Westmoor Consulting Ltd is committed to protecting your privacy and ensuring you have a positive experience on our website and when engaging with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with applicable UK data protection laws.
This Privacy Policy applies to personal data we collect through our website (www.westmoorconsulting.co.uk), contact forms, email communications, telephone conversations, and consulting service engagements. It does not apply to third-party websites linked from our website, which are governed by their own privacy policies.
Westmoor Consulting Ltd, located at 12 Friar Street, 2nd Floor, Reading, RG1 1DB, United Kingdom, is the data controller responsible for personal data processing under this Privacy Policy. For questions or concerns about how we process your personal data, contact us at contact@westmoorconsulting.co.uk or telephone +44 118 957 3000.
When you visit or use our website, we may collect the following types of personal data:
When you engage us to provide consulting services, we may collect:
In some cases, we may receive information about identifiable individuals who are not the primary contact but who are relevant to your engagement (for example, department heads or team members). This information is treated as personal data and is subject to this Privacy Policy and UK GDPR protections.
Under UK GDPR, we must have a legal basis for processing your personal data. The legal bases for our processing are:
We process personal data necessary to perform consulting services you have engaged us to provide. This includes information required to deliver the service, invoice you, and communicate about the engagement.
We process personal data to pursue our legitimate business interests, including responding to enquiries, improving our services, and conducting business administration. We balance these interests against your privacy rights and only process data where we have determined that our interests outweigh privacy impacts.
For certain processing activities, we rely on your explicit consent. For example, if you subscribe to our mailing list, we process your email address based on your consent. You may withdraw consent at any time by contacting us.
In some cases, we process personal data to comply with legal obligations. For example, we may retain business records as required by tax and company law.
We process your personal data to deliver consulting services you have engaged us to provide. This includes communicating with you about the engagement, accessing information and systems required to deliver services, billing for services provided, and following up after the engagement concludes.
When you contact us through our website, email, or telephone, we use your contact information to respond to your enquiry, provide information about our services, and follow up if appropriate.
We process personal data for business administration purposes including invoicing, managing contracts, maintaining business records, and handling complaints or disputes.
We may analyse personal data (in anonymised form where possible) to understand how our website is used, what information is valuable to visitors, and how we can improve our services and website experience.
If you have consented, we may send you occasional emails with information about our services, industry insights, and consulting updates. You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in emails or by contacting us directly.
We process personal data to comply with legal obligations, including maintaining business records, responding to legal requests, and preventing fraud or misuse of our services.
We do not routinely share personal data with external parties. However, we may disclose personal data in the following circumstances:
We may share personal data with service providers who assist us in operating our website, processing payments, sending communications, or conducting business administration. These service providers are contractually obligated to protect your personal data and use it only for purposes we specify.
We may disclose personal data to professional advisers (accountants, solicitors, insurers) for business and legal purposes. These advisers are bound by confidentiality obligations.
During consulting engagements, we may need to disclose information to your staff or external advisers as part of delivering services. We will only disclose information with your knowledge and approval.
We may disclose personal data when required by law, court order, or governmental authority. We will provide notice of such disclosures where legally permissible.
Absent the circumstances described above, we do not disclose personal data to external parties without your explicit written consent. We do not sell, rent, or trade personal data for any purpose.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods depend on the type of data and the purpose:
Personal data collected during consulting engagements is retained for the duration of the engagement plus seven years thereafter to satisfy tax record-keeping requirements and to support potential disputes or client questions about the engagement.
Personal data from website contact forms is retained for two years from the date of the enquiry. If you do not become a client, your information is securely deleted after this period unless you have requested to remain on our mailing list.
If you have subscribed to receive information from us, your email address is retained until you unsubscribe or request deletion.
When personal data is no longer needed, it is securely deleted or, if deletion is not possible, anonymised. Physical documents are shredded, and electronic data is permanently deleted from all systems and backups.
We implement comprehensive technical and organisational security measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
You are responsible for maintaining the confidentiality of any login credentials or access codes provided to you. Please notify us immediately if you believe your credentials have been compromised.
While we implement appropriate security measures, no security system is completely impenetrable. We cannot guarantee absolute security of personal data. Transmission of data over the internet carries inherent risks. You transmit personal data at your own risk.
UK GDPR provides individuals with specific rights regarding their personal data. You have the following rights:
You have the right to request access to personal data we hold about you. We will provide a copy of your personal data in a portable electronic format within 30 days of your request.
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. We will correct data within 30 days of your request.
You have the right to request deletion of personal data we hold about you, subject to certain exceptions. We may retain data where retention is necessary for legal compliance, contract performance, or legitimate business interests. We will respond to deletion requests within 30 days.
You may request that we restrict processing of your personal data whilst you challenge the accuracy of data, or pending resolution of disputes about processing.
You have the right to object to processing of your personal data for legitimate business interest or marketing purposes. We will cease processing for objected purposes unless we can demonstrate compelling legitimate interests that outweigh your rights.
You have the right to receive your personal data in a portable electronic format and to transmit it to another data controller.
If processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. You may file a complaint at www.ico.org.uk.
To exercise any of your data protection rights, please submit a written request to contact@westmoorconsulting.co.uk with the subject line "Data Subject Request." Include your name, the nature of your request, and any relevant information to help us locate your data.
We may request additional information to verify your identity before processing your request. This is done to protect your privacy and ensure we disclose data only to the individual to whom it pertains.
We will respond to your request within 30 days of receipt. If your request is complex or voluminous, we may extend this timeframe by up to two further months. We will notify you of any extension and the reason for it.
We do not charge fees for processing requests to access, correct, or delete personal data, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee to cover administrative costs.
Our website uses cookies, which are small data files stored on your device when you visit. Cookies help us understand how our website is used and improve your experience. For detailed information about cookies we use, purposes, and how to manage them, please see our Cookie Policy.
We obtain your consent before placing non-essential cookies on your device. You may withdraw consent or manage your cookie preferences at any time through your browser settings or our cookie management tool.
Our website contains links to external websites operated by third parties. We are not responsible for the privacy practices or content of external websites. Please review the privacy policies of external websites before providing personal data to them.
Our website and services are not directed at children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will delete such data promptly.
Personal data is stored and processed in the United Kingdom. We do not routinely transfer personal data outside the UK. If we do transfer data internationally, we will implement appropriate safeguards including Standard Contractual Clauses or adequacy decisions as required by UK GDPR.
For questions or concerns about our privacy practices, to exercise your data protection rights, or to report a privacy violation, please contact:
Westmoor Consulting Ltd
12 Friar Street, 2nd Floor
Reading, RG1 1DB
United Kingdom
Email: contact@westmoorconsulting.co.uk
Phone: +44 118 957 3000
Telephone Hours: Monday-Friday, 08:30-17:30
If you have unresolved concerns about our privacy practices, you may lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with an updated "Last Modified" date. Your continued use of our website or services constitutes acceptance of the updated Privacy Policy.
If requested, we will provide you with a copy of our previous Privacy Policy versions.