Privacy Notice

Introduction

This Privacy Notice provides further information on the way in which your personal information is collected, used and processed in the course of providing consultancy services and in carrying out marketing activities at Pitchstone Consulting Ltd.

This notice forms part of our Website Terms of Use and should be read in conjunction with these terms and the Cookie Policy.

 

Who we are

Pitchstone comprises Pitchstone Consulting Ltd (otherwise herein referred to as Pitchstone, we, us, our), a limited liability company registered in England and Wales with registered company number 16066823 and its registered office at 3 Finches Way, Burnham on Sea, TA8 2QQ. Pitchstone is a Data Controller of personal information registered with the Information Commissioner under registration number ZB829377.

You can contact us in relation to this Privacy Notice via email: h.youell.cano@.deletepitchst.toone..revealco.mynsu.detailsltin.thanksg.

 

Who this notice applies to

• Clients.
• Other advisors involved in the contracted work between client and Pitchstone (e.g. other businesses and persons our clients are contracted with).
• Our insurers, professional advisors, legal and financial advisors.
• Sub-contractors and suppliers.
• People whose information is processed as part of marketing activities.

 

What information we collect or use

We collect or use the following information to provide and improve products and services for clients:

• Basic information including your name (including prefix), job title, company name, company postal address and contact details (email address, telephone number).
• Additional professional information including photograph from your company website and/or social media account content (e.g. LinkedIn).
• Information provided to us during telephone or video conferencing calls including transcripts and / or recorded digital copies where conducted virtually.
• Information provided to us for events and training sessions, including sign-up contact information, information from business cards, dietary and access requirements.
• Information provided in the course of conducting business with us.
• Information relating to compliments or complaints.
• Payment details (including bank account information for transfers) and transaction data (including details about payments to and from you and details of services you have purchased).
• Any other information you may provide to us as part of conducting business with us.

 

We collect or use the following personal information for information updates or marketing purposes:

• Names (including prefix), company name, job title, contact details, marketing interests, feedback, research and survey input, and your marketing consent preferences.

 

We collect or use the following personal information for dealing with queries, complaints or claims:

• Basic information including your name, job title, company name and contact details.
• Client accounts, records and related correspondence.
• Feedback and survey responses you provide to us.

 

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
• Your right to rectification– You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
• Your right to erasure– You have the right to ask us to delete your personal information. You can read more about this right here.
• Your right to restriction of processing– You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
• Your right to object to processing– You have the right to object to the processing of your personal data. You can read more about this right here.
• Your right to data portability– You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
• Your right to withdraw consent– When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

 

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

 

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for our clients are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legitimate interests – we are collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • To carry out contractual, conflict, anti-money laundering and payment / credit checks prior to entering into and performing the contract we have with you.
  • To provide our consultancy services and advice.
  • To improve and promote our services to you.
  • For networking purposes.
  • For the prevention of fraud and other criminal activities.
  • In receiving feedback.

 

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

 

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

 

Where we get personal information from

• Directly from you: Including from your email, postal and telephone interactions with us; when registering for an event or training session; from business cards at a meeting or event; and returned responses from survey and feedback forms.
• Public sources: Including online professional social platforms (e.g. LinkedIn); Companies House; regulatory databases and your company website.
• Third Parties: Including from our clients’ contacts; other professional advisors instructed by us or the client; credit reference agencies; suppliers and sub-contractors.

 

How we retain information

We will only use your personal information where we have a lawful basis for processing. Where personal data is collected, the retention criteria are as follows:

• All contract-related information and enquiries (including prospective): Held for a minimum of 7 years from the date of file closure, except where an alternative storage term is agreed in contract.

 

Information is retained in the following manner:

• All documents, records and personal information are stored electronically or in hard copy format.
• Hard copy documents are held as copies to the original and stored in a designated, physically secure and controlled access location. Original documents are copied or electronically scanned and returned to the client.
• For electronic storage (including removable formats on CD/DVD, USB drive), personal information is stored on laptops equipped with encryption or on encrypted backup external storage devices, and/or in a designated, physically secure and controlled access location.
• Daily backups of critical IT infrastructure are performed and stored on secure online platforms.
• At the end of the retention period hard copy documents will be physically destroyed at a secure location. The destruction will be an irreversible act. Electronic records will be cleansed and irreversibly deleted from systems.

 

Who we share information with

Others we share personal information with

• Our clients, in providing services to them.
• Professional and legal advisors, suppliers and sub-contractors dependent on and during provision of the contracted services.
• Event venues, online hosting platforms and partners involved with events and training.
• Support organisations including insurance companies, brokers, financial, marketing, survey platforms or other technology intermediaries.

 

We will also disclose your personal information to a relevant third-party in the following circumstances:

• Where we are acquired by a third-party. The data will form part of the assets transferred with the business.
• Where we are required to disclose or share personal data to comply with a legal instruction; or regulatory request; to enforce or apply our terms; or to protect the rights, assets or safety of our clients, or others.

 

Transference of personal information outside of the United Kingdom (UK) or European Economic Area

We do not seek to transfer personal information outside of the UK or EEA unless adequate safeguards are in place to maintain compliance with data protection laws.

For example, in the event that part of a client’s business is outside of the UK or EEA, personal information may be shared and involve transferring your data outside the UK or EEA. In such circumstances we will obtain consent prior to transfer or will ensure similar data safeguards are in effect for the use and processing of personal information.

In addition, we may host links to third-party websites and applications (e.g. video conferencing, video hosting, online event sign-up and training platforms). We have no control over or responsibility for, the privacy settings declared by these websites and applications. When choosing to use these third-party links and leaving our website please refer to their privacy notices.

 

Queries and concerns

If you have any concerns about our use of your personal data, you can make an enquiry or complaint to us using the contact details at the top of this privacy notice.

Where we are unable to address your concerns to your satisfaction, you have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk.

 

Changes to this notice

This privacy notice may be updated from time to time. Please refer back and review as needed. This version was last updated on 27 December 2024.