top of page

PRIVACY NOTICE

Who We Are
​

Sarsearon Consulting processes your personal information in accordance with this privacy notice and in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and Data Use and Access Act 2025 (DUAA). This notice provides you with the necessary information regarding your rights, our obligations, and explains how, why, and when we process your personal data.

​

Sarsearon Consulting’s registered office is at 167–169 Great Portland Street, 5th Floor, London, W1W 5PF, and we are a company registered in England and Wales under company number 1221640. We act as a data processor. Our designated appointed person for the organisation is the Data Protection Officer, who can be contacted via email at info@sarsearonconsulting.com.


Information That We Collect
​

Sarsearon Consulting processes your personal information to meet our legal, statutory, and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way other than as specified in this notice.

​

The personal data that we may collect from you is:

  • Name

  • Date of Birth

  • Home Address

  • Personal Email

  • Home Telephone Number

  • Mobile Telephone Number

  • Special Category Data (i.e. health/medical information, details about religion, sexuality)

 

We collect information in the following ways:

  • Online form

  • Website orders

  • Staff contact information (for training purposes)

  • Employment CVs (for Sarsearon Consulting Ltd internal staff)


How We Use Your Personal Data
​

Sarsearon Consulting takes your privacy very seriously and will never disclose or share your personal information without your consent, unless required to do so by law. We only retain your data for as long as necessary and for the purposes specified in this notice. Where you have consented to receive promotional offers and marketing, you may withdraw this consent at any time.

​

Our reasons for processing your personal data include:

  • Contractual Obligations: To fulfil a contract or service and ensure delivery to your preferred address.

  • Legal Obligations: For business accounting, record-keeping, and compliance with UK laws, including the DUA Act.

  • Legitimate Interests: For internal administrative purposes, fraud prevention, and to improve services, where we have conducted a Legitimate Interests Assessment.

  • Consent: we use the information you provide with consent to share tailored insights, updates, and resources relevant to your personal and business needs


Your Rights
​

Under the DUA Act and UK GDPR, you have the right to access any personal data that Sarsearon Consulting processes about you and to request information regarding:

  • What personal data we hold

  • The purposes of processing

  • The categories of data concerned

  • The recipients of the data

  • How long we intend to store it

  • The source of the data, if not collected directly from you

You also have the right to:

  • Request correction or completion of inaccurate/incomplete data

  • Request erasure or restriction of processing (where applicable)

  • Object to direct marketing

  • Exercise data portability rights

  • Be informed of any automated decision-making (where used)

We may ask you to verify your identity before processing such requests, in order to protect your data.

​

Safeguarding Measures
​

We take reasonable steps and implement appropriate technical and organisational measures to secure your personal data against unauthorised access, alteration, disclosure, or destruction. This includes:

  • Password protection

  • Encryption

  • Restricted access

  • Firewalls

  • Anti-virus/malware tools

Transfers Outside the EU
​

In accordance with the UK GDPR & DUAA, where personal data is transferred outside of the UK (e.g. for website hosting), we ensure that suitable safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)

  • Encryption and password protection

  • Risk assessments for overseas processing will be undertaken

These measures ensure continued protection of your personal data when stored or accessed outside the UK.

​

Consequences of Not Providing Your Data

​

You are not obligated to provide your personal information to Sarsearon Consulting, however, as this information is required for us to provide you with our services, we will not be ab to offer some of our services without it.
 

Legitimate Interests


Some data may be processed under the legitimate interests of the Sarsearon Ltd. When we depend on this lawful basis for processing we endeavour to undertake a legitimate interest assessment to ensure our interests do not override your rights and freedoms.

​

How Long We Keep Your Data
​

We retain your personal data only for as long as necessary. For example:

  • Financial information: Retained for 6 years for tax and accounting purposes

  • Service-related documentation: Retained for up to 7 years per our retention policy

  • Marketing data: Kept for as long as necessary for the purpose it was collected or for 12months after consent is withdrawn consent


Special Categories Data
​

In limited cases, we may need to process sensitive data (such as health or religious information) to fulfil our obligations to you. We only do this when necessary, and we will always rely on a valid lawful basis, including your explicit consent when required. You can withdraw consent at any time, subject to any overriding legal requirements.

​

Lodging A Complaint
​

If you are unhappy with how we’ve handled your data or wish to raise a complaint, you have the right to contact the UK’s data protection supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: www.ico.org.uk

​

bottom of page