Privacy Policy

Personal Information You Provide

When you contact us or use our services, we may collect:

• • Your name and contact details (email address, phone number)
• • Organisation name and professional information
• • Messages and enquiry details you submit through our contact forms
• • Communication preferences and feedback
• • Business information relevant to consulting engagements

Information Collected Automatically

When you visit our website, we automatically collect certain information:

• • IP address and browser type
• • Device information and operating system
• • Pages visited and time spent on our website
• • Referring website or source
• • Cookies and similar tracking technologies (see our Cookie Policy for details)

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• • Consent: When you provide explicit consent for specific purposes
• • Contract Performance: To fulfill consulting agreements and service delivery
• • Legitimate Interests: For business operations, website improvement, and communication
• • Legal Obligations: To comply with applicable laws and regulations

Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, typically for the duration of our business relationship plus seven years for legal and accounting requirements. Contact form submissions are retained for three years unless you request earlier deletion.

Service Delivery and Communication

• • Responding to your enquiries and providing requested information
• • Delivering consulting services and advisory support
• • Communicating about our services, updates, and relevant business matters
• • Managing client relationships and engagement administration

Website Improvement and Analytics

• • Understanding how visitors use our website to improve user experience
• • Analysing website performance and identifying technical issues
• • Enhancing our services based on user feedback and behaviour patterns
• • Conducting research to improve our consulting methodologies

Third-Party Data Sharing

We may share your information with trusted third parties in the following circumstances:

• • Service providers who assist with website hosting, analytics, and email communications
• • Professional advisors including lawyers and accountants when required
• • Regulatory authorities when legally obligated to do so
• • Business partners only with your explicit consent

We never sell your personal information to third parties for marketing purposes.

Marketing Communications

If you opt in to receive marketing communications, we may send you information about our services, insights, and updates that we believe may be of interest to you. You can unsubscribe from these communications at any time using the link provided in our emails or by contacting us directly.

Security Measures

We implement appropriate technical and organisational measures to protect your personal data:

• • Secure Socket Layer (SSL) encryption for data transmission
• • Regular security assessments and updates to our systems
• • Restricted access to personal data on a need-to-know basis
• • Secure password policies and multi-factor authentication where applicable

Data Storage and Encryption

Your personal data is stored on secure servers located within the United Kingdom and European Economic Area. All sensitive information is encrypted both in transit and at rest. We work only with reputable service providers who maintain high security standards and comply with data protection regulations.

Access Controls and Monitoring

Access to personal data is strictly controlled and limited to authorised personnel who require it to perform their duties. We maintain audit logs of data access and regularly review these logs to detect any unauthorised activity. All employees and contractors are bound by confidentiality obligations.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. We will provide information about the nature of the breach, potential consequences, and measures taken to address it.

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge in a commonly used electronic format within one month of your request.

Right to Rectification

If you believe any information we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete this information. We will respond to your request within one month.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent. We will comply with your request unless we have a legitimate reason to retain the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller where technically feasible.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing your data unless we can demonstrate compelling legitimate grounds for continued processing.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details provided on our Contact page. We may need to verify your identity before fulfilling your request to ensure the security of your personal data.

International Data Transfers

Your personal data is primarily processed within the United Kingdom and European Economic Area. If we transfer data to countries outside these regions, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions recognised by the UK Information Commissioner's Office.

Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website with a revised "Last updated" date. We encourage you to review this policy periodically.

Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local data protection authority.