Privacy Policy
This policy explains how we collect, use and protect personal data when you use this website or contact us. It is written for UK data-protection law (UK GDPR and the Data Protection Act 2018).
Template — requires review. This content is a starting template and must be reviewed and approved by a qualified UK legal adviser, with all company placeholders completed, before the site goes live.
1. Who we are (data controller)
The data controller is LDK Consulting LTD, registered in [REPLACE BEFORE LAUNCH: ENGLAND AND WALES / SCOTLAND / NORTHERN IRELAND].
For any privacy matter, contact us at [REPLACE BEFORE LAUNCH: PRIVACY EMAIL].
2. The personal data we collect
We keep data collection to a minimum. Depending on how you use the site, we may process:
- Enquiry data — the name, work email, company, optional website and phone number, services of interest, budget range, preferred start and the message you submit through our enquiry form.
- Booking information — if you choose to book a call, the scheduling details you provide through our booking provider (Cal.com).
- Technical & security information — limited data such as IP address and request metadata, used to keep the site secure and prevent abuse (e.g. rate limiting and spam prevention).
- Cookie & consent information — your cookie preferences, the consent version and a timestamp. See our Cookie Policy.
We do not intentionally collect special category data. Please do not include sensitive personal information in your enquiry message.
3. Why we process your data and our lawful bases
- To respond to your enquiry and provide services — lawful basis: performance of a contract or taking steps at your request before entering a contract (contractual necessity).
- To run and secure the website — lawful basis: legitimate interests in operating a safe, functional site and preventing abuse.
- Optional marketing updates — lawful basis: consent, which you give by ticking the optional marketing box. You can withdraw it at any time.
- Optional analytics and functional storage — lawful basis: consent, managed through our cookie banner.
- Meeting legal obligations — lawful basis: legal obligation, e.g. keeping necessary business records.
4. Who we share data with (recipients & processors)
We do not sell your data. We share it only with service providers who process it on our behalf under appropriate agreements:
- Vercel Inc. — Website hosting and content delivery. Location: USA / global edge network.
- Resend (Plus Five Five, Inc.) — Transactional email delivery for enquiry and acknowledgement emails. Location: USA.
- Cal.com, Inc. — Discovery-call scheduling (loaded only on request). Location: USA.
- [REPLACE BEFORE LAUNCH: rate-limit / KV provider, if enabled] — Abuse prevention (request rate limiting). Location: [REPLACE BEFORE LAUNCH].
5. International data transfers
Some providers listed above operate outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision, as applicable to each provider.
6. How long we keep data (retention)
- Enquiry correspondence: [REPLACE BEFORE LAUNCH: e.g. 24 months from last contact, unless a contract is formed]
- Client contract records: [REPLACE BEFORE LAUNCH: e.g. 6 years after the end of the engagement for legal/tax purposes]
- Booking records (via Cal.com): [REPLACE BEFORE LAUNCH: retention held by Cal.com / your calendar]
- Server & security logs: [REPLACE BEFORE LAUNCH: e.g. up to 30 days]
7. Your rights
Under UK data-protection law you have the right to:
- access a copy of your personal data;
- have inaccurate data corrected;
- have your data erased in certain circumstances;
- restrict or object to processing in certain circumstances;
- data portability where applicable;
- withdraw consent at any time (this does not affect processing carried out before withdrawal);
- object to direct marketing at any time; and
- complain to the Information Commissioner's Office (ICO).
To exercise any of these rights, contact [REPLACE BEFORE LAUNCH: PRIVACY EMAIL].
8. Making a data-protection complaint
If you have a privacy or data-protection concern, we will:
- provide a clear complaint channel at [REPLACE BEFORE LAUNCH: PRIVACY EMAIL];
- acknowledge your complaint within 30 days;
- investigate it appropriately and keep you informed;
- communicate the outcome to you; and
- explain your right to contact the ICO (ico.org.uk) if you remain dissatisfied.
9. Automated decision-making
We do not carry out automated decision-making that produces legal or similarly significant effects about you.
10. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the "last updated" date above, and where appropriate we will re-request consent.