Privacy Policy

Who we are

Data controller: ROOT Consultancy Ltd (United Kingdom).
Contact email: info@rootconsultancy.co.uk

If you are engaging us on behalf of an organisation, your organisation may also be a controller for data you provide to us.

What data we collect

• Contact details such as your name, email address, telephone number, job title and organisation.
• Enquiry information you submit via forms or email (e.g., your requirements, estate context, and objectives).
• Website usage data (basic technical information such as IP address, device/browser information, and pages visited) if analytics/cookies are enabled.

We do not intentionally collect special category data (e.g., health) via this website. Please avoid submitting sensitive personal data through the web form.

How we use your data (purposes)

• To respond to enquiries and communicate with you.
• To arrange and deliver services, including readiness reviews, bespoke programmes and exercises.
• To administer our business relationship (e.g., proposals, contracts, invoicing).
• To improve our website and understand how it is used (only where analytics/cookies are enabled and permitted).

Lawful bases for processing

Under UK GDPR, we rely on one or more of the following lawful bases:

• Legitimate interests (e.g., responding to business enquiries and developing our services), where those interests are not overridden by your rights.
• Contract (where processing is necessary to perform a contract with you or take steps at your request before entering into a contract).
• Legal obligation (e.g., tax and accounting requirements).
• Consent (e.g., non-essential cookies/analytics, where applicable).

Sharing your data

We may share personal data with trusted suppliers where necessary, for example:

• Website hosting and IT providers.
• Email and communications providers.
• Professional advisers (e.g., accountants, insurers, legal advisers) where required.
• Specialist associates engaged to support delivery, where relevant to your engagement.

We only share data where there is a lawful basis and, where applicable, appropriate contractual safeguards are in place.

International transfers

Where we transfer personal data outside the UK (for example, because a supplier’s systems are hosted overseas), we will ensure appropriate safeguards are used, such as UK-approved contractual clauses or equivalent protections.

How long we keep your data

We keep personal data only for as long as necessary for the purposes set out in this policy, including to meet legal, accounting, or reporting requirements. Retention periods depend on the nature of the relationship and the services provided.

Your rights

You have rights under UK GDPR, including:

• Access to your personal data.
• Correction of inaccurate or incomplete data.
• Erasure (in certain circumstances).
• Restriction or objection to processing (in certain circumstances).
• Data portability (in certain circumstances).
• Withdrawal of consent (where processing is based on consent).

To exercise your rights, contact us at info@rootconsultancy.co.uk.

Cookies and analytics

If we use cookies or analytics, we will provide a clear notice and (where required) ask for your consent before setting non-essential cookies. You can also control cookies through your browser settings.

If you later add tools such as Google Analytics, a cookie banner and cookie details should be added to remain aligned with UK GDPR and PECR.

Complaints

If you have concerns, please contact us first so we can try to resolve them. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

Changes to this policy

We may update this policy from time to time. The latest version will be published on this page.

Last updated: 7 January 2026