Welcome to Edis-Bates Associates

We are an independent UK corporate governance consultancy, focusing on:

  • Board performance evaluations.
  • Training and coaching for company secretaries and directors.
  • Consulting on corporate governance and compliance issues.

Our aim is to provide quality, hands-on practical advice and support.

The business was founded in 1997 by Jon Edis-Bates, who qualified as a solicitor and became a company secretary in the 1980s. Before establishing Edis-Bates Associates, he worked as group company secretary of Bunzl plc, Forte plc and Courtaulds Textiles plc.

Client Testimonials

Featured News/Blog

  • FRC proposes shorter, sharper, new UK Corporate Governance Code

    On Tuesday 5 December 2017 the Financial Reporting Council published its keenly-anticipated Consultation Paper on the Review of the UK Corporate Governance Code. The FRC has published a revised version…

  • Equiniti Share Registration Conference

    On 26 September Equiniti held their excellent annual conference, chaired by the amusing Steph McGovern (the business presenter on BBC Breakfast). There was a good deal of discussion about block…

  • FRC Open Meeting

    The Corporate Governance Code On Thursday 21 September I attended the Financial Reporting Council’s Annual Open Meeting. Apart from a general update by the Chairman and the CEO of the…

< >




Edis-Bates Associates Ltd ("EBA”, "we", "us", or "our") is strongly committed to protecting Personal Data and we treat all information given to us with care.

We are registered with the Information Commissioner’s Office.

This Policy describes why and how we collect and use Personal Data and provides information about individuals’ rights.

It applies to Personal Data provided to us, both by individuals themselves or by others. We may use Personal Data provided to us for any of the purposes described in this Policy or as otherwise stated at the point of collection.

Personal Data is any information relating to an identified or identifiable living person. EBA processes Personal Data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using Personal Data, our Policy is to be transparent about why and how we process Personal Data. To find out more about our specific processing activities, please go to the relevant sections of this Policy.


We take the security of all the data we hold very seriously. We have a policy, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Purposes of Processing

We will only collect and/or process your Personal Data in accordance with applicable data protection and privacy laws.

In the majority of cases, we process your Personal Data for all of the purposes identified below on the basis that it is in our legitimate interests (for example, to allow us to provide you with our services; to monitor, analyse and improve our services) or the legitimate interests of third parties with whom we share your data, to carry out these activities.

Some of our processing is necessary for compliance with legal obligations (for example, for security and fraud prevention).

Where we cannot rely on another legal basis (for example, in respect of the use of your Personal Data for email marketing purposes) we process this on the basis that we have obtained your consent to do so.

A. Visitors to our websites

Collection of Personal Data

Visitors to our websites are generally in control of the Personal Data shared with us. We receive Personal Data from our website’s visitors, such as: full name, company name and address, email address and telephone number.  For example, this might happen when an individual subscribes to updates from us, registers for an event, or requests research materials. Visitors are also able to send an email enquiry to us through our website. Their messages will contain the user’s name and email address, as well as any additional information the user may wish to include in the message.


We use text files called ‘cookies’, which are small files stored within your web browser from our website. Cookies do not collect or contain any personal information about you, nor do they allow us to access your computer in any way.

We use cookies to identify website usage and for statistical and analytical purposes only.  The use of cookies is now standard operating procedure for most websites. However if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them.  After termination of the visit to our website, you can always delete the cookie from your system if you wish.

Use of Personal Data

When a visitor provides Personal Data to us, we will use it for the purposes for which it was provided to us as stated at point of collection (or as obvious from the context of the collection). Typically, Personal Data is collected in order to:

Third Party Websites

Our websites may contain links to third party websites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them. For example, we may link to social media pages, or we may provide links to industry reports.

Data Retention

Personal Data collected via our website will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual). Once the period above has concluded, we will either:

B. Business Contacts

Collection of Personal Data

EBA processes Personal Data about contacts (existing and potential EBA clients and/or individuals associated with them) using a tailored database.

The collection of Personal Data about contacts and the addition of that Personal Data to our database is initiated by an EBA user and will include some or all of the following: name, employer’s name, contact title, phone, email and other business contact details.

In addition, we hold data found in the emails of those who contact us by email.

Use of Personal Data

Personal Data relating to business contacts may be visible to and used by EBA users to learn more about a client or an opportunity they have an interest in, and may be used for the following purposes:

We do not sell or otherwise release Personal Data contained in our database to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.

Data Retention

Personal Data will be retained on our database for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact).  Once the period above has concluded, we will either:

C. Suppliers

Collection of Personal Data

We collect and process Personal Data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, to contract with, and to receive services from our suppliers and, where relevant, to provide professional services to our clients.

Use of Personal Data

We use Personal Data for the following purposes:

Data Retention

We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).  Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.  Once the period above has concluded, we will either:

4. How we share your Personal Data

5. International Data Transfer

It may be that we are required to transfer your information, including Personal Data that we collect from you, outside the country in which you reside where data protection and privacy regulations may not offer the same level of protection as in other parts of the world.  To ensure that your Personal Data receives an adequate level of protection and is treated securely, we will put appropriate safeguards in place to protect the privacy and integrity of such Personal Data.  To the best of our knowledge, we have never been required to make such a transfer and no such transfer is currently in contemplation.

6. Individuals’ Rights and How to Exercise Them

Individuals have certain rights over their Personal Data and data controllers are responsible for fulfilling these rights.  Where we decide how and why Personal Data is processed, we are a data controller and include below further information about the rights that individuals have and how to exercise them below.

A. Access to Personal Data

You have a right of access to Personal Data held by us as a data controller.  This right may be exercised by emailing us by using our enquiry form on our website at: www.edis-bates.com.  We will aim to respond to any requests for information promptly.

B. Amendment of Personal Data

To update Personal Data submitted to us, you may email us by using our enquiry form on our website at: www.edis-bates.com.  When practically possible, once we are informed that any Personal Data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.

C. Withdrawal of consent

Where we process Personal Data based on consent, individuals have a right to withdraw consent at any time. We do not generally process Personal Data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your Personal Data, please email us by using our enquiry form on our website at: www.edis-bates.com or, to stop receiving an email from us, please reply to that email, inserting ‘Unsubscribe’ in the heading box or (where applicable) by clicking on an unsubscribe link in the relevant email received from us.

D. Other data subject rights

This Privacy Policy is intended to provide information about what Personal Data we collect about you and how it is used.  As well as rights of access and amendment referred to above, individuals may have other rights in relation to the Personal Data we hold, such as a right to erasure or deletion, to restrict or object to our processing of Personal Data and the right to data portability. Some of these rights will only be available from 25 May 2018.

If you wish to exercise any of these rights, please contact us using the details above. In your request, please make clear:

For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.  Please note that we may need to retain certain information for record-keeping purposes, legal purposes and/or to complete any transactions that you began prior to requesting such change or deletion.

7. Complaints

If you want to complain about our use of Personal Data, please send an email with the details of your complaint to us by using our enquiry form on our website at: www.edis-bates.com.  You also have the right to lodge a formal complaint with a data protection authority.  For further information, please refer to the UK data protection regulator (The Information Commissioner’s Office or ICO) website at:

8. Changes to this Privacy Policy

This Privacy Policy was last updated on 24th May 2018. We recognise that transparency is an ongoing responsibility, so we will keep it under regular review. All changes we make will be described on this page. When required by law, we will notify you of any changes.

Prepared and approved by:

The directors of Edis-Bates Associates Ltd

24 May 2018.

Registered in England under registered number: 5016400

Registered office: The Hour House, 32 High Street, Rickmansworth, Herts WD3 1ER