Privacy Policy

Privacy Policy - Carl Boasman Consultancy Ltd  

Introduction

Carl Boasman Consultancy Ltd (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.  

We provide consultancy and professional services to clients across the UK and internationally. This policy applies to all individuals whose personal data we process, including clients, suppliers, partners, and website visitors.  

Information We Collect  

We may collect and process the following categories of personal data:  

• Identity information: name, job title, company details.  
• Contact information: email address, phone number, postal address.  
• Business information: details of services requested, contracts, tenders, proposals.  
• Financial information: invoicing details, payment records.  
• Technical information: IP address, browser type, website usage data.  

Legal Basis for Processing  

We process personal data under the following lawful bases:  

• Contractual necessity: to deliver consultancy and professional services.  
• Legal obligations: to comply with tax, accounting, and regulatory requirements.  
• Legitimate interests: to manage our business relationships and improve services.  
• Consent: where required, for marketing communications.  

How We Use Personal Data  

We use personal data to:  

• Provide consultancy services and fulfil contractual obligations.  
• Communicate with clients regarding projects, tenders, and proposals.  
• Manage business operations including invoicing, payments, and recordkeeping.  
• Comply with legal requirements such as tax and regulatory filings.  
• Improve our website and services through analytics.  
• Send marketing communications (only with consent).  

Where we Get Personal Data From 

• Directly from you.  
• Publicly available sources.  

Data Sharing and Transfers  

We may share personal data with:  

• Service providers such as IT support, accountants, and legal advisors.  
• Regulatory authorities where required by law.  
• Business partners involved in delivering services.  

We do not sell personal data. If data is transferred outside the UK, we ensure appropriate safeguards are in place (e.g., UK adequacy decisions or standard contractual clauses).  

Data Retention  

We retain personal data only as long as necessary:  

• Contractual records: retained for 6 years after contract completion.  
• Financial records: retained for 7 years in line with HMRC requirements.  
• Marketing data: retained until consent is withdrawn.  

When data is no longer required, it is securely deleted or anonymised. 

Your Rights  

Under UK GDPR, you have the following rights:  

• Access: request a copy of your personal data.  
• Rectification: correct inaccurate or incomplete data.  
• Erasure: request deletion of your data (“right to be forgotten”).  
• Restriction: limit how we process your data.  
• Data portability: receive your data in a structured format.  
• Objection: object to processing based on legitimate interests or direct marketing.  
• Withdraw consent: where processing is based on consent.  

Security  

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. 

Contact Us  

If you have any questions or wish to exercise your rights, please contact:  

Email: enquiries@carlboasman.co.uk

Complaints

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details under the ‘Contact Us’ section of this policy.  If you remain unhappy with how we’ve used your date after raising a complaint with us, you can also complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection: www.ico.org.uk  Helpline 0303 123 1113.