Northstone Consulting

Legal

Privacy Policy

Last updated: 19 May 2026

1. Who we are

Northstone Consulting ("we", "us", "our") is a UK-based PMO transformation consultancy. We are the data controller for the personal information described in this policy. You can reach us at hello@northstoneconsulting.co.uk.

2. What we collect

We only collect what we need to respond to you and deliver our services:

  • Contact details you submit via our forms or email (name, work email, company, role).
  • The contents of messages you send us.
  • Engagement information shared during discovery calls and assessments.
  • Basic technical data (IP address, browser, referrer) collected automatically by our hosting provider for security and performance.

3. How we use your data

We use personal data to:

  • Reply to enquiries and arrange discovery calls.
  • Deliver consulting engagements you have asked us to perform.
  • Send occasional updates about our services where you have opted in.
  • Meet our legal, accounting, and regulatory obligations.

Our lawful bases under UK GDPR are: consent, contract, and our legitimate interest in running a professional consultancy.

4. Sharing your data

We do not sell your data. We share it only with trusted processors who help us operate the business — for example, email, hosting, scheduling, and accounting providers — under appropriate contractual safeguards. Where data is transferred outside the UK, we rely on adequacy decisions or standard contractual clauses.

5. AI tools and confidentiality

Where we use AI services in delivery, we operate inside governed, enterprise-tier environments with content retention disabled by default. We never submit client confidential information to consumer AI tools, and we agree handling rules with you before any engagement begins.

6. How long we keep data

We retain enquiry data for up to 24 months, and engagement records for up to 7 years to meet UK accounting and professional obligations. We then delete or anonymise it.

7. Your rights

Under UK GDPR you can request access to, correction of, or deletion of your personal data. You may also object to processing, ask us to restrict it, or request portability. Email hello@northstoneconsulting.co.uk and we will respond within 30 days. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

8. Cookies

Our site uses only essential cookies by default, plus optional analytics and marketing cookies if you consent. We do not run advertising profiling trackers. For full details and to manage your choices, see our Cookie Policy.

9. Changes

We may update this policy from time to time. The "last updated" date at the top reflects the most recent revision.