Privacy Policy 


This Privacy Notice describes the relationship between Gibson Booth Business Solutions & Insolvency Ltd and your data – how it is acquired, processed and stored. It will demonstrate our respect for your data regarding security and compliance with current data protection legislation, and in particular, the General Data Protection Regulation, in effect from 25th May 2018. E C Wetton in certain Insolvency Appointments is the Data Controller.

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.


Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by [the General Data Protection Regulation 2016/679 (the “GDPR”)].


There exists NO statutory requirement for a Data Protection Officer (DPO) for Gibson Booth Business Solutions & insolvency Ltd

All STAFF of the client organisation who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured

Who we are

Gibson Booth, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

The personal information we collect and use

Information collected by us

In the course of activities on our clients’ behalf we collect the following personal information when you provide it to us:

  • the name, address, National Insurance number, passport number and/or driving licence number and contact information of our clients
  • information relating to the situation our clients are in so far as necessary to understand the issue for which we are instructed.

Information collected from other sources

We also obtain personal information from other sources as follows:

  • name, address and date of activity
  • name, address and value of shares, accounting information, and obligations entered into documents relating to a company in which you and/or others has an interest from Companies House.
  • name, address and date of birth from third-party data collectors.

Who we share your personal information with

We routinely share your name and proposed address details with our third party suppliers, such as those who provide search information. For a list of our third party suppliers please contact us. This data sharing enables us to provide you with a high quality service and comply with our legal and regulatory obligations as follows:

Who information is shared with

Reason for sharing information

Search providers

to enable you to rely on insurance backed search results

Companies House

· to obtain information on property or companies in which you have an interest

Identity verification providers

to prevent fraud and to comply with our legal and regulatory obligations

Government organisations

· to provide information on transactions to enable property taxes to be paid

· to comply with our legal and regulatory obligations

· to request clarification on specific legal issues,

The courts

· to enable procedural requirements to be complied with in cases where proceedings are intended or have been issued.

· Where a case is filed in court on your behalf.


· to enable us to liaise with 3rdParty’s. 

Accountants; PPI claims company’s, Licencing Agency’s and Agents acting on behalf of Clients.

Our authorising bodies and accountants

· to ensure monies held on behalf of our clients are properly managed and protected

· to comply with our regulatory obligations

The owners and operators of our case management software

· to ensure files and cases carried out on behalf of our clients are properly managed

· to ensure monies held on behalf of our clients are properly managed and protected

· to comply with our legal and regulatory obligations

Our email provider (with consent)

· to enable us to communicate more effectively with you and third parties involved in the matter for which we are instructed and to facilitate swift movement of documents and other information

Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’. We will share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party.

Whether information has to be provided by you, and if so why

The provision of name, address, driving licence/passport and verification of address is required from you to enable us to comply with our regulatory obligations as we are required to positively identify our client. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

How long your personal information will be kept

We will hold name address and contact details, and information relating to any matter for which we have been instructed for the period we are required to retain this information by applicable UK tax law (currently 6 years).

For insolvency case related data, our “Data Retention & Storage Policy” says:

“The books and records should be held for a period of 12 months after the company has been dissolved on Companies House website. This procedure can take up to 3 months therefore allowing 15 months after the date the Insolvency Practitioner is released from office is the firm’s practice”

What is the Legal Basis for processing your Personal Data

Regulation 2016/679 Article 6 – “Lawfulness of processing”

Our legal basis for processing of the personal data consists of:

  • Article 6.1(a) – “the data subject has given consent to the processing of his or her personal data for one or more specific purposes;”
  • Article 6.1(b) – “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;”
  • Article 6.1(c) – “processing is necessary for compliance with a legal obligation to which the controller is subject;”
  • Article 6.1(f) “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.” 
  • Article 6.4(e) – “the existence of appropriate safeguards, which may include encryption or pseudonymisation.”
  • Article 9.1(f) – “In the context of personal data racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation processing of personal data is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.”

Our legitimate interests are to continue trading as Insolvency Practitioners. In order to do so, we are required to undergo compulsory audits and as a result our accounts and files are subject to inspection by third party auditors – ICAEW.

Consequences of our use of your personal information

We are able to continue to provide you with a high quality service.

Transfer of your information out of the EEA

Communication by email does not follow a defined path across the Internet and therefore personal data may be received by third parties in countries which are not within the EEA. Such countries do not have the same data protection laws as the United Kingdom and EEA. For that reason, communication with you or others who are involved in your case or who may be contacted by us in relation to it by email requires your consent. Otherwise, we will not transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Your rights Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information
  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances
  • claim compensation for damages caused by our breach of any data protection laws]

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please

  • email, call or write to us
  • let us have enough information to identify you,
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates, including any account or reference numbers, if you have them

If you would like to unsubscribe from any [email newsletter] you can also click on the ‘unsubscribe’ button at the bottom of the newsletter. It may take up to 21 days for this to take place.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113.

Changes to this privacy notice

This privacy notice was published on 13 June 2018. We may change this privacy notice from time to time, when we do we will inform you via email, text, post or fax, depending on your preferences.


To exercise all relevant rights, queries or complaints please in the first instance contact Mrs. Annette Wojciechowski (Insolvency Manager & Data Officer), Gibson Booth Business Solutions & Insolvency 15 Victoria Road Barnsley S70 2BB. Email Phone 01226 215999 

Ted Wetton (Director)

Gibson Booth Business Solutions & Insolvency Ltd

Licensed and Regulated R3 Logo ICAEW LIcenced Insolvency Practitioners