+44 7717 226 379

Data Protection

1. Purpose

This policy outlines how we manage personal data in line with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other international privacy regulations as required.

2. Scope

This policy applies to all personal data collected, stored, processed, or shared by our consultancy, whether from clients, partners, or visitors to our website.

3. Data Protection Principles

We commit to the following principles when handling personal data:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

4. Lawful Basis for Processing

We process personal data based on one or more of the following:

  • Consent
  • Performance of a contract
  • Legal obligation
  • Legitimate interests
  • Protection of vital interests (where applicable)

5. Data Subject Rights

We ensure individuals can exercise their data rights, including:

  • Access to their data
  • Rectification of inaccuracies
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing
  • Withdrawal of consent (where applicable)

6. Data Security

We implement appropriate technical and organisational measures to secure personal data against loss, misuse, or unauthorised access. This includes regular reviews of security practices and system protections.

7. Data Sharing and Transfers

We do not sell or share personal data with third parties for marketing. Where international transfers occur, we ensure they are lawful and safeguarded under UK
adequacy decisions or standard contractual clauses.

8. Data Retention

We retain personal data only as long as necessary for the purposes collected, or to comply with legal or regulatory requirements.

9. Roles and Responsibilities

We are accountable for data protection compliance. Questions or concerns should be directed to: Su Sproston – [email protected]

10. Breach Notification

In the event of a data breach, we will assess risk and notify relevant supervisory authorities and affected individuals in accordance with legal requirements.

11. Policy Review

This policy is reviewed annually or as needed to reflect legal, technological, or operational changes.