Last updated: 25 August 2025
 

1. Who We Are

This Privacy Policy explains how Kathryn Ryder, trading as IEI Consultancy (“we”, “our”, “us”) collects, uses, and protects your personal information. We act as the Data Controller under the UK General Data Protection Regulation (UK GDPR).

Our contact details are:
Email: contact@ieiconsultancy.com

2. Information We Collect

We may collect and process the following personal data:
- Contact details: name, email address, phone number, job title, school or organisation.
- Service information: details you provide when enquiring about or booking consultancy services.
- Website use: cookies and analytics data (see our Cookie Notice).
- Testimonials: if you provide feedback or a testimonial, with your consent.

3. How We Use Your Information

We process your personal data for the following purposes:
- To respond to enquiries and provide consultancy services.
- To manage contracts and invoices.
- To keep in touch regarding booked services, updates, or resources.
- To improve our website and services.
- To comply with legal or regulatory obligations.

We do not sell or share your data with third parties for marketing.

4. Legal Bases for Processing

We rely on the following lawful bases under UK GDPR:
- Contract: where processing is necessary to deliver our services.
- Consent: for optional uses such as testimonials.
- Legitimate Interests: to maintain business records and improve services.
- Legal Obligation: where required by law.

5. Data Sharing

We may share your personal data with:
- Service providers (e.g., Wix for website hosting, Google Workspace for email and storage).
- Professional advisors (e.g., accountant, legal advisor).
- Regulatory authorities if legally required.

6. Data Storage and Retention

- Personal data is stored securely using password-protected systems.
- Certain client data may also be stored offline on encrypted devices, kept in locked storage, and disconnected from the internet when not in use. This provides additional protection against cyberattacks and data breaches.
- We keep client data only for as long as necessary to fulfil the purposes collected, usually up to 6 years (for legal/tax reasons).
- After this, data is securely deleted or anonymised.

7. Your Rights

Under UK GDPR you have the right to:
- Access your data and request a copy.
- Request correction of inaccurate data.
- Request deletion of your data (where legally possible).
- Object to processing based on legitimate interests.
- Restrict processing in certain circumstances.
- Withdraw consent (where processing is based on consent).

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.

8. Security

We take appropriate technical and organisational measures to protect personal data from loss, misuse, or unauthorised access.

9. Updates to This Policy

This policy may be updated from time to time. The most recent version will always be available on our website.