Privacy Policy

BACKGROUND:

KEY BUSINESS CONSULTANTS LLP (“We”, “Us”, “Our”) understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, https://www.keybusinessconsultants.co.uk/ (“Our Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with Our obligations and your rights under the law.

Please read this “Privacy Policy” carefully and ensure that you understand it. By using Our Site, you acknowledge that you have read and understood this Privacy Policy.

1. Information About Us

Our Site is owned and operated by KEY BUSINESS CONSULTANTS LLP, a limited liability partnership registered in England and Wales under company number OC389322, with its Registered and Main Trading Address at 13 Whitchurch Lane, Edgware, Greater London, HA8 6JZ, and VAT number GB126248325.

We are the data controller responsible for your personal data for the purposes of applicable Data Protection Legislation.

We are regulated by the ICAEW. As a regulated firm, We are subject to professional and legal obligations which may require Us to collect, retain, and process certain personal data.

For further information about how to contact Us, including in relation to data protection matters, please see section 13.

2. What Does This Policy Cover?

This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites. Such third parties will have their own privacy policies, and We recommend that you review them before providing any personal data.

This Privacy Policy applies only to personal data collected through Our Site and does not apply to personal data collected through other means, including where you engage Us directly as a client.

3. What Is Personal Data?

Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

4. What Are My Rights?

Under the Data Protection Legislation, you have the following rights, which We will always work to uphold:

1. 1. 1. 1. The right to be informed about Our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact Us to find out more or to ask any questions using the details in section 13.

         2. The right to access the personal data We hold about you. section 12 will tell you how to do this.

         3. The right to have your personal data rectified if any of your personal data held by Us is inaccurate or incomplete. Please contact Us using the details in section 13 to find out more.

         4. The right to erasure (also known as the “right to be forgotten”), i.e. the right to ask Us to delete or otherwise dispose of any of your personal data that We hold, subject to certain legal limitations. Please contact Us using the details in section 13 to find out more.

Please note that We may be unable to comply with a request for erasure where We are required to retain personal data to comply with legal or regulatory obligations.

1. 1. 1. 5. The right to restrict (i.e. prevent) the processing of your personal data.

         6. The right to object to Us using your personal data for a particular purpose or purposes.

         7. The right to withdraw consent. This means that, if We are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.

         8. The right to data portability. This means that, if you have provided personal data to Us directly, We are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask Us for a copy of that personal data to re-use with another service or business in many cases.

         9. Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about Our use of your personal data or exercising your rights as outlined above, please contact Us using the details provided in section 13.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data We hold about you changes, please keep Us informed as long as We have that data.

Further information about your rights can also be obtained from the Information Commissioner’s Office.

If you have any cause for complaint about Our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would, however, welcome the opportunity to resolve your concerns ourselves before you contact the Information Commissioner’s Office, so please contact Us first, using the details in section 13.

5. What Data Do You Collect and How?

Depending upon your use of Our Site, We may collect and hold some or all of the personal and non-personal data set out in the table below, using the methods also set out in the table. For information about Our use of cookies and similar technologies, please refer to Our Cookie Policy.

We do not intentionally collect any special category personal data via Our Site, and We do not knowingly collect personal data relating to children via Our Site. However, depending on the nature of any enquiry or engagement, We may process certain categories of personal data, including financial information, in the course of providing Our services. We do not collect personal data directly through automated decision-making or profiling.

Data Collected	How We Collect the Data
Identity Information including name and title.	Contact Information including email address and telephone number. Collected via contact forms, email enquiries, and newsletter sign-up forms.
Contact Information including email address and telephone number.	Collected via contact forms, email enquiries, and newsletter sign-up forms.
Business Information including business name, job title, and professional details.	Collected via contact forms, email enquiries, and direct communications.
Payment Information including billing details where provided.	Collected where relevant through direct engagement or communication.
Technical Information including IP address, browser type and version, and operating system.	Collected automatically through use of Our Site.
Data from Third Parties including contact and business information where authorised by you.	Collected from third-party service providers or software platforms where you have authorised access.

6. How Do You Use My Personal Data?

Under the Data Protection Legislation, We must always have a lawful basis for using personal data. The following table describes how We will or may use your personal data, and Our lawful bases for doing so:

What We Do	What Data We Use	Our Lawful Basis
Responding to enquiries submitted via Our Site	Identity Information, Contact Information, Business Information	Legitimate interests (to respond to enquiries and communicate with prospective clients)
Communicating with you	Identity Information, Contact Information, Business Information	Legitimate interests (to manage communications and respond to enquiries)
Administering and improving Our Site	Technical Information	Legitimate interests (to operate, maintain, and improve Our Site)
Providing services where you engage Us following an enquiry	Identity Information, Contact Information, Business Information, Financial Information (where applicable)	Performance of a contract and/or steps taken at your request prior to entering into a contract
Managing payments and billing	Identity Information, Contact Information, Payment Information	Performance of a contract and/or legal obligation (e.g. accounting and tax requirements)
Complying with legal and regulatory obligations	Identity Information, Contact Information, Business Information, Financial Information	Legal obligation (including compliance with applicable laws and professional regulatory requirements)
Sending marketing communications (where applicable)	Identity Information, Contact Information	Consent and/or legitimate interests (where permitted under applicable law)

Marketing

With your permission and/or where permitted by law, We may use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on Our services. You will not be sent any unlawful marketing or spam. You may opt out of receiving marketing communications at any time by using the unsubscribe link in Our emails or by contacting Us directly.

We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes.

Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling.

Purpose Limitation

We will only use your personal data for the purpose(s) for which it was originally collected unless We reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If We do use your personal data in this way and you wish Us to explain how the new purpose is compatible with the original, please contact Us using the details in section 13.

If We need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, We will inform you and explain the legal basis which allows Us to do so.

In some circumstances, where permitted or required by law, We may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

7. How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.

However, We may retain personal data for longer periods where required in order to comply with legal, regulatory, or professional obligations, including record-keeping requirements applicable to Our business. We may also retain certain personal data for longer where necessary for the establishment, exercise, or defence of legal claims.

Your personal data will therefore be kept for the following periods:

Type of Data	How Long We Keep It
Identity Information (including name and title)	Retained for as long as necessary to respond to enquiries and, where applicable, for the duration of any client relationship and for a period of up to 6 years thereafter in line with legal, tax, and regulatory requirements.
Contact Information (including email address and telephone number)	Retained for as long as necessary to respond to enquiries and manage communications, and where applicable, for the duration of any client relationship and for a period of up to 6 years thereafter.
Business Information (including business name, job title, and professional details)	Retained for as long as necessary for business administration, client management, and compliance purposes, and where applicable, for a period of up to 6 years following the end of a client relationship.
Payment Information (including billing details)	Retained for as long as necessary to process payments and comply with legal and accounting obligations, typically for a period of up to 6 years.
Technical Information (including IP address, browser type and version, and operating system)	Retained for as long as necessary to operate and improve Our Site, typically for a short period unless required for security or legal purposes.
Enquiry Data (where you do not become a client)	Retained only for as long as necessary to assess and respond to your enquiry and where We reasonably believe there is a legitimate business interest in doing so.

8. How and Where Do You Store or Transfer My Personal Data?

We primarily store your personal data within the United Kingdom and the European Economic Area (EEA).

However, in certain circumstances, your personal data may be accessed or processed outside of the UK or EEA, including by Our employees, contractors, or service providers operating internationally.

Where personal data is transferred outside of the UK or EEA, We ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable Data Protection Legislation. These safeguards may include:

• entering into data transfer agreements incorporating standard contractual clauses and/or the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU standard contractual clauses;

• ensuring that the recipient is located in a country recognised as providing an adequate level of protection; or

• implementing other legally recognised safeguards as required.

Please contact Us using the details in section 13 for further information about the safeguards We apply to international transfers.

Security of Your Personal Data

The security of your personal data is essential to Us, and to protect your data, We take a number of important measures, including the following:

• restricting access to personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to confidentiality obligations;

• using secure systems and access controls, including multi-factor authentication;

• monitoring and maintaining IT systems to protect against unauthorised access and security threats;

• procedures for dealing with data breaches, including notifying you and/or the Information Commissioner’s Office where required;

• use of security software and IT monitoring systems to safeguard Our systems and data.

9. Do You Share My Personal Data?

We may share your personal data with third parties where necessary in connection with the operation of Our Site, the provision of Our services, or to comply with legal and regulatory obligations.

We may share your personal data with the following categories of recipients:

Recipient	Activity Carried Out	Sector	Location
IT and systems providers (including email, cloud storage, and software providers)	Provision of IT infrastructure, email services, data storage, and business systems	Information technology services	UK and/or EEA (and in some cases outside the UK/EEA, subject to appropriate safeguards)
Accounting and business software providers (e.g. Xero, Iris, VT Accounts and similar platforms)	Provision of accounting, financial management, and business administration systems	Accounting and financial software services	UK and/or EEA (and in some cases outside the UK/EEA, subject to appropriate safeguards)
Payment service providers and financial institutions (e.g. banks and payment processors)	Processing of payments and financial transactions	Financial services	UK and/or EEA
Professional advisers and service providers	Provision of legal, regulatory, or professional support services	Professional services	UK and/or EEA
Regulatory authorities and government bodies	Regulatory authorities and government bodies	Public sector / regulatory bodies	UK

Where We share your personal data with third parties, We take steps to ensure that your personal data is handled safely, securely, and in accordance with Data Protection Legislation. This includes ensuring that appropriate contractual and organisational safeguards are in place. Third parties will act either as data processors acting on Our instructions or as independent data controllers, depending on the nature of the relationship.

Business Transfers

If We sell, transfer, or merge parts of Our business or assets, your personal data may be transferred to a third party. Any new owner may continue to use your personal data in the same way(s) that We have used it, as set out in this Privacy Policy.

Legal Requirements

In some limited circumstances, We may be legally required to share certain personal data, including where required to comply with legal obligations, court orders, or the instructions of regulatory or government authorities.

10. How Can I Control My Personal Data?

In addition to your rights under the Data Protection Legislation, set out in section 4, when you submit personal data via Our Site, you may be given options to restrict Our use of your personal data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes, including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails or by contacting Us directly using the details in section 13.

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service, the Corporate Telephone Preference Service, and the Mailing Preference Service. These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

11. Can I Withhold Information?

You may access certain areas of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

You may restrict Our use of Cookies. For more information, please refer to Our Cookie Policy.

12. How Can I Access My Personal Data?

If you want to know what personal data We have about you, you can ask Us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request” or “SAR”.

Subject access requests may be submitted in writing using the contact details provided in section 13. You are not required to use a specific form to make a request.

There is not normally any charge for a subject access request. However, if your request is manifestly unfounded or excessive (for example, if you make repetitive requests) We may charge a reasonable fee may or refuse to comply with the request in accordance with applicable law.

We will respond to your request without undue delay and in any event within one month of receipt. This period may be extended by up to a further two months where necessary, taking into account the complexity and number of requests. You will be informed of any such extension within one month of receipt of your request.

We aim to provide a complete response, including a copy of your personal data, within the applicable timeframe.

13. How Do I Contact You?

To contact Us about anything to do with your personal data and data protection, including to make a subject access request or exercise your rights, please use the following details (for the attention of Mr Gary Green):

Email address: contact@keybusinessconsultants.co.uk

Telephone number: 02037282848.

Postal Address: 13 Whitchurch Lane, Edgware, Greater London, HA8 6JZ.

14. Changes to this Privacy Policy

We may review and update this Privacy Policy from time to time to ensure continued compliance with the law and best practice. This may be necessary, for example, if the law changes, or if We change Our business in a way that affects personal data protection.

Any changes will be posted on Our Site and will take effect immediately upon publication. We recommend that you check this page regularly to keep up-to-date.

This Privacy Policy was last updated on 19 March 2026.