1. Introduction

​

Welcome to Unorthodox Consulting. We are committed to protecting your privacy and handling your personal data in a transparent and secure manner. This Privacy Policy explains how we collect, use, store and share your personal data when you visit our website at www.unorthodoxconsulting.com or engage with our services.

​

We operate as a sole trader under the business name Unorthodox Consulting and are the Data Controller responsible for your personal data under the General Data Protection Regulation (GDPR). By using our website or services, you acknowledge the practices described in this policy.

​

2. What Personal Data We Collect & How We Use It (and Our Legal Basis)

​

We collect different types of personal data for specific purposes, always ensuring we have a lawful basis to do so as required by GDPR.

​

2.1. Information You Provide to Us Directly

This includes information you give us when you fill in forms on our site, subscribe to our newsletter or correspond with us by phone, email or otherwise.

• Type of Data:

  • Contact Data: Your name, email address, phone number.

  • Professional Data: Company name, job title, details about your brand strategy or team challenges.

  • Correspondence Data: Content of your emails, letters and contact form submissions.

• Purpose & Legal Basis:

  • To respond to your enquiries and provide information about our services: Our legitimate interest in responding to prospective clients and operating our business.

  • To send you newsletters and marketing communications: Your consent, which you provide by explicitly opting in. You can withdraw your consent at any time.

  • To enter into and fulfil a contract with you (e.g., for workshop or retainer services): Performance of a contract or taking steps at your request before entering into a contract.

• Examples of Use: Sending you information about our services, answering your questions, sending newsletters you've subscribed to or arranging and delivering our workshops and retainer services.

 

2.2. Information We Collect Automatically from Your Website Visits

When you visit our website, we may automatically collect certain technical and usage data.

• Type of Data:

  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

  • Usage Data: Full Uniform Resource Locators (URLs) you visit before or after our site, products/pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (scrolling, clicks, mouse-overs) and methods used to browse away from the page.

• Purpose & Legal Basis:

  • To administer our site, for troubleshooting, data analysis, testing, research, statistical and survey purposes: Our legitimate interest in ensuring our website operates effectively, is secure and for business planning.

  • To improve our site and ensure content is presented effectively: Our legitimate interest in enhancing user experience and growing our business.

  • To keep our site safe and secure: Our legitimate interest in protecting our systems and data.

  • To measure the effectiveness of advertising and deliver relevant advertising: Your consent (for certain tracking cookies, see Cookie Policy) or our legitimate interest in understanding our marketing performance.

  • To make suggestions and recommendations to you and other users: Our legitimate interest in promoting relevant services.

 

2.3. Information We Receive from Other Sources

We may receive personal data about you from various third parties, for example:

• Technical Data: From analytics providers (e.g., Google Analytics), advertising networks, search information providers.

• Contact, Financial, and Transaction Data: From providers of technical, payment and delivery services.

• Identity & Contact Data: From publicly available sources (e.g., LinkedIn) for business development purposes, based on our legitimate interest to identify potential clients.

 

3. Cookies and Similar Technologies

 

Our website uses cookies to distinguish you from other users and to help us improve our site and your browsing experience. We only place non-essential cookies on your device if you provide your explicit consent through our cookie consent banner.

​

For detailed information on the cookies we use, their purposes and how to manage your preferences, please see our dedicated Cookie Policy.

 

4. How We Share Your Personal Data

 

We may share your personal data with the following categories of third parties for the purposes outlined in this policy:

• Service Providers: Third-party companies that provide services to us, such as website hosting, email marketing platforms (e.g., Mailchimp), CRM systems (e.g., HubSpot), payment processing providers and analytics providers. These providers only process your data on our instructions and are subject to strict data processing agreements.

• Professional Advisers: Lawyers, accountants, bankers, auditors and insurers who provide professional services to us.

• Law Enforcement or Regulators: If required by law or a valid legal process.

• Prospective Buyers/Sellers: In the context of a sale, merger or acquisition of part or all of our business.

 

We do not sell your personal data to any third parties.

 

5. International Data Transfers

 

We may transfer your personal data to countries outside the UK and the European Economic Area (EEA) if our service providers are based there. Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government or the European Commission.

• Where we use certain service providers, we may use specific contracts approved for use in the UK or EEA which give personal data the same protection it has in the UK/EEA (e.g., Standard Contractual Clauses).

 

6. Data Security

 

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

​

Despite our efforts, the transmission of information via the internet is not completely secure. While we do our best to protect your personal data, we cannot guarantee the security of data transmitted to our site; any transmission is at your own risk.

​

7. Data Retention

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example:

• Newsletter subscriber data is kept until you unsubscribe.

• Client contract data is typically kept for 6 years after the end of the contract for tax and legal purposes.

 

8. Your Legal Rights (Data Subject Rights)

 

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

• Request access to your personal data (commonly known as a "data subject access request").

• Request correction of your personal data.

• Request erasure of your personal data.

• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

• Request restriction of processing of your personal data.

• Request the transfer of your personal data to you or to a third party.

• Withdraw consent at any time where we are relying on consent to process your personal data.

 

To exercise any of these rights, please contact us at hello@unorthodoxconsulting.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

​

9. Changes to Our Privacy Policy

 

Any changes we may make to our privacy policy in the future will be posted on this page. We encourage you to check back frequently to see any updates or changes. Where appropriate, we may also notify you by email.

​

10. How to Contact Us

 

If you have any questions about this privacy policy or our data protection practices, please contact us at:

Email: hello@unorthodoxconsulting.com

Address: Telegraph Street, Unit 41332, PO Box 6945, London, W1A 6US, United Kingdom

​

Complaints:

​

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.