Privacy Notice

Canary Ltd: Privacy Notice

Please read this Privacy Notice ("Privacy Notice") carefully as it describes how we collect, use and disclose your personal data, in accordance with the General Data Protection Regulation (GDPR). Personal data is any information relating to a living person.

The General Data Protection Regulation (the “GDPR”) seeks to protect and enhance the rights of data subjects. Canary Limited is committed to protecting and respecting your privacy. Canary Limited recognises the importance of the correct and lawful treatment of personal information and will only use personal information as set out in this Privacy Notice.

In this Privacy Notice, when we refer to "we", "our", "us" or "Canary", we mean Canary Ltd and Brookwood Global, a trading name of Canary Ltd.

We have appointed a Privacy Officer to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal information, please contact the Privacy Officer Our details can be found in the "How to contact us" section below.

It is important that you read this Privacy Notice, together with any other terms and conditions that we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such personal information. This Privacy Notice supplements the other notices and is not intended to override them.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Data Controller

For purposes of this privacy notice the Data Controller is:
Canary Ltd 5 Studley Court Mews
Chobham Surrey GU24 8EB, UK

Who we are?

Canary Ltd is a limited company, based in the United Kingdom under company number 03134103, with its registered office being 1st Floor Wonersh House The Guildway, Old Portsmouth Road, Guildford, Surrey, GU3 1LR. We specialise in producing books, newsletters and teaching aids to facilitate global regulatory compliance, particularly good clinical practice (GCP). Brookwood Global delivers narrated interactive online training and face-to-face workshops, both in house and advertised.

What information do we collect about you?

(1) Information you give to us

We may collect personal data from you when you buy or use our products or services, when you attend training courses and Internet-based events, sign up to our newsletters or other subscription services, enter into offers or promotions, interact with us on social media platforms, contact us, make a complaint or use our Websites.
The categories of personal data we may request include your name, role, contact information (email, postal address and phone/mobile number), credit card/payment details and general information about you such as your experience with our products and services. We may also keep copies of any correspondence you send us which may include personal data.

You should only give us personal data on behalf of someone else if you have their permission to do so or you know that they would not have any objection to us processing their information in accordance with this Privacy Notice.

(2) Information collected by automated means

We also obtain some of your personal data by automated means, for example, when you visit our Websites we may collect the IP address of the device you use to connect to the Internet, the geographical location of your device, the browser you are using, the type of device you are using (tablet, mobile, desktop), the URL you came from and the web pages you access.

(3) Information collected from third parties
We may sometimes purchase information about prospective customers from third party organisations for marketing purposes. You can opt out from receiving our marketing communications at any time by following the instructions in any of the messages you receive.
How do we use your personal data?
We are required by law to provide you with information about the purposes for which we use your information and the legal justification for us to use that information. For example, there may be a legal justification for us to use your personal data where:
▪ We need to use your information to perform a contract with you or to fulfil a request originated by you.
▪ You have given your consent to us using your information.
▪ Using your information is in our legitimate business interests (provided these interests are balanced against your rights).
▪ We need to process your personal data to comply with legal obligations to which we are subject.

Click here to see the different purposes for which we may use your personal data and the legal basis for each one. Note that the purposes for which we use your personal data may change from time to time, in which case we will update this privacy notice (see further "Updates to our Privacy Notice" below).
Providing your personal data to us may be required due to a legal obligation which could be a statutory or contractual obligation, may be on a voluntary basis or may be necessary for us to enter into the contract with you, depending on the purposes for which we collect and use your personal data as set out in this Privacy Notice. However, if you do not provide your personal data to us this may result in disadvantages to you, e.g. we may not be able to provide certain products or services to you. However, unless otherwise stated, not providing your personal data will not result in legal consequence for you.
How do we protect your personal data?
We use user passwords to ensure that only authorised persons can access the personal data we keep. No personal data is ever shared with third parties.

Your data protection rights

You have the following rights in relation to your personal data:
To be Informed. You have the right to be informed about the collection and use of your personal data. This Privacy Notice provides this information.
Access. You have the right to request a copy of the personal data we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information. We will not charge a fee for this information. However, if you require further copies of your personal data, we may charge a reasonable administration fee where we are permitted to do so in accordance with the GDPR.
Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified, or completed if incomplete. You are entitled to make a request for rectification verbally or in writing.
Deletion. You have the right to request that we delete personal data that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
Restriction. You have the right to request that we restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it. When such processing is restricted, we are permitted to store it, but not use it.
Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a)personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.
Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim. You have an absolute right to object to direct marketing.
Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us. You can unsubscribe from marketing communications at any time by following the instructions in any individual message. The legality of the processing of your personal data prior to you withdrawing your consent remains unaffected by this.

How to contact us

You can make any of these requests in relation to your personal data by submitting your request by contacting us by email, phone or post. If you have any questions or comments about this Privacy Notice or if you would like to make a request relating to your personal data:

• submit your request to the Privacy Officer at
• call us on +44 1483 811383; or
• write to us at: Canary Ltd, 5 Studley Court Mews, Chobham, Surrey GU24 8EB, UK

Who do we share your information with?

We may have to share your data with third parties, including third-party service providers and other entities in the group.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law, such as where there is litigation and we are required to disclose personal information to a court or tribunal.

We have put in place measures to protect the security of your information and procedures to deal with any suspected data security breach. Details of these measures are available upon request. We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We may disclose personal data we process for the following purposes and in the following ways, to the extent permitted by law and depending on such purpose(s) or way(s):

Click here for more information


When visiting our Website, Cookies which are small text files, can be stored on your device in order to offer you certain functionality, to make the Website more convenient and to optimise our Website. If you do not want cookies to be used, you can disable them by configuring the relevant settings in your web browser or by using separate opt-out options. Please note that this may restrict the functionality and your use of our Website and certain features may not work as a result.

Data Processing in Non-EU Countries

Most third parties with whom we share data are located within the European Economic Area ("EEA"), but some may process your personal data outside of the EEA. We use the services of Articulate Inc. based in the USA to provide an online learning management system. When using our online training, we enter your name and email details and may include company details and role on the Articulate Online server in order to provide training courses, track user activity and to enable us to provide reports under the terms of the contract with the purchaser of the training.

Updates to our Privacy Notice

As our business changes from time to time, we sometimes need to make changes to the way we collect and use your personal information. Therefore, this Privacy Notice may be updated from time to time. If we make changes to this Privacy Notice, we will notify you of these changes by email and post an alert on the home page of our Website.


We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction.

Should despite of our security measures, a security breach occur that is likely to result in a risk to the data privacy of users, we will inform the relevant users and other affected parties, as well as relevant authorities when required by applicable data protection law, about the security breach as soon as reasonably possible.

How long do we keep your personal information?

Your personal information is processed by us and/or our service providers only for the period necessary for the purposes for which the information is collected, or where we are relying upon your consent until you withdraw that consent. When we no longer need to use your information for those purposes or if we are relying on your consent where you withdraw that consent, we will remove it from our systems and records or take steps to anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal, contractual or regulatory obligations to which we are subject).

Lodging a complaint with a supervisory authority

You have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws
The UK Information Commissioner Office (ICO) office can be contacted as follows:

• Telephone: +44 303 123 1113
• Email:
• Website:
• Web-form:
• Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF
If you are based in or the issue you would like to complain about took place elsewhere in the European Economic Area (EEA), you can contact the data protection authority in your place of residence or your country.
Please visit the website <> for a list of local data protection authorities in the other EEA countries.

Version 20.1 This privacy notice was last updates on 15th May 2020