Skip to content
Close
SEARCH
CONTACT US
CONTACT US
WHAT WE DO
Net Zero
Helping organisations develop and drive progress towards net zero goals.
Nature
Helping organisations to protect and enhance natural ecosystems.
Products & Projects
Helping organisations assess the impact of their products and projects on the environment.
Water
Helping organisations to safeguard water resources for people and the planet. 
Climate Risk & Resilience
Helping organisations to identify, assess and manage climate-related risks.
OUR EXPERTISE
Consulting

Helping you to achieve compliance, reduce emissions and build long-term business value. 
Assessing

Measurement of your environmental impacts across carbon, water, and nature.
Complying

Ensuring you stay ahead of emerging regulations like SECR, CBAM, ISO 14068, PPN 006 and CSRD.
Marketing

Ensuring your marketing is green claim compliant to protect your brand from potential greenwashing.
Training

Equip your teams with the knowledge to lead on sustainability in carbon, nature and water.

Sustainability Solutions
Flexible Sustainability Packages

Tailored packages to suit your organisation's goals.

Sectors
Sustainability Knowledge
Insights
99 Facts of Climate, Science & Society
The Sustainability Leader's Playbook 101
Sustainability Glossary
Sustainability Webinars
Free Sustainability Guides
Media
Publications
Whitepapers
Sustainability Newsletter
Sign up for the latest news, industry updates, webinar announcements, white paper launches, and much more.
JOIN THE SUSTAINABILITY NEWSLETTER
Who Are We
About Us
Our Partnerships
Regulations & Methodologies
Our Sustainability
Awards & Recognitions
Community & Impact
Impact Network
Client Research Piece
Clients & Testimonials

TUNLEY ENVIRONMENTAL LTD PRIVACY POLICY

This privacy notice tells you what to expect us to do with your personal information. 

This privacy notice was last updated on: 29/04/2026

This privacy notice is due to be updated on: 29/04/2027

Postal Address: 9 High Ash Crescent, LEEDS, West Yorkshire, LS17 8RP, GB

Telephone: UK: +44(0)1924 692099 | US: +1 (646) 893-1101

Email: info@tunley-environmental.com

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

  • Names and contact details

  • Addresses

  • Gender

  • Pronoun preferences

  • Occupation

  • Date of birth

  • Marital status

  • Third party information (such as family members or other relevant parties)

  • Payment details (including card or bank information for transfers and direct debits)

  • Financial data (including income and expenditure)

  • Transaction data (including details about payments to and from you and details of products and services you have purchased)

  • Usage data (including information about how you interact with and use our website, products and services)

  • Employment details (including salary, sick pay and length of service)

  • Health information (such as medical records or health conditions)

  • Criminal records data (including driving or other convictions)

  • Information relating to compliments or complaints

  • Video recordings

  • Audio recordings (eg calls)

  • Records of meetings and decisions

  • Account access information

  • Website user information

We collect or use the following personal information for the operation of client or customer accounts:

  • Names and contact details

  • Addresses

  • Purchase or service history

  • Account information, including registration details

  • Information used for security purposes

  • Marketing preferences

  • Technical data, including information about browser and operating systems

We collect or use the following personal information for information updates or marketing purposes:

  • Names and contact details

  • Addresses

  • Profile information

  • Marketing preferences

  • Purchase or account history

  • Website and app user journey information

  • IP addresses

We collect or use the following personal information for research or archiving purposes:

  • Names and contact details

  • Addresses

  • Purchase or client account history

  • Website and app user journey information

  • IP addresses

We collect or use the following personal information to comply with legal requirements:

  • Name

  • Contact information

  • Identification documents

  • Client account information

  • Health and safety information

  • Any other personal information required to comply with legal obligations

  • Safeguarding information

  • Criminal offence data 

We also collect or use the following special category information to comply with legal requirements. This information is subject to additional protection due to its sensitive nature:

  • Racial or ethnic origin

  • Religious or philosophical beliefs

  • Health information

  • Sexual orientation information 

We collect or use the following personal information to protect client welfare:

  • Names and contact information

  • Client account information

  • Health and wellbeing information

  • Emergency contact details

We collect or use the following personal information for recruitment purposes:

  • Contact details (eg name, address, telephone number or personal email address)

  • Date of birth

  • National Insurance number

  • Copies of passports or other photo ID

  • Employment history (eg job application, employment references or secondary employment)

  • Education history (eg qualifications)

  • Right to work information

  • Details of any criminal convictions (eg Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks )

  • Security clearance details (eg basic checks and higher security clearance)

We also collect or use the following special category information for recruitment purposes. This information is subject to additional protection due to its sensitive nature:

  • Racial or ethnic origin

  • Religious or philosophical beliefs

  • Health information

  • Sexual orientation information 

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details

  • Addresses

  • Payment details

  • Account information

  • Purchase or service history

  • Video recordings of public areas

  • Audio recordings of public areas

  • Call recordings

  • Photographs

  • Customer or client accounts and records

  • Financial transaction information

  • Information relating to health and safety (including incident investigation details and reports and accident book records)

  • Correspondence

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:


If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

  • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
  • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

  • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
  • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

  • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for research or archiving purposes:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

  • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information to comply with legal requirements:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

  • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information to protect client welfare are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

  • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for recruitment purposes are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

  • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
  • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

  • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
  • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

What are your privacy rights?

In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA, UK, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in tab 1 of this table of contents. 

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section ‘HOW CAN YOU CONTACT US ABOUT THIS NOTICE?’ below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, Emailing us at info@tunley-environmental.com and requesting to opt out of marketing communications, or by contacting us using the details provided in tab 1 of this table of contents. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. You may also opt out of interest-based advertising by advertisers on our Services. For further information, please see our Cookie Notice: Cookie Policy.

If you have questions or comments about your privacy rights, you may email us at info@tunley-environmental.com.

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

Do California Residents have specific privacy rights?

In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the ‘Shine The Light’ law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).

CCPA Privacy Notice

The California Code of Regulations defines a ‘resident’ as:

(1) every individual who is in the State of California for other than a temporary or transitory purpose and

(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as ‘non-residents’.

If this definition of ‘resident’ applies to you, we must adhere to certain rights and obligations regarding your personal information.

Do Virginia Residents have specific privacy rights?

In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.

Virginia CDPA Privacy Notice

Under the Virginia Consumer Data Protection Act (CDPA):

‘Consumer’ means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

‘Personal data’ means any information that is linked or reasonably linkable to an identified or identifiable natural person. ‘Personal data’ does not include de-identified data or publicly available information.

‘Sale of personal data’ means the exchange of personal data for monetary consideration.

If this definition ‘consumer’ applies to you, we must adhere to certain rights and obligations regarding your personal data.

The information we collect, use, and disclose about you will vary depending on how you interact with Tunley Environmental and our Services. To find out more, please visit the following sections:

  • Personal data we collect
  • How we use your personal data
  • When and with whom we share your personal data

Your rights with respect to your personal data

  • Right to be informed whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (‘profiling’)

Tunley Environmental has not sold any personal data to third parties for business or commercial purposes. Tunley Environmental will not sell personal data in the future belonging to website visitors, users, and other consumers.

Exercise your rights provided under the Virginia CDPA

More information about our data collection and sharing practices can be found in this privacy notice and our Cookie Notice.

You may contact us by email at info@tunley-environmental.com or by referring to the contact details at the bottom of this document.

If you are using an authorised agent to exercise your rights, we may deny a request if the authorised agent does not submit proof that they have been validly authorised to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer’s request. If you submit the request through an authorised agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at info@tunley-environmental.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal if denied, you may contact the Attorney General to submit a complaint.

Where we get personal information from

  • Directly from you
  • Regulatory authorities
  • Legal bodies or professionals (such as courts or solicitors)
  • Publicly available sources
  • Previous employment
  • Market research organisations
  • Providers of marketing lists and other personal information
  • Suppliers and service providers

How long we keep information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, accounting, or reporting requirements. Retention periods are determined based on the nature of the data, the purpose of processing, and applicable legal obligations.

The list below outlines our typical retention periods:

Retention Schedule

  • Client data (including contact details, project information, and correspondence)
     Retained for 6 years after the end of the client relationship
     Justification: Contractual obligations and legal limitation periods
  • Prospective client and marketing data (e.g. enquiry forms, newsletter subscribers)
     Retained until consent is withdrawn or after 2–3 years of inactivity
     Justification: Consent-based marketing and legitimate business interest
  • Supplier and partner data
     Retained for 6 years after the end of the relationship
     Justification: Contractual and financial record-keeping requirements
  • Financial records (e.g. invoices, payment records)
     Retained for 6 years
     Justification: Compliance with HMRC requirements
  • Employee records
     Retained for 6 years after employment ends
     Justification: Employment law and legal claims
  • Recruitment data (unsuccessful candidates)
     Retained for 6–12 months after the recruitment process ends
     Justification: Potential future opportunities and legal defence
  • Website usage data (analytics, cookies)
     Retained in line with cookie policy and consent preferences (typically up to 2 years)
     Justification: Website performance monitoring and user experience improvement
  • Health and safety records
     Retained for 3–40 years depending on the nature of the record
     Justification: Legal and regulatory requirements

Deletion and Review

We regularly review the personal data we hold and securely delete or anonymise it when it is no longer required. In some circumstances, we may retain personal data for longer periods where required to comply with legal obligations or to establish, exercise, or defend legal claims.

Who we share information with

Data processors

HubSpot, Inc. (CRM and marketing automation provider, USA)

This data processor does the following activities for us: HubSpot is our CRM system used to hold information about clients, prospects, deals and marketing data. Cloud-based CRM and marketing automation providers (SaaS sector, primarily UK and USA)

Microsoft Ireland Operations Ltd (cloud storage and email services, EU)

This data processor does the following activities for us: IT support and managed service providers (technology services sector, UK-based)

Xero (payroll and invoice services, NZ)

This data processor does the following activities for us: Invoicing and payroll services (financial technology services sector, NZ-based)

Others we share personal information with

  • Insurance companies, brokers or other intermediaries
  • Professional or legal advisors
  • Emergency services
  • Regulatory authorities
  • External auditors
  • Organisations we’re legally obliged to share personal information with
  • Publicly on our website, social media or other marketing and information media
  • Previous employers
  • Suppliers and service providers
  • Professional consultants

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: HubSpot, Inc.

Category of recipient: CRM and marketing automation provider (SaaS)

Country the personal information is sent to: United States

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

Organisation name: Microsoft Corporation

Category of recipient: Cloud storage and email services provider

Country the personal information is sent to: United States \/ EU

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

Organisation name: Google LLC

Category of recipient: Cloud hosting and collaboration tools provider

Country the personal information is sent to: United States

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

Where necessary, our data processors will share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: HubSpot, Inc.

Category of recipient: CRM and marketing automation provider (SaaS)

Country the personal information is sent to: United States

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

Organisation name: Microsoft Corporation

Category of recipient: Cloud storage and email services provider

Country the personal information is sent to: United States \/ EU

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

Organisation name: Google LLC

Category of recipient: Cloud hosting and collaboration tools provider

Country the personal information is sent to: United States

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

Do we use cookies and other tracking technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
 Wycliffe House
 Water Lane
 Wilmslow
 Cheshire
 SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint