This Privacy Policy explains how Data Monarque Ltd collects, uses, stores, and protects personal data. We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this policy carefully. By using our website or engaging our services, you confirm that you have read and understood its contents.
1. Who We Are
| Data Controller | Data Monarque Ltd |
|---|---|
| Address | 19 Dingle Road, Birkenhead, CH42 0JW |
| info@datamonarque.co.uk | |
| Website | www.datamonarque.co.uk |
| ICO Registration | Compliant |
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
2.1 Data you provide directly
- Full name and job title
- Organisation name and type (e.g. charity registration number)
- Email address and telephone number
- Postal address
- Information included in enquiry forms, emails, or discovery call notes
- Payment information (processed securely via third-party providers — we do not store card data)
2.2 Data collected automatically
- IP address and browser type
- Pages visited, time on page, and referral source (via cookies — see our Cookie Policy)
- Device type and operating system
2.3 Data from third parties
- Referral details from partners or professional networks
- Publicly available information about organisations (e.g. Companies House, Charity Commission)
3. How We Use Your Personal Data
We use personal data only for the purposes for which it was collected or for compatible purposes. Our lawful bases under UK GDPR are:
| Purpose | Lawful Basis |
|---|---|
| Responding to enquiries and booking discovery calls | Legitimate interests / Contract |
| Delivering contracted data consultancy services | Performance of a contract |
| Sending service-related communications | Performance of a contract |
| Sending marketing emails and newsletters (with consent) | Consent |
| Improving our website and understanding user behaviour | Legitimate interests |
| Complying with legal and regulatory obligations | Legal obligation |
| Invoicing and financial record-keeping | Legal obligation / Contract |
4. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law. Our standard retention periods are:
- Client engagement records: 7 years from end of contract (Companies Act / HMRC requirement)
- Enquiry and contact form data (where no contract is entered): 2 years
- Marketing opt-in records: Until consent is withdrawn + 1 year
- Website analytics data: 26 months (rolling)
- Data Processing Agreements: Duration of contract + 6 years
All data is securely deleted or anonymised at the end of its retention period.
5. Who We Share Your Data With
We do not sell, rent, or trade personal data. We may share data with:
- IT service providers (e.g. email, CRM, cloud storage) acting as data processors under signed Data Processing Agreements
- Our accountants and legal advisers, where necessary for legal or financial compliance
- Regulatory authorities (e.g. the ICO, HMRC) where legally required
- Successors to our business, in the event of a merger or acquisition, with appropriate safeguards in place
All third-party processors are selected carefully and contractually bound to process data only on our documented instructions.
6. International Data Transfers
We process all personal data within the UK or the European Economic Area (EEA). If any data is transferred outside these areas, we ensure appropriate safeguards are in place, such as UK Adequacy Regulations or Standard Contractual Clauses.
7. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
- Right of access — to request a copy of the data we hold about you
- Right to rectification — to request correction of inaccurate or incomplete data
- Right to erasure (‘right to be forgotten’) — to request deletion of your data in certain circumstances
- Right to restrict processing — to request that we limit how we use your data
- Right to data portability — to receive your data in a structured, machine-readable format
- Right to object — to object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making — we do not currently use automated decision-making or profiling
To exercise any of these rights, please contact us at info@datamonarque.co.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.
8. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:
- Encrypted data transmission (TLS/HTTPS)
- Access controls and role-based permissions on all systems
- Regular security reviews and staff awareness
- Signed Data Processing Agreements with all third-party processors
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.
9. Children’s Data
Our services are not directed at children under the age of 18. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website with an updated effective date. Where changes are material, we will notify active clients by email.
11. Contact Us
For any questions about this Privacy Policy or how we handle your data: