Privacy Policy

​

1. Introduction

The Loft Consulting ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with us in any capacity.

This policy applies to all personal data processing activities carried out by The Loft Consulting, whether online or offline, and covers all individuals whose personal data we process, including clients, prospective clients, website visitors, suppliers, and other business contacts.

By engaging with our services or visiting our website, you acknowledge that you have read and understood this Privacy Policy.

​

2. Data Controller Information

Data Controller: The Loft Consulting
Registered Address: 71-75 Shelton St, London WC2H 9JQ, United Kingdom
Email: info@theloftconsulting.com
 

For any privacy-related queries, please contact us using the details above or reach out to our Data Protection Officer at info@theloftconsulting.com

​

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined in the UK General Data Protection Regulation (UK GDPR):

• Consent: Where you have given clear consent for us to process your personal data for specific purposes

• Contract: Where processing is necessary for the performance of a contract with you or to take steps before entering into a contract

• Legal Obligation: Where processing is necessary for compliance with legal obligations

• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms

• Vital Interests: Where processing is necessary to protect someone's life (rarely applicable in our business context)

• Public Task: Where processing is necessary for the performance of a task carried out in the public interest (rarely applicable in our business context)

• ​

4. Types of Personal Data We Collect

4.1 Information You Provide Directly

• Contact Information: Name, job title, company name, email address, phone number, postal address

• Professional Information: Industry, company size, business needs, project requirements

• Communication Records: Records of conversations, meetings, emails, and other communications

• Contract and Payment Information: Billing addresses, payment details, purchase orders, invoicing information

• Marketing Preferences: Communication preferences, interests, and consent records

4.2 Information Collected Automatically

• Website Usage Data: IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages

• Technical Data: Device identifiers, connection information, location data (where permitted)

• Cookies and Tracking Technologies: See our Cookie Policy for detailed information

4.3 Information from Third Parties

• Business Contact Information: Information obtained from publicly available sources, business directories, or professional networks

• Referral Information: Details provided by existing clients or business partners who refer you to our services

• Verification Data: Information from credit agencies or other verification services (where applicable)

​

5. How We Use Your Personal Data

5.1 Service Delivery

• Providing consulting services and delivering contracted work

• Managing client relationships and project communications

• Conducting business analysis and strategic planning

• Preparing reports, presentations, and deliverables

5.2 Business Operations

• Processing payments and managing financial transactions

• Managing suppliers and vendor relationships

• Maintaining business records and documentation

• Ensuring compliance with legal and regulatory requirements

5.3 Communication and Marketing

• Responding to inquiries and providing customer support

• Sending service updates and important notifications

• Marketing our services (only with appropriate consent)

• Conducting surveys and collecting feedback

5.4 Website and Technology

• Operating and maintaining our website

• Improving user experience and website functionality

• Analyzing website usage and performance

• Ensuring website security and preventing fraud

5.5 Legal and Compliance

• Complying with legal obligations and regulatory requirements

• Establishing, exercising, or defending legal claims

• Preventing fraud and ensuring business security

• Conducting internal audits and quality assurance

​

6. Data Sharing and Disclosure

6.1 Service Providers and Partners

We may share your personal data with trusted third parties who provide services on our behalf, including:

• IT service providers and cloud hosting services

• Payment processors and financial institutions

• Professional advisors (lawyers, accountants, auditors)

• Marketing and communications agencies

• Subcontractors and project delivery partners

All third parties are required to maintain appropriate security measures and use your data only for specified purposes.

6.2 Legal Requirements

We may disclose your personal data where required by law, regulation, or court order, or where necessary to:

• Protect our rights, property, or safety

• Protect the rights, property, or safety of others

• Prevent or investigate suspected fraud or illegal activities

• Comply with regulatory investigations or requests

6.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred to the acquiring party, subject to appropriate confidentiality and data protection measures.

6.4 Consent-Based Sharing

We will share your personal data with other parties only with your explicit consent, clearly explaining the purpose and scope of such sharing.

​

7. International Data Transfers

We may transfer your personal data outside the United Kingdom to service providers or business partners located in other countries. When we do so, we ensure appropriate safeguards are in place, such as:

• Adequacy Decisions: Transfers to countries deemed adequate by the UK government

• Standard Contractual Clauses: EU/UK standard contractual clauses with additional safeguards

• Binding Corporate Rules: Internal data protection policies for multinational organizations

• Certification Schemes: Recognized data protection certification programs

We will always inform you of international transfers where required and ensure your data receives equivalent protection.

​

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, or establish, exercise, or defend legal claims.

8.1 Retention Periods

• Client Data: Retained for the duration of our business relationship plus 7 years for accounting and legal purposes

• Marketing Data: Retained until you withdraw consent or for a maximum of 3 years of inactivity

• Website Data: Technical logs retained for up to 12 months; analytics data anonymized after 26 months

• Communication Records: Retained for 3 years from the last communication

8.2 Secure Deletion

When retention periods expire, we securely delete or anonymize your personal data using industry-standard methods to prevent recovery or reconstruction.

​

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

9.1 Technical Measures

• Encryption of data in transit and at rest

• Secure access controls and authentication systems

• Regular security updates and patches

• Firewall and intrusion detection systems

• Secure backup and disaster recovery procedures

9.2 Organizational Measures

• Staff training on data protection principles

• Access controls based on job requirements

• Regular security assessments and audits

• Incident response and breach notification procedures

• Vendor security assessments and contractual obligations

​

10. Your Rights

Under UK data protection law, you have the following rights regarding your personal data:

10.1 Right to Information

You have the right to be informed about how we collect and use your personal data (fulfilled by this Privacy Policy).

10.2 Right of Access

You can request copies of your personal data and information about how we process it.

10.3 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

10.4 Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the original purpose.

10.5 Right to Restrict Processing

You can request limitation of how we use your personal data in specific situations.

10.6 Right to Data Portability

You can request transfer of your personal data to another organization in certain circumstances.

10.7 Right to Object

You can object to processing of your personal data for direct marketing or where we rely on legitimate interests.

10.8 Rights Related to Automated Decision-Making

You have rights related to automated decision-making and profiling, including the right not to be subject to decisions based solely on automated processing.

10.9 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw that consent at any time.

10.10 Exercising Your Rights

To exercise any of these rights, contact us at info@theloftconsulting.com. We will respond within one month, though this may be extended in complex cases. Some rights may be limited by legal obligations or legitimate business needs.

​

11. Cookies and Website Technologies

Our website uses cookies and similar technologies to improve functionality and user experience. For detailed information about our use of cookies, please refer to our separate Cookie Policy.

11.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for website operation

• Performance Cookies: Help us understand how visitors use our website

• Functional Cookies: Remember your preferences and provide enhanced features

• Marketing Cookies: Used to deliver relevant advertising (only with consent)

11.2 Managing Cookies

You can control cookie settings through your browser preferences, though disabling certain cookies may affect website functionality.

​

12. Third-Party Links and Services

Our website may contain links to third-party websites and services. This Privacy Policy does not apply to external sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

12.1 Social Media Integration

We may use social media plugins and integration tools. When you interact with these features, information may be shared with the respective social media platforms according to their privacy policies.

​

13. Children's Privacy

Our services are not directed to individuals under 16 years of age, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly.

​

14. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach

• Inform affected individuals without undue delay where required

• Take appropriate measures to mitigate the impact of the breach

• Conduct a thorough investigation and implement preventive measures

​

15. Complaints and Regulatory Authority

If you have concerns about how we handle your personal data, please contact us first at info@theloftconsulting.com. We are committed to resolving any issues promptly and fairly.

If you remain unsatisfied with our response, you have the right to lodge a complaint with the UK data protection authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

​

16. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will:

• Post the updated policy on our website

• Notify you of significant changes via email or prominent website notice

• Indicate the date of the last update at the top of this policy

We encourage you to review this policy regularly to stay informed about how we protect your personal data.

​

17. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

The Loft Consulting
Address: 71-75 Shelton St, London WC2H 9JQ, United Kingdom
Email: info@theloftconsulting.com

Data Protection Officer: info@theloftconsulting.com

We are committed to addressing your privacy concerns promptly and transparently. Please allow up to 30 days for a full response to complex inquiries, though we aim to respond much sooner in most cases.