- Who we are
We are
[Morgan Maxwell Ltd] (“we”, “us”).
We act as the
data controller for personal data we collect via this website and in the course of our consultancy services.
- The data we collect
We collect and process the following categories of personal data:
- Website usage & technical data: IP address, device/browser details, pages viewed, referral source, cookie identifiers and similar technologies.
- Enquiries & sales leads: name, email, phone, job title, organisation, service interest, free‑text message content.
- Client data: billing details, purchase orders, contacts for project delivery, notes from meetings and calls, and any information you voluntarily share for the purpose of the engagement.
- Marketing preferences: newsletter opt‑ins/opt‑outs and related data.
- How we collect data
- Directly from you (forms, email, phone, meetings, events).
- Automatically through cookies/analytics when you use our site (see Cookie Policy).
- From third parties (referrers/partners, publicly available sources like LinkedIn/Companies House) as permitted by law.
- Purposes and lawful bases
We use your data for:
- Responding to enquiries and providing quotes — performance of a contract or steps prior to entering a contract.
- Delivering our consultancy services — performance of a contract.
- Operating and improving our website, security and analytics — legitimate interests (to run an effective, secure business and understand usage). Non‑essential analytics depend on consent through the cookie banner.
- Marketing our services (e.g., newsletters or event invites) — consent for email/SMS where required; otherwise legitimate interests. You can opt out at any time.
- Legal/financial compliance (e.g., tax records) — legal obligation.
Where we rely on
legitimate interests, we balance those interests against your rights and expectations and only process what is necessary and proportionate.
- Sharing your data
We may share personal data with:
- Service providers (processors) who help us operate our business (hosting, email, CRM, analytics, payment processing, document storage, project tools). They act under our instructions and appropriate contracts.
- Professional advisers (accountants, lawyers, insurers).
- Authorities where required by law or to protect legal rights.
- Prospective buyers/investors as part of a business transaction, under confidentiality.
We do
not sell personal data.
- International transfers
If we transfer personal data outside the UK (for example, to cloud providers), we will use appropriate safeguards such as the
UK IDTA or the
UK Addendum to the EU Standard Contractual Clauses, plus risk assessments and technical measures where appropriate.
- Retention
We keep personal data only as long as necessary for the purposes above, typically:
- Enquiry records: up to 24 months from last contact.
- Client and project records (including contracts/invoices): 7 years after the end of the financial year, for tax/audit.
- Marketing data: until you opt out or we identify inactivity for 24 months. Retention may be longer if required to establish, exercise or defend legal claims.
- Your rights
You have rights under UK data protection law, including to
access,
rectify,
erase,
restrict,
object, and
data portability. Where we rely on consent, you can
withdraw consent at any time. You also have the right to
complain to the Information Commissioner’s Office (ICO) at ico.org.uk. We encourage you to contact us first so we can try to resolve your concern.
- Security
We use appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit where available, and staff policies/training.
- Cookies
See our
Cookie Policy for details on how we use cookies and similar technologies and how you can manage your preferences.
- Third‑party links
Our site may link to third‑party sites. Those sites have their own privacy information, which you should review.
- Changes to this notice
We may update this Privacy Policy from time to time. The version and date appear at the top of this page.