Privacy Policy

1. Information We Collect

We collect information about you in several ways when you use our website and services:

Information You Provide Directly

• Contact Information: Name, email address, phone number, and postal address when you contact us or subscribe to our newsletter
• Business Information: Company name, job title, and business requirements when you enquire about our services
• Communication Content: Messages, enquiries, and feedback you send to us through our contact forms or email
• Marketing Preferences: Your consent for receiving marketing communications and preferences for communication types

Information We Collect Automatically

• Technical Information: IP address, browser type, operating system, device information, and access times
• Usage Data: Pages visited, time spent on pages, links clicked, and navigation patterns
• Location Data: General geographic location based on IP address (country and city level)
• Cookie Data: Information collected through cookies and similar tracking technologies (see our Cookie Policy for details)

Information from Third Parties

• Professional Networks: Publicly available professional information from business networks and directories
• Analytics Services: Aggregated website usage statistics from analytics providers
• Security Services: Threat intelligence and security information to protect our services

2. How We Use Your Information

We use your personal information for the following purposes:

Service Provision

• Respond to your enquiries and provide information about our services
• Deliver consulting and advisory services as requested
• Process and fulfil service agreements and contracts
• Provide customer support and technical assistance

Communication

• Send you newsletters and updates about digital licensing and governance topics
• Notify you about changes to our services or terms
• Respond to your questions and requests for information
• Send important service announcements and updates

Website Improvement

• Analyse website usage to improve user experience and functionality
• Monitor website performance and identify technical issues
• Develop new features and services based on user needs
• Personalise content and recommendations where appropriate

Legal and Security

• Comply with legal obligations and regulatory requirements
• Protect against fraud, security threats, and abuse
• Enforce our terms of service and other agreements
• Maintain records for audit and compliance purposes

3. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

Consent

We process your personal data based on your consent for:

• Newsletter subscriptions and marketing communications
• Optional cookies and tracking technologies
• Participation in surveys and feedback collection

Legitimate Interests

We process your personal data based on our legitimate interests for:

• Website analytics and performance monitoring
• Security and fraud prevention
• Business development and service improvement
• Customer relationship management

Contract Performance

We process your personal data to:

• Fulfil service agreements and consulting contracts
• Provide requested information and support
• Process payments and manage billing

Legal Obligations

We process your personal data to comply with:

• Tax and accounting requirements
• Regulatory reporting obligations
• Law enforcement requests where legally required

4. Sharing Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

Service Providers

We share information with trusted third-party service providers who assist us in:

• Website hosting and technical infrastructure
• Email delivery and marketing platform services
• Analytics and website performance monitoring
• Customer support and communication tools
• Payment processing and financial services

Legal Requirements

We may disclose information when required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Respond to lawful requests from regulatory authorities
• Protect our rights, property, or safety
• Investigate fraud or security incidents

Business Transfers

In the event of a merger, acquisition, or sale of business assets, personal information may be transferred as part of the transaction, subject to equivalent privacy protections.

5. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy:

Contact and Communication Data

• General enquiries: 3 years from last contact
• Newsletter subscriptions: Until you unsubscribe or 3 years of inactivity
• Customer service records: 5 years for quality assurance and training

Business and Contract Data

• Service contracts: 7 years after contract completion for legal and tax purposes
• Financial records: 7 years as required by UK tax law
• Compliance records: As required by applicable regulations

Technical and Analytics Data

• Website analytics: 26 months or until withdrawal of consent
• Security logs: 12 months for security monitoring purposes
• Technical support data: 2 years after issue resolution

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal information we hold about you, including details about how we use it and who we share it with.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal information we hold about you.

Right to Erasure

You can request that we delete your personal information in certain circumstances, such as when it's no longer necessary for the purposes we collected it.

Right to Restrict Processing

You can request that we limit how we use your personal information in certain circumstances, such as while we investigate a complaint about accuracy.

Right to Data Portability

You can request a copy of your personal information in a structured, machine-readable format for transfer to another service provider.

Right to Object

You can object to our processing of your personal information based on legitimate interests, including direct marketing.

Rights Related to Automated Decision Making

You have the right not to be subject to automated decision-making, including profiling, that significantly affects you.

Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section. We will respond to your request within one month and may ask you to verify your identity.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your website experience. For detailed information about our cookie practices, please see our Cookie Policy.

Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Help us understand how visitors use our website
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness

Managing Cookie Preferences

You can manage your cookie preferences through our cookie banner or by adjusting your browser settings. Note that disabling certain cookies may affect website functionality.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

Security Measures

• Encryption: Data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Strict access controls and authentication requirements for our systems
• Regular Audits: Regular security assessments and vulnerability testing
• Staff Training: Ongoing security awareness training for all team members
• Incident Response: Established procedures for detecting and responding to security incidents

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

9. International Data Transfers

Your personal information may be transferred to and processed in countries outside the UK and European Economic Area (EEA) that may have different data protection laws.

Safeguards for International Transfers

When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries deemed adequate by the UK Government
• Standard Contractual Clauses: Use of approved standard contractual clauses for transfers to other countries
• Certification Schemes: Transfers to organisations with recognised privacy certifications
• Additional Measures: Supplementary measures where required to ensure equivalent protection

10. Children's Privacy

Our website and services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 without parental consent.

If We Discover Children's Data

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.

Parental Rights

Parents and guardians have the right to:

• Review their child's personal information
• Request deletion of their child's personal information
• Refuse to allow further collection of their child's personal information

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

Notification of Changes

• We will post the updated policy on our website with a new effective date
• For material changes, we will provide additional notice through email or website notifications
• Continued use of our services after changes take effect constitutes acceptance of the updated policy

Previous Versions

Previous versions of this Privacy Policy are available upon request for your reference.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: