Privacy Policy

Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Fill out contact forms or inquiry forms on our website
• Subscribe to our newsletter or marketing communications
• Request information about our services
• Engage our consulting services
• Correspond with us via email or other means

This information may include your name, email address, phone number, company name, job title, and any other details you choose to provide in your messages or forms.

Information Collected Automatically

When you visit our website, we automatically collect certain information about your device and browsing behaviour, including:

• IP address and geographical location
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring website addresses
• Date and time of visits

This information is collected through cookies and similar tracking technologies. Please see our Cookie Policy for more details.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for us to process your data for specific purposes, such as marketing communications
• Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
• Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving our services, provided your rights do not override these interests
• Legal Obligation: When we need to process your data to comply with legal requirements

Data Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Contact form inquiries: 2 years from last contact
• Client data: 7 years after the end of our business relationship (for accounting and legal purposes)
• Marketing consent: Until you withdraw consent or 3 years of inactivity
• Website analytics data: 26 months

After these periods, we will securely delete or anonymize your data unless we are required to retain it for legal or regulatory purposes.

Primary Uses

We use your personal information for the following purposes:

• Responding to your inquiries and providing information about our services
• Delivering our business consulting services and managing client relationships
• Processing and fulfilling service requests
• Communicating with you about your account or services
• Sending administrative information, updates, and service notifications
• Improving our website, services, and customer experience
• Conducting business analysis and market research

Marketing Communications

With your consent, we may use your contact information to send you:

• Newsletters and business insights
• Information about our services and offerings
• Invitations to events or webinars
• Industry news and updates

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly. This will not affect our ability to send you service-related communications.

Third-Party Sharing

We do not sell your personal data to third parties. However, we may share your information with:

• Service Providers: Trusted third-party companies that help us operate our website and deliver services (e.g., hosting providers, email services, analytics platforms). These providers are contractually obligated to protect your data and use it only for specified purposes.
• Professional Advisers: Lawyers, accountants, and other professional advisers when necessary for business operations
• Legal Requirements: Law enforcement, regulatory authorities, or other parties when required by law or to protect our rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner

Analytics and Website Improvement

We use analytics tools to understand how visitors interact with our website. This helps us improve our content, design, and user experience. The data collected is typically aggregated and anonymized, meaning it cannot be used to identify you personally. For more information about our use of analytics cookies, please refer to our Cookie Policy.

Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Secure server infrastructure with regular security updates
• Firewall protection and intrusion detection systems
• Regular security assessments and vulnerability testing
• Employee training on data protection and security practices
• Strict access controls limiting who can access personal data

Data Encryption and Storage

Your personal data is encrypted both in transit and at rest:

• We use SSL/TLS encryption for data transmitted over the internet
• Sensitive data stored on our systems is encrypted using industry-standard encryption methods
• Our servers are located in secure data centers with physical security measures
• We maintain regular backups of data with appropriate security controls

Access Controls and Monitoring

Access to personal data is restricted to authorized personnel who need it to perform their job duties. We maintain audit logs of access to sensitive data and conduct regular reviews to ensure compliance with our security policies. All employees and contractors with access to personal data are bound by confidentiality obligations.

Breach Notification Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by law. We will provide information about the nature of the breach, the likely consequences, and the measures we are taking to address it.

Right to Access

You have the right to request a copy of the personal data we hold about you. This is known as a "subject access request." We will provide you with a copy of your data in a commonly used electronic format, free of charge, within one month of your request.

Right to Rectification

If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will respond to your request within one month and update your information accordingly.

Right to Erasure (Right to be Forgotten)

In certain circumstances, you have the right to request that we delete your personal data. This applies when the data is no longer necessary for the purpose for which it was collected, when you withdraw consent, or when you object to processing. However, we may be required to retain certain information for legal or regulatory reasons.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to request that we transfer this data directly to another organization where technically feasible.

Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests as the legal basis. You also have the absolute right to object to processing for direct marketing purposes at any time.

Right to Restrict Processing

In certain circumstances, you can request that we restrict the processing of your personal data. This means we can store the data but not use it. This right applies when you contest the accuracy of data, when processing is unlawful but you don't want erasure, or when we no longer need the data but you need it for legal claims.

Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before your consent was withdrawn.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details provided on our contact page. When making a request, please provide:

• Your full name and contact information
• Details of the specific right you wish to exercise
• Any relevant information to help us locate your data
• Proof of identity (we may request this to protect your data)

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two months and will notify you of any delay.

Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions by the UK government.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website with a new "Last updated" date. We encourage you to review this policy periodically.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk or by phone at 0303 123 1113.