Privacy Policy

Last Updated: June 25, 2026

Introduction

Your privacy is important to us, and this privacy statement explains what personal data we collect about you and how we use that personal data. It applies to personal data about you which you provide to us, which we receive from third parties, and which we collect from publicly available sources.

This statement also provides details about the rights you have, as well as how to exercise those rights. By using this website and our services, you consent to the collection and use of your personal data as outlined in this policy.

Who Does This Apply To?

This privacy policy applies to:

  • Individuals who are clients or prospective clients of Privy Consul
  • Representatives of client or supplier organisations
  • Visitors to our website
  • Users of our digital products and services
  • Event attendees and marketing contacts

What Is Our Lawful Basis for Processing Your Personal Data?

We process your personal data only when we have a valid lawful basis to do so, in compliance with applicable data protection laws. We carefully assess the purpose and necessity of processing to ensure that your rights are always respected. The lawful bases we rely on include:

  • Performance of a contract: Processing is necessary to fulfil our contractual obligations with you, or to take steps at your request before entering into a contract.
  • Compliance with a legal obligation: Processing is necessary to comply with applicable legal obligations.
  • Legitimate interests: Processing is necessary for our legitimate interests or those of third parties, such as operating and managing our business, improving our products and services, maintaining security, and protecting our rights, provided that such interests do not override your fundamental rights and freedoms.
  • Consent: Processing based on your explicit consent for specific purposes.

The lawful basis we rely on may differ depending on your location and the applicable data protection laws. If you have any questions about the lawful basis that applies to you, please contact us using the details below.

What Happens If You Do Not Provide Personal Data?

If we need to process your personal data to fulfil our legal obligations or execute a contract with you, and you do not provide the necessary information, we may be unable to enter into the contract or carry out your instruction. We will inform you if this situation arises.

Do We Share Your Personal Data?

We share personal data only when legally permitted, ensuring protective measures are in place to uphold data protection and security standards.

Third Party Providers

We use third party providers, including contractors, subcontractors and their subsidiaries or affiliates, who help us deliver our services and operate our IT systems. This includes providers of services such as:

  • Website hosting and maintenance
  • Data analysis and security
  • Cloud storage and backup
  • Email and communications services
  • Facilities management

When we share your personal data with third parties, we require them to maintain appropriate security and confidentiality standards and to process personal data only on our instructions.

Other Recipients

Additionally, we may disclose personal data:

  • To professional advisers (e.g., law firms or external auditors) as necessary in connection with the services they have been engaged to provide
  • When explicitly requested by you
  • To our partners when required to facilitate conferences or events
  • To professional bodies, law enforcement, regulatory and other government agencies in accordance with the services we are performing for you or to fulfil a specific request

Transfers to Other Countries

Your personal data may be transferred to and stored outside the country where you are located. This includes transfers to countries outside the European Economic Area ("EEA") and to regions that may not have established laws that provide adequate protection for personal data.

When your personal data is collected within the EEA, transfers outside the EEA will only be:

  • To a recipient in a country which provides an adequate level of protection for your personal data; or
  • Under an agreement meeting EU requirements for transferring personal data, such as standard contractual clauses approved by the European Commission.

Security

We follow internationally recognised standards for technology and operational security to safeguard personal data against loss, misuse, alteration and destruction. Our data centres are aligned with ISO 27001 security standards or equivalent industry-recognised security frameworks.

Only authorised personnel have access to personal data, all of whom are bound to maintaining confidentiality. We have established a comprehensive framework of policies and procedures addressing data protection, confidentiality and security, and we continuously review and enhance our security measures to ensure your data remains secure.

Your Rights

Depending on local data protection laws, you may have rights concerning the personal data we hold about you. Not all rights apply in all circumstances, and we will assess each request on a case-by-case basis in accordance with applicable law.

These rights may include:

  • Right to information: You can ask us at any time whether we are processing your personal data, request a copy of your personal data, and obtain details about how and why we process it.
  • Right to rectification: If the personal data we hold about you is incorrect or incomplete, you can ask us to correct it.
  • Right to erasure: You can ask for your data to be deleted if it is no longer required for our processing or if you consider our processing is unlawful.
  • Right to data portability: You may have the right to receive your personal data in a common data format.
  • Right to restriction: You can ask us to limit how we process your personal data.
  • Right to object: If we process your personal data based on legitimate interests, you have the right to object to the processing.
  • Right to withdraw consent: If we process your data based on your consent, you can withdraw your consent at any time.

If you believe that the processing of your personal data violates applicable laws, you may have the right to lodge a complaint with the data protection supervisory authority in your jurisdiction.

Children's Privacy

Our website and services are not directed to children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We reserve the right to update this privacy policy at any time. We will notify you of any significant changes by posting the updated policy on this website and updating the "Last Updated" date. Your continued use of our website and services following the posting of a revised privacy policy means that you accept and agree to the changes.

How to Contact Us

Should you have any questions about how we process personal data, want to exercise your rights, or have a complaint, please contact us:

Email: contact@privyconsul.com
Address: Privy Consul, London, United Kingdom

We will respond to all requests within 30 days where possible, in accordance with applicable data protection laws.