Privacy Policy

1. Introduction

Greenwich Strategy Ltd ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website or use our services.

We are registered in Scotland and operate as a management consulting firm specializing in operations excellence, financial performance, sustainability advisory, and software development services.

2. Data Controller Information

Data Controller: Greenwich Strategy Ltd
Registered in: Scotland, United Kingdom
Email: privacy@greenwichstrategy.co.uk
Website: https://greenwichstrategy.co.uk

3. Types of Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, company name, job title
• Inquiry Details: Information you provide when submitting contact forms or requesting consultations
• Client Data: Information necessary to deliver our consulting services, including business financial data, operational metrics, and sustainability reports
• Communication Records: Emails, meeting notes, and other correspondence
• Professional Information: Industry sector, company size, business challenges

3.2 Information Collected Automatically

• Technical Data: IP address, browser type, operating system, device information
• Usage Data: Pages visited, time spent on site, referring URLs, click patterns
• Cookies and Tracking: Data collected through cookies and similar technologies (see our Cookie Policy)

3.3 Information from Third Parties

• LinkedIn and Professional Networks: Professional profile information when you connect with us
• Business Partners: Information provided by referral partners or collaborators
• Public Sources: Publicly available business information from Companies House and similar registries

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

• Consent: When you provide explicit consent for marketing communications or cookies
• Contract Performance: To fulfill our contractual obligations when delivering consulting services
• Legitimate Interests: For business development, service improvement, and security purposes
• Legal Obligation: To comply with UK tax, accounting, and regulatory requirements

5. How We Use Your Data

We use your personal information for the following purposes:

5.1 Service Delivery

• Providing management consulting, financial advisory, and sustainability services
• Developing and delivering custom software solutions and digital platforms
• Conducting operational diagnostics, financial analysis, and ESG assessments
• Preparing reports, recommendations, and strategic plans

5.2 Communication

• Responding to inquiries and consultation requests
• Sending service updates and project communications
• Providing technical support for our digital platforms
• Sharing industry insights, case studies, and thought leadership (with consent)

5.3 Business Operations

• Processing payments and maintaining financial records
• Managing client relationships and contracts
• Improving our services and developing new offerings
• Conducting internal research and analytics

5.4 Legal and Security

• Complying with legal and regulatory obligations
• Protecting against fraud, security threats, and illegal activities
• Enforcing our terms of service and contractual agreements
• Maintaining business records as required by UK law

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

6.1 Service Providers

• Cloud Hosting: Secure cloud infrastructure providers for data storage
• Analytics Platforms: Website analytics and business intelligence tools
• Email Services: Professional email and communication platforms
• Payment Processors: Secure payment gateway providers

6.2 Professional Advisors

• Accountants and auditors (for financial compliance)
• Legal advisors (for contractual and regulatory matters)
• Insurance providers (for professional indemnity coverage)

6.3 Regulatory and Legal

• HMRC and tax authorities (for tax compliance)
• Companies House (for statutory filing requirements)
• Law enforcement (when legally required)
• Courts and dispute resolution bodies (when necessary)

6.4 Business Transfers

In the event of a merger, acquisition, or sale of company assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

7. International Data Transfers

We primarily process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office
• Adequacy decisions recognising equivalent data protection standards
• Binding corporate rules for multinational service providers

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Client Data: Duration of engagement plus 6 years (UK tax and accounting requirements)
• Financial Records: Minimum 6 years from end of financial year
• Marketing Contacts: Until consent is withdrawn or 2 years of inactivity
• Website Analytics: 26 months (standard Google Analytics retention)
• Legal Documents: As required by contract or statute of limitations

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

9.1 Right of Access

You can request a copy of the personal data we hold about you (Subject Access Request).

9.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure

You can request deletion of your data (subject to legal retention requirements).

9.4 Right to Restriction

You can request we limit how we use your data in certain circumstances.

9.5 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

9.6 Right to Data Portability

You can request your data in a structured, machine-readable format.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: TLS/SSL encryption for data transmission, AES-256 for data at rest
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and regular security audits
• Data Backup: Regular encrypted backups with secure off-site storage
• Employee Training: Regular data protection and security awareness training
• Incident Response: Documented procedures for data breach notification

11. Children's Privacy

Our services are directed at business clients and professionals. We do not knowingly collect data from individuals under 16. If we become aware of such collection, we will delete the data promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notifications to registered clients
• Requiring re-consent where legally required

13. Complaints and Regulatory Authority

If you believe we have not handled your data properly, you can:

1. Contact us directly: privacy@greenwichstrategy.co.uk
2. Lodge a complaint with the UK Information Commissioner's Office (ICO):
   Website: https://ico.org.uk
   Helpline: 0303 123 1113

14. Contact Information

For any questions about this Privacy Policy or our data practices, please contact:

Privacy Officer
Greenwich Strategy Ltd
Email: privacy@greenwichstrategy.co.uk
General Inquiries: info@greenwichstrategy.co.uk
Website: https://greenwichstrategy.co.uk