Cookies Policy

JP Feltham Associates is committed to protecting your personal information when you are using our services, including this website. Whenever you provide such information, we are legally obliged to use your information in line with all laws concerning the protection of personal information, including, in particular, the Data Protection Act/GDPR. Please read this policy to understand how your personal information will be treated.

What information is collected and why

JP Feltham Associates collects information about all visitors to its website. This information is used to help P Feltham Associates understand more about where its site traffic comes from, but does not contain any identifiable personal information about the visitor.

The information that is collected tells us which pages are visited, for how long each page is viewed, the paths that a visitor takes within the website, as well as other general information, such as your screen settings. We analyse this information in order to assist in maintaining and improving this website, and the administration, management and marketing of its own business.

How we collect your information

We collect information which you voluntarily provide to us and we also use “cookies” to collect certain information when you use the website.


A cookie is a small amount of data, which often includes a unique identifier, which is sent to your computer browser from a website's computer and is stored on your computer's hard drive. Cookies allow our website to recognise your computer or access device each time it is used to visit our website and to keep count of how often you return to the website.  If you do not know what cookies are, or how to control or delete them, then we recommend you visit for detailed guidance.

Currently we operate an ‘implied consent’ policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete JP Feltham Associates cookies having visited the site, or you should browse JP Feltham website using your browser’s anonymous usage setting.

We may use two types of “cookies” to collect information. The first type of cookie is called a “session” cookie, which is temporary and is deleted automatically once you leave the JP Feltham Associates website.

We use a session cookie to remember your log-in for you (if applicable). These we deem strictly necessary to the working of the website. If these are disabled then various functionality on the site will be broken. More information on session cookies and what they are used for at:

The second is called a “persistent” cookie, which remains on your computer hard drive until you delete it. JP Feltham Associates does not use cookies to gather information concerning your visits to other sites, nor to ascertain any personally identifiable information about you, apart from what you provide voluntarily during your dealings with JP Feltham Associates.

Google Analytics – persistent cookies for site analytics and performance - we may use this to understand how the site is being used in order to improve the user experience. User data is all anonymous. You can find out more about Google’s position on privacy as regards its analytics service at:

Privacy Notice


This Privacy Notice sets out the steps we follow when personal data is collected, such as our identity and how we intend to use the information, the lawful basis for processing the data, our data retention periods and that individuals have a right to complain to the ICOif they think there is a problem with the way we are handling their data. 

Who we are

J P Feltham Associates Ltd PO Box 270, Gosport, PO12 9FH

Registered in England No 10041415

Registered Office: 12a Fleet Business Park, Sandy Lane, Church Crookham, Fleet, Hampshire, GU52 8BF 

What information we collect and hold that constitutes personal data 

The majority of the information we collect and hold that can be classed as ‘personal data’ is name, address and other contact details such as email address and telephone number of our existing customers, suppliers and other stakeholders, to enable us to provide our consultancy services. Additionally, we will hold the information required for collection and payment of invoices.

We also collect and hold information on staff necessary to manage and support our employees.

Prospective customers contact us by direct referrals from their own research or business networks, we do not market our activities to prospects. We will maintain prospective business contact information only to answer their initial enquiries regarding our services. 

How is it collected and by whom?

Personal data is collected when we are asked to answer enquiries on our consultancy service, enter into a contract to provide consultancy support or engage the services of a supplier. This will be done by a member of our team, for example, Administrator or Director. 

We collect employee data as part of our HR processes.

Whilst providing our ‘audit’ service to customers we may witness examples of their management of personal data for example competency records but to ensure this is protected we anonymise audit reports and do not remove copies of such data from our customer’s premises.

We may use Google Analytics and Cookies on our web site to record quantitative data such as visitor numbers, pages viewed etc. but we do not track individuals online e.g., using Lead Forensics, or use inferred information through algorithms, or profile people by analysing data derived from combining other data sets. 

What we do with the personal data we process

We are only collecting information we need and are going to use. We use the ‘personal data’ generally for carrying out our businessas an ISO management consultancy, for example, to answer enquiries, manage projects, and communicate customer relationship information.

We do not use your information for a particular purpose other than to carry out our business and communicate with you where appropriate, nor do we collect personal data by observation or draw inference from any individual’s behaviour.We will not share any data with third-parties for marketing purposes.

We may, however, use the data provided by an existing customer to send them information on a related product or service that we think may be beneficial to their business. This would only be done in a reasonable way, and in a manner that a business contact would expect.

How long we keep personal data

We have specific retention times for each category of data which are set out in our management system.

Who will your data be shared with

Data will only be shared with external third parties when there is a specific business need,for example we might share data would be if we were to outsource an aspect of work, or employee data will be shared with the pension provider.

To cover this sharing of data, we have contracts in place with all the suppliers that may come into contact with any of the data we hold, to ensure the supplier is compliant with GDPR, and recognise their responsibilities when processing our data.

All reasonable steps are being taken to ensure data security both organisationally and technologically. As part of our data security measures, staff can only access our computer systems through password protected system with access levels as relevant to their job responsibilities. We utilise brand-named back up solutions, which in turn means we are ‘sharing’ data with back up providers.  They use strict security policies, strong industry-standard encryption, and world-class data centers to ensure information we share with them is protected.

We utilize internal and external support to ensure data security, for example by keeping our virus protection software and firewall protection current, utilising encryption tools, and utilising IT security options available to us.  Locally we utilise CCTV as a security measure but access to this is restricted and covered by our registration with the ICO as a data controller – registration number C8003117.

What will be the effect of this on the individuals concerned?

There should be no impact on the individual as a result of our processing. We aim to always be fair, transparent and ensure that people know how their information will be used. Data security is a key consideration and we do everything we can to protect the data we hold.

This applies whether the personal data was obtained directly from the data subjects or from other sources.  

Is the intended use likely to cause individuals to object or complain?

Our use of data will not have any unjustified adverse effects on individuals. We are only using information in a way which they would expect. 

There are no adverse consequences of not providing information to us - for example, non-receipt of a benefit.

The Lawful Bases of our data processing

The lawful bases for our data processing activity are a combination of Legitimate Interest and Contractual for activities relating to staff, suppliers, existing customers and other stakeholders.

In general terms the purpose of processing information is to enable us to provide our service to customers, to support and manage our employees, and maintain our own accounts and records.  

Legitimate Interests

  • We use people’s data in ways they would reasonably expect in order to carry out our business and communicate with them.
  • Processing is necessary as we could not provide consultancy services to new or existing customers without processing this information.
  • We have balanced our commercial interests against the individual’s interests, rights and freedoms. Our processing has a minimal privacy impact.


  • We have a contract with an individual and need to process their personal data to comply with our obligations under the contract ie employment contract, consultancy contract.
  • We haven’t yet got a contract with an individual, but they have asked us to do something as a first step (eg provide consultancy service information) and we need to process their personal data to do what they ask.

We will explain our lawful basis for processing personal data when we answer a ‘subject access’ request.

Who the Data Controller / DPO is

We have identified that it is not necessary for us to appoint a Data Protection Officer (DPO), however our Managing Director has overall responsibility for the control of data collected and held by us,and also monitors and maintains GDPR compliance.

Individuals have the right to request access to the data we hold on them by submitting a request to do so addressed to Managing Director, who will provide details on any information retained by us as outlined in our Data Protection Policy.

Data Protection by Design and Data Protection Impact Assessments

We aim to adopt a privacy by design approach and will carry out a Privacy Impact Assessment (PIA), also referred to as ‘Data Protection Impact Assessments’ (DPIA), as part of our GDPR compliance system in situations where data processing is likely to result in high risk to individuals, for example:

  • where a new technology is being deployed; 
  • where a profiling operation is likely to significantly affect individuals; or 
  • where there is processing on a large scale of the special categories of data. 

If a DPIA indicates that the data processing is high risk, and we cannot sufficiently address those risks, we will consult the ICO to seek its opinion as to whether the processing operation complies with the GDPR.

The right to complain 

We always seek to treat an individual’s data fairly, however, individuals have the right to complain to us and we will investigate and respond accordingly within one month. Complaints should be sent addressed to:

Managing Director 

J P Feltham Associates Ltd PO Box 270, Gosport, PO12 9FH


Should the response not be resolved to the satisfaction of the complainant, the individual can also take up their issue with the Information Commissioner’s Office (the ICO) at the following address:

The Information Commissioner’s Office,

Wycliffe House, Water Ln, Wilmslow SK9 5AF

Or via EMAIL:

Governing Law

This website is governed by the laws of England and Wales and any dispute in respect thereof shall be subject to the exclusive jurisdiction of the courts of England and Wales.

May 2018


"If you are serious about changing the way you conduct business, then listen to Cheryl. She knows what she is talking about and she will help you transform your business processes."

Nigel Slone, MD
The Sollis Partnership Ltd


2018 has been a year of J P Feltham Associates Ltd giving to charity through exercise and personal challenges for our team.

Naomi House & Jack’s Place Hospice Gauntlet Games - May 2018

The 5k obstacle course saw Cheryl tackle a series of gladiator zones, bounce on inflatables, swing from monkey ba... read more

We are also on LinkedIn.