Representative complies with our obligations under GDPR Article 27 and is established in the Republic of Ireland. Please note that our EU Representative is a Third Party. They will process your personal data in accordance with this Privacy Notice. 

In a Nutshell:

We’re committed to your data privacy and security. As such we give you these promises:

  • We will only collect data about you that is relevant and necessary.
  • Your data will only be held on systems that meet compliance standards.
  • Your data will only be accessed by those who need it and we will minimise the amount of data that is processed, wherever possible.
  • We won’t share or sell your data to any third party except for the marketing of our own services to you unless either you have agreed, we are required to share it by law or we need to fulfil our service commitments to you through a third party that meets our own privacy standards.
  • We will always remember that it is your personal data, not ours. As such we will ensure complete transparency and openness with you wherever possible.
  • We respect your rights as outlined in the next section and will respond to all requests promptly.

Your Rights:

You have the following rights over any data we hold about you:

  • Right to object to processing at any time,
  • Right to opt out of marketing at any time,
  • Right to have inaccurate data corrected,
  • Right to erasure of personal data from our database,
  • Right to export of personal data.

You can read more about your rights here.

If you would like to uphold your rights then please contact us at

If you are in dissatisfied with our response you also have the right to lodge a complaint with the Data Protection Authority. This can be done at

How we Collect your Data:

We collect information about you in two key ways:

  • Passive – you give us information on our website, email us, call us, send us a CV, meet one of us at events or meetings or approach us on social media
  • Proactive – this is data about you that we may hold from referrals, resellers or proactive marketing activity including obtaining your work-related data from publicly available databases.

What Data we Collect

We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us. Typically, data elements we collect is restricted to:

  • Name
  • Job Tile
  • Telephone Contact Details
  • Email Address
  • Employer Company Name
  • Location of Employer Company
  • Social Media Identifiers in some cases
  • Information you give us – for example when you request information, enter a contract with us or communicate with us.

Where permitted to calls from or to us may be recorded for information, quality and training purposes. If you are resident in Germany or Austria or other jurisdiction that restricts call recording, we will not process any recordings without your consent.

How we Process your Data:

In general terms our activity is exclusively “Business to Business”. Your employee will typically have a contract with us to provide data protection and security services.

Data is processed/stored on encrypted systems on hosted cloud services such as Microsoft 365, ,, Right Signature, Xero and Microw .

As such, some data will either be in UK and EU data centres or on US based servers. We may also process limited data in countries outside the UK or European Union from time to time in other aspects of our business.

Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA where adequacy decisions are not in place, we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced.

Where this is not possible, we ensure that appropriate UK or European Standard Contractual Clauses are entered. For data transfer between the USA we may rely on the Data Privacy Framework or the UK Extension Data Bridge.

We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held.

All our processes are subject to various internal policies to ensure that your data privacy and security is upheld.

What we use your Data for:

We process your data for several reasons:

    • To communicate with you regarding you or your employees project
    • To fulfil a contractual obligation or service to you or your employee
    • To better understand your needs.
    • To improve our services and products.
    • To send invitations to events and follow these up if you have signed up to them.
    • To send you promotional emails containing the information we think you will find interesting.

We ensure we have a “legal basis” to use your data for the purpose we have collected it for. The lawful basis we use for most B2B processing is “Legitimate Interest” or “Contractual Obligation”.

Where we use your information for our legitimate interests, we make sure we consider any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation).

Sharing Your Data:

Data is only shared with third parties in connection to the delivery of our services or marketing of our services.

Our website, monthly update and other materials sent to you may contain links to other third-party websites. We may also offer buttons to social media that link to third party services. We’re not responsible for the content or your data privacy these sites provide through their tools or sites.

Data Retention

Our data retention policy is as follows:

  • 12 months for any prospect data unless responded to by the data subject in which case 36 months from the last contact.
  • 36 months following the end of any Service Agreement with a client.
  • 36 months for all supplier, reseller or other contacts not covered above from point of last contact.
  • 60 Months for all financial records

All the above are carried out during the nearest data review which are typically carried out annually in December.. If you wish to find out more about your specific data retention, please contact us.

Data Permissions:

Every marketing email sent from Us allows you to opt out of receiving emails from us, except for the purposes of fulfilling any contractual arrangements.

You can also contact us at the email address above and request to opt out, view, export or delete your data.

If you request for your data to be deleted, your name and email address will be added to an exceptions list and all other data removed.

Legal Compliance:

We seek to uphold our legal obligations as covered by the Data Protection Act 2018, General Data Protection Regulation 2016 and the Privacy and Electronic Communications Regulations. Our Data Protection Authority is designated as the Information Commissioners Office (UK).

This Privacy Notice is reviewed on a regular basis and was last reviewed in March 2024. We will post the most current version on our website.