1. The purpose of this Privacy Notice is to protect the rights and privacy of living individuals and to ensure that personal data is not processed by D&D Investigations without the person’s knowledge or consent, unless otherwise permitted. The Privacy Notice also sets out individuals’ rights under the data protection legislation.
  2. This document sets out the Data Protection Policy for D&D Investigations and should be read in conjunction with D&D Investigations record of processing activities annexed hereto.
  3. D&D Investigations complies with the requirements of the prevailing data protection legislation with regard to the collection, storage, processing and disclosure of personal information and is committed to upholding the core data protection principles.
  4. D&D Investigations is committed to a policy of protecting the rights and privacy of individuals (including staff, course delegates, trainees and trainers, clients, subjects of investigations and others) in accordance with the data protection legislation.
  5. D&D Investigations needs to process certain information about its staff, trainees and trainers, sub-contractors, and other individuals it has dealings with such as clients, and to comply with legal obligations and government requirements.
  6. During its core business activities D&D Investigations will be instructed to process the personal data of individuals who are identified in clients’ instructions or during the course of the investigation undertaken pursuant to such instructions. D&D Investigations will not process any personal data without first having been satisfied as to the lawful basis on which to process personal data, which when necessary will be recorded in a Data Privacy Impact Assessment.
  7. To comply with the law, information processed about individuals must be kept to the minimum, collected, and used fairly, be accurate, used solely for the purpose intended, stored safely, securely including protection against unauthorised or unlawful processing, loss, destruction or damage, using appropriate technical measures such as encryption or in password protected devices, retained for no longer than necessary and not disclosed to any third party unlawfully.
  8. The policy applies to all Data Subjects. In the event of a breach of the data protection legislation or this Privacy Notice by a member of staff, D&D Investigations employment disciplinary procedures will apply otherwise it will constitute a breach of contract.
  9. As a matter of good practice, other agencies and individuals working with and thus affiliated to D&D Investigations and who have access to personal information, will be expected to have read and comply with this Privacy Notice, the terms of which form part of the consultancy/agency agreement between D&D Investigations and that affiliate.
  10. It is expected that departments who deal with external agencies will take responsibility for ensuring that such agencies contract to abide by this policy.
  11. Depending on the circumstances of the processing activity and who determines the purpose and means for the processing of an individual’s personal data, D&D Investigations may be the Processor or Controller under the data protection legislation, when dealing with its core business activity as an Investigative, Risk Management & Litigation Support Service Provider. However, in certain circumstances will be Joint Controller with the instructing client. There may be instances when acting under strict instructions, which also cover the purpose (the why) and means (the how) for the processing of all the personal data in the client provided case scenario, that D&D Investigations will be the Processor.
  12. D&D Investigations is the Controller under the data protection legislation, when dealing with data of staff, clients, contractors, trainees and any other member or affiliate of
  13. The Senior Management and Heads of Departments and all those in managerial or supervisory roles are responsible for developing and encouraging good information handling practice within D&D Investigations.
  14. Compliance with data protection legislation is the responsibility of all members and affiliates of D&D Investigations who process personal information.
  15. Each member of staff, clients, contractors, trainees and any other member or affiliate of D&D Investigations  is responsible for ensuring that any personal data supplied to or handled by D&D Investigations is accurate and up to date.
  16. Data Subjects have the following rights regarding data processing and the data that are recorded about them (unless an exemption applies):
    • To make subject access requests regarding the nature of information held and to whom it has been disclosed.
    • To prevent processing likely to cause damage or distress.
    • To prevent processing for purposes of direct marketing.
    • To be informed about mechanics of automated decision making process that will significantly affect them.
    • Not to have significant decisions that will affect them taken solely by automated process.
    • To sue for compensation if they suffer damage by any contravention of the prevailing data protection legislation.
    • To take action to rectify, block, erase or destroy inaccurate data.
    • To request the Information Commissioner to assess whether any provision of the prevailing data protection legislation has been contravened.


  1. For criminal offence data, explicit written consent of the Data Subject must be obtained unless an alternative lawful basis for processing exists and D&D Investigations has ensured that it has an additional condition for processing this type of data, under Schedule 1 of the Data Protection act 2018, for example, to safeguard vulnerable individuals or children, assess people’s suitability for employment, or assess whether a person can access services such as housing or insurance.
  2. D&D Investigations will not keep any comprehensive register of criminal convictions.
  3. For special category data processing is prohibited, unless the Data Subject has given explicit consent or one of the permitted conditions set out in the data protection legislation are met.
  4. D&D Investigations understands "consent" to mean that the Data Subject has been fully informed of the intended processing and has signified their agreement, whilst being in a fit state of mind to do so and without pressure being exerted upon them. Consent obtained under duress or based on misleading information will not be a valid basis for processing.
  5. There must be some active communication between the parties such as signing a form and the individual must sign the form freely of their own accord. Consent cannot be inferred from no response to a communication.
  6. In most instances consent to process personal, special category or criminal offence data is obtained routinely by D&D Investigations (e.g. when a member of staff or consultant signs a Service or Consultancy Agreement).
  7. Any D&D Investigations forms (whether paper-based or electronic-based), that gather data on an individual should contain a statement explaining what the information is to be used for and to whom it may be disclosed. It is particularly important to obtain specific consent if an individual's data is to be published on the Internet as such data can be accessed from all over the globe.
  8. If an individual does not consent to certain types of processing, appropriate action must be taken to ensure that the processing does not take place, unless an exemption applies.
  10. If any member or affiliate of D&D Investigations is in any doubt about these matters, they should consult a Partner or senior manager.
  11. All staff and affiliates of D&D Investigations are responsible for ensuring that any personal data (on others), which they hold are kept securely and that they are not disclosed to any unauthorised third party.
  12. All personal data should be accessible only to those who need to use it. Those concerned should form a judgement based upon the sensitivity and value of the information in question, but always consider keeping personal data:
    • In a lockable room with controlled access, or
    • In a locked drawer or filing cabinet, or
    • If electronic, password protected, or
    • Kept on disks which are themselves kept securely.


  1. Care should be taken to ensure that PCs and terminals are not visible except to authorised staff and that computer passwords are kept confidential. PC screens should not be left unattended without password protected screensavers and manual records should not be left where they can be accessed by unauthorised persons.
  2. Care must be taken to ensure that appropriate security measures are in place for the deletion or disposal of personal data. Manual records should be shredded or disposed of as "confidential waste". Hard drives of redundant PCs should be wiped clean before disposal.
  3. This Privacy Notice also applies to staff and affiliates of D&D Investigations who process personal data "off-site". Off-site processing presents a potentially greater risk of loss, theft, or damage to personal data. Staff and affiliates of D&D Investigations should take particular care when processing data at home or in other locations outside the offices of D&D Investigations or its affiliated locations.
  4. Members of D&D Investigations and / or other Data Subjects have the right to access any personal data which are held by D&D Investigations in electronic format and manual records which form part of relevant filing system held by D&D Investigations about that person.
  5. Any individual who wishes to exercise this right should apply in writing to a director or senior management. D&D Investigations will make no charge for data subject access requests. Any such request will normally be complied with within 30 days of the receipt of the written request supported by proof of identity and address.
  6. D&D Investigations must ensure that personal data are not disclosed to unauthorised third parties, which includes family members, friends, government bodies, and in certain circumstances, the Police, unless authorised under the terms of the prevailing data protection legislation or other statute or Court Order or where disclosure of data is required for the performance of D&D Investigations contractual duty or otherwise exempt. All staff and affiliates should exercise caution when asked to disclose personal data held on an individual to a third party.
  7. The prevailing data protection legislation permits certain disclosures without consent to a Competent Authority, such as law enforcement agencies.
  8. D&D Investigations undertake their services in accordance with the data protection good practice policies, codes, and guides published by the World Association of Professional Investigators.
  9. For reasons of personal security and to protect D&D Investigations premises and the property of staff, trainees and other visitors, close circuit television cameras may be in operation in several areas. The presence of these cameras may not be obvious. This Privacy Notice determines that personal data obtained during monitoring will be processed as follows:
    • Any monitoring will be carried out only by a limited number of specified senior managers;
    • The recordings will be accessed only by a director or an appointed senior manager:
    • Personal data obtained during monitoring will be destroyed as soon as possible after any investigation is complete;
    • Staff involved in monitoring will maintain confidentiality in respect of personal data.

Google reCaptcha

This site is protected by Google reCaptcha to protect against spam.

Google reCaptcha Terms and Conditions

Google reCaptcha Privacy Policy

Aerial Drone are not responsible for the content of external websites.