Privacy Policy
Beetroot Consulting Ltd
Version: 1.2
Effective Date: April 2025
Review Date: April 2027
Owner: Director
Applies To: Clients, collaborators, suppliers, website visitors, and data subjects
1. Who We Are
Beetroot Consulting Ltd is a UK-based organisation providing IT consultancy, systems development, research, facilitation, and organisational support. We take data protection seriously and are committed to upholding the rights and freedoms of individuals under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.
We act as a Data Controller when we determine how your data is used and as a Data Processor when acting on behalf of a client.
2. What Personal Data We Collect
We may collect and store the following types of personal data:
Names, job titles, email addresses, phone numbers
Organisation or employer details
Project- or contract-related communications
Feedback or consultation responses
Payment and invoicing details
IP addresses, browser data (when visiting our website)
In limited cases, we may process special category data (e.g. health, access needs) only where strictly necessary and with appropriate safeguards.
3. How We Collect It
We collect personal data when:
You contact us or submit an enquiry or form
You enter into a service contract or partnership with us
You sign up to participate in a session, programme, or consultation
You visit our website or access shared files or systems
You interact with us during professional delivery or collaboration
4. Why We Process Personal Data
We process personal data for the following reasons:
To deliver our contracted services
To manage professional relationships and communications
To comply with legal and regulatory requirements
To improve our services and meet access or wellbeing needs
To maintain financial and operational records
To respond to feedback, concerns, or data rights requests
We will not use your data for marketing without your explicit consent, and we do not sell or trade personal information.
5. Our Legal Bases for Processing
We rely on the following lawful bases under Article 6 of UK GDPR:
Contractual necessity – to deliver agreed services
Legal obligation – to meet financial, HR, or regulatory duties
Legitimate interests – to manage day-to-day operations, relationships, and accountability
Consent – where required for optional activities (e.g. testimonials, photos, or case studies)
6. Sharing Your Data
We may share your data with:
Trusted service providers and collaborators who support our operations
Our professional advisors (e.g. accountants, legal counsel)
Clients, where required by the scope of delivery and data processing agreements
Authorities or regulators, where legally required
All third-party data processors are vetted and bound by appropriate agreements.
7. Data Security
We implement appropriate security controls including:
Password-protected systems with Multi-Factor Authentication (MFA)
Encrypted cloud storage
Access restrictions based on role and need
Secure disposal of records no longer required
8. Data Retention
We retain personal data only for as long as necessary to fulfil its purpose or meet legal obligations. This typically includes:
6 years for contractual, financial, or project data
Shorter retention for informal communications or feedback
Immediate deletion where consent is withdrawn and no lawful basis remains
9. Your Rights
You have rights over your personal data, including:
Access to the data we hold about you
Correction of inaccurate or incomplete data
Deletion of data in certain circumstances
Restriction or objection to processing
Data portability (in some cases)
To exercise your rights, please email Kanika Selvan on Kanika@beetrootconsulting.co.uk. We aim to respond within 30 days.
10. Contact and Complaints
For any queries about this notice or your personal data:
Data Protection Lead
kanika@beetrootconsulting.co.uk
Or 28 Demesne Rd, Manchester, M168HJ
You also have the right to complain to the Information Commissioner’s Office (ICO):
🔗 www.ico.org.uk
Last Updated: April 2025