1. Introduction
Green Hat Consulting Ltd (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, store, and protect your personal data when you visit our website or contact us.
This notice is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Our Contact Details
Data Controller: Green Hat Consulting Ltd
Company number: 08453505
Registered address: First Floor, Schooner House, Quay West, Quay Parade, Swansea, Wales, SA1 1SR
Website: https://www.greenhat-consulting.co.uk
ICO registration number: ZB216994
Data Protection contact: Andrew Warring, email at hr@greenhat-consulting.co.uk.
3. The Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity data: full name
- Contact data: email address, telephone number, postal address
- Profile data: job title, organisation, professional headshot, LinkedIn profile (Green Hat employees only)
- Technical data: IP address, browser type and version, operating system and platform, collected through cookies and similar technologies in accordance with your cookie preferences. For more information about how we use cookies and similar technologies, please see our Cookie Policy (https://www.greenhat-consulting.co.uk/cookie-policy/), which forms part of this Privacy Notice
4. How We Collect Your Personal Data
We collect personal data when you:
- Complete the Contact Us form on our website.
- Book an appointment with one of our specialists.
- Email or telephone us directly.
- Engage with us in a professional or business context
- Browse our website (technical and cookie data)
5. How We Use Your Personal Data and Our Lawful Bases
Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
Purpose for Processing
Lawful Basis
Responding to enquiries
Providing consultancy services
Managing client relationships
Marketing our services (B2B only)
Website analytics (non-essential cookies)
Website security and performance
Compliance with legal obligations
Legitimate interests
Performance of a contract
Legitimate interests
Legitimate interests
Consent
Legitimate interests
Legal obligation
Where consent is required (for example, non-essential cookies), we will obtain this separately.
6. Consequences of Not Providing Personal Data
If you do not provide personal data when required to respond to an enquiry or perform a contract, we may be unable to provide our services or respond fully.
7. Personal Data from Third Parties
We may receive limited personal data from third-party sources, such as:
- Referrals from existing clients or contacts
This data is only used for legitimate business purposes and in line with this Privacy Notice.
8. Who We Share Your Personal Data With
We may share personal data with trusted third parties where necessary, including:
Recipient
IT and cloud service providers
Professional advisers
Website analytics providers
Purpose
Website hosting and email
Legal, accounting, compliance
Website performance and security
Location
UK
UK
EEA
We only share data where necessary and ensure appropriate contractual safeguards are in place.
If we sell, transfer, or merge part of our business, personal data may be transferred to the new owner under the same protections.
9. International Transfer
Some of our service providers may process data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, to protect your personal data.
10. How We Store and Protect Your Personal Data
We take appropriate technical and organisational measures to protect your personal data, including:
- Restricted access on a need-to-know basis.
- Secure IT systems and password protection.
- Encryption of personal data in transit and at rest.
- Staff confidentiality obligations and training.
- Procedures for detecting, reporting, and managing data breaches
11. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected.
Type of Data
Enquiry data
Client data
Marketing contacts
Technical data
Retention Period
Up to 3 years
Duration of contracy +12 years
Until objection or withdrawl
As per cookie policy
Data is securely deleted in accordance with our Retention and Data Disposal Policy.
12. Your Data Protection Rights
Under UK data protection law, you have the right to:
- Access your personal data
- Request rectification of inaccurate data
- Request erasure (in certain circumstances)
- Restrict processing
- Object to processing
- Withdraw consent (where applicable)
- Data portability
You do not need to pay a fee to exercise your rights. We will respond within one month.
13. How to Complain
If you have concerns or complaints about our use of your personal data, please contact us at: hr@greenhat-consulting.co.uk.
You also have the right to complain to the Information Commissioner’s Office (ICO):
ICO address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Tel: 0303 123 1113
Web: https://www.ico.org.uk
14. Changes to This Privacy Notice
We keep this Privacy Notice under regular review and may update it from time to time.
Last reviewed: 24/02/2026
