Privacy Notice 

This privacy notice tells you what to expect us to do with your personal information. 

• Contact details 

• What information we collect, use, and why 

• Lawful bases and data protection rights 

• Where we get personal information from 

• How long we keep information 

• Who we share information with 

• Sharing information outside the UK 

• How to complain 

Contact details 

Email 

hello@eliteprojectconsulting.co.uk 

 What information we collect, use, and why 

We collect or use the following information to provide and improve products and services for clients: 

• Names and contact details 

• Addresses 

• Occupation 

• Transaction data (including details about payments to and from you and details of products and services you have purchased) 

• Usage data (including information about how you interact with and use our website, products and services) 

• Video recordings 

• Audio recordings (eg calls) 

• Records of meetings and decisions 

• Account access information 

• Website user information 

We collect or use the following personal information for information updates or marketing purposes: 

• Names and contact details 

• Addresses 

• Profile information 

• Marketing preferences 

• Purchase or account history 

• Website and app user journey information 

We collect or use the following personal information to comply with legal requirements: 

• Name 

• Contact information 

• Any other personal information required to comply with legal obligations 

We collect or use the following personal information for recruitment purposes: 

• Contact details (eg name, address, telephone number or personal email address) 

• Date of birth 

• National Insurance number 

• Copies of passports or other photo ID 

• Employment history (eg job application, employment references or secondary employment) 

• Education history (eg qualifications) 

• Right to work information 

• Details of any criminal convictions (eg Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks ) 

 We collect or use the following personal information for dealing with queries, complaints or claims: 

• Names and contact details 

• Addresses 

• Payment details 

• Account information 

• Purchase or service history 

• Correspondence 

Lawful bases and data protection rights 

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website. 

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website: 

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access. 

• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification. 

• Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure. 

• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing. 

• Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing. 

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability. 

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent. 

If you make a request, we must respond to you without undue delay and in any event within one month. 

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice. 

Our lawful bases for the collection and use of your data 

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are: 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We collect and use personal information where it is necessary to provide, deliver, and improve our professional services for clients. This includes using relevant personal data to understand client needs, manage projects effectively, communicate efficiently, and tailor our advice or solutions to achieve the best outcomes. The benefit of processing this information is that it enables us to deliver high-quality, relevant, and timely services that create measurable value for our clients. These benefits outweigh any potential risks because we only process personal data that is necessary for service delivery, apply appropriate security and confidentiality safeguards, and do not use the information for purposes unrelated to the client engagement. We do not put our needs above those of the individuals whose information we process. We respect client privacy, ensure transparency about how their information is used, and maintain controls to protect personal data throughout the engagement. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Our lawful bases for collecting or using personal information for information updates or marketing purposes are: 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We collect and use personal information to share relevant updates, insights, and information about our services, events, or opportunities that may be of genuine interest to clients, prospective clients, and professional contacts. This enables individuals and organisations to stay informed, benefit from our expertise, and make better decisions. The benefit of this processing is that it supports professional relationships and ensures stakeholders receive timely and useful information. These benefits outweigh potential risks because we only use contact details for relevant communications, handle information securely, and provide clear, accessible options to unsubscribe or opt out at any time. We do not put our needs above those of the individuals whose data we process. We respect privacy, limit the frequency and type of communications, and ensure all information is handled transparently and responsibly. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Our lawful bases for collecting or using personal information to comply with legal requirements: 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

Our lawful bases for collecting or using personal information for recruitment purposes are: 

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We collect and use personal information during recruitment to identify and evaluate candidates who have the right skills, experience, and values for our organisation and client work. This includes reviewing applications, CVs, interview records, and references to make informed hiring decisions. The benefit of this processing is that it allows us to build a capable, reliable team and ensure we can deliver high-quality services to clients. These benefits outweigh any potential risks because we only collect information that is necessary for recruitment, keep it secure, and retain it for a limited time if an application is unsuccessful. We do not put our needs above those of applicants. We handle personal information fairly and transparently, respect individuals’ rights, and ensure their privacy is safeguarded throughout the recruitment process. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are: 

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

• We collect and use personal information where necessary to respond to queries, investigate complaints, and manage or defend legal claims. This ensures that individuals receive appropriate support, that concerns are addressed fairly, and that we can protect our business and clients where issues arise. The benefit of this processing is that it allows us to resolve matters efficiently, improve our services, and maintain trust and accountability with clients, staff, and other stakeholders. These benefits outweigh potential risks because we only process personal information relevant to the issue raised, keep it secure, and use it solely for resolving the query, complaint, or claim. We do not put our needs above those of the individuals whose information we process. We handle personal data fairly and transparently, respect individuals’ rights, and take steps to minimise any potential impact on them. 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above. 

Where we get personal information from 

• Directly from you 

• Publicly available sources 

• Providers of marketing lists and other personal information 

• Suppliers and service providers 

How long we keep information 

We retain personal data only as long as necessary to meet the purposes for which it was collected, including legal, regulatory, tax, or contractual obligations. In most cases, this means retaining client records for up to 6 years after the end of a contract, recruitment records for up to 12 months, and marketing information until you unsubscribe or we identify no further engagement. 

Who we share information with 

Data processors 

• External Accountancy service provider (UK, professional services sector) 

This data processor does the following activities for us: Processing payroll, tax, and financial reporting. 

• CRM system provider (cloud-based, EU) 

This data processor does the following activities for us: Holds client contact details, communication history, business opportunities, marketing preferences 

• Cloud hosting and productivity service provider (cloud-based, EU) 

This data processor does the following activities for us: Holds email, file storage, collaboration tools & data 

• Time and billing system provider (cloud-based, United States) 

This data processor does the following activities for us: Holds client contact details, time recording, expenses & invoices. 

• Project management and work collaboration system provider (cloud-based, United States) 

This data processor does the following activities for us: Holds client project data, names of client contacts, internal staff details, timelines, and communications. 

Others we share personal information with 

• Organisations we’re legally obliged to share personal information with 

Sharing information outside the UK 

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. 

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above. 

• Organisation name: Microsoft Ireland Operations Ltd 

Category of recipient: Cloud-based productivity and collaboration software provider (SaaS, Technology sector) 

Country the personal information is sent to: Ireland (UK/EU) 

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge) 

• Organisation name: Asana, Inc 

Category of recipient: Cloud-based project management and collaboration software provider (SaaS, Technology sector) 

Country the personal information is sent to: United States 

How the transfer complies with UK data protection law: The UK’s International Data Transfer Agreement (IDTA) and Standard Contractual Clauses (SCCs). These legal tools make sure that any personal information sent to the US is protected to the same standards as in the UK. 

• Organisation name: HubSpot, Inc 

Category of recipient: Cloud-based customer relationship management (CRM) and marketing automation software provider (SaaS, Technology sector) 

Country the personal information is sent to: Germany, EU 

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge) 

• Organisation name: Harvest, Inc 

Category of recipient: Cloud-based time tracking and project management software provider (SaaS, Technology sector) 

Country the personal information is sent to: United States 

How the transfer complies with UK data protection law: The UK’s International Data Transfer Agreement (IDTA) and Standard Contractual Clauses (SCCs). These legal tools make sure that any personal information sent to the US is protected to the same standards as in the UK. 

How to complain 

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO. 

The ICO’s address:            

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Helpline number: 0303 123 1113 

Website: https://www.ico.org.uk/make-a-complaint 

Last updated: 01 September 2025