Privacy Policy

Introduction

Harben Consulting Ltd ("we", "us", or "our") respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, store, and share personal data when you use our website (https://www.harben.uk) and in the course of our business operations. It also outlines your rights under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR).

This Policy applies to all personal data processed by us, whether relating to website visitors, prospective clients, clients, suppliers, or other business contacts.

Who We Are

We are a UK-based consultancy providing strategic, technology, security, and governance advice.

For the purposes of data protection law, we act as a data controller, determining the purposes and means of processing personal data.

We are not required to appoint a Data Protection Officer under UK GDPR. Responsibility for data protection and compliance sits with the company director.

What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity Data
Name.

Contact Data
Email address, telephone number, business address.

Technical Data
IP address, browser type and version, operating system, device information, and information about how you use our website (for example, pages visited and interactions).

Client and Business Data
Business contact details and limited project-related information provided by clients or business partners in the course of consultancy services. We do not routinely process personal data beyond what is necessary to deliver agreed services.

We do not intentionally collect special category personal data.

How We Collect Personal Data

We collect personal data in the following ways:

  • Directly from you – when you contact us by email, telephone, via our website, or when you engage our consultancy services.

  • Automatically – through website technologies such as cookies and analytics tools.

  • From third parties – for example, publicly available professional information (such as LinkedIn) or information provided by clients in the course of business engagements.

Legal Bases for Processing

Under UK GDPR, we process personal data using the following lawful bases, as appropriate to the activity involved:

  • Contractual necessity – to respond to enquiries, provide consultancy services, and manage client relationships.

  • Legitimate interests – to operate our business effectively, analyse website usage, maintain security, and improve our services, provided those interests are not overridden by individual rights.

  • Legal obligation – to comply with applicable legal, regulatory, or accounting requirements.

  • Consent – where required by law, for example for marketing communications and non-essential cookies. Consent can be withdrawn at any time.

We only rely on consent where it is the appropriate and lawful basis for processing.

How We Use Personal Data

We use personal data to:

  • Respond to enquiries and communicate with prospective and existing clients.

  • Deliver consultancy services and manage client engagements.

  • Operate, maintain, and secure our website and IT systems.

  • Understand how our website is used and improve its performance and usability.

  • Send marketing communications, where consent has been provided.

  • Meet legal, regulatory, and contractual obligations.

Sharing Personal Data

We do not sell or trade personal data.

We may share personal data with:

  • Service providers – including website hosting, analytics providers (such as Squarespace), email providers, and IT service providers who process data on our behalf.

  • Business partners – where necessary to fulfil contractual obligations.

  • Legal or regulatory authorities – where required by law or to protect our rights.

We do not purchase marketing lists and do not permit third parties to use personal data for their own marketing purposes.

All third parties are required to process personal data securely and in accordance with UK GDPR.

International Data Transfers

Some of our service providers may process personal data outside the UK or European Economic Area (EEA), for example in connection with website hosting or analytics services.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR, including:

  • the UK International Data Transfer Agreement (IDTA); or

  • the EU Standard Contractual Clauses together with the UK Addendum; or

  • reliance on an applicable UK adequacy decision.

We keep international transfer arrangements under review to ensure ongoing compliance with UK data protection law.

Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure systems and access controls;

  • Encryption where appropriate;

  • Multi-factor authentication for privileged access;

  • Regular security and access reviews; and

  • Confidentiality obligations with service providers.

If you believe personal data has been accessed or disclosed without authorisation, please contact us immediately at privacy@harben.uk.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

Typical retention periods include:

  • Enquiry and prospect data: up to 24 months;

  • Client records: for the duration of the engagement and up to seven years thereafter where required for legal or contractual reasons.

Personal data may be retained for longer where required by law. Requests for deletion will be honoured unless retention is legally required.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Access – request a copy of the personal data we hold about you.

  • Rectification – request correction of inaccurate or incomplete data.

  • Erasure – request deletion of your personal data.

  • Restriction – request restriction of processing.

  • Objection – object to processing based on legitimate interests.

  • Data portability – request your data in a structured, commonly used format.

To exercise these rights, contact us at privacy@harben.uk.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk.

Cookies

We use cookies and similar technologies to support website functionality and understand how visitors use our site.

Cookies fall into the following categories:

  • Strictly necessary cookies – essential for website operation.

  • Functionality cookies – remember preferences and settings.

  • Analytical cookies – help us understand site usage and improve performance.

You can manage your cookie preferences at any time via the cookie banner or the Cookie Preferences link on our website. You can also control cookies through your browser settings. Further information is available at https://www.aboutcookies.org.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our processing activities. Any updates will be published on our website.

Contact Details

For any questions or concerns relating to this Privacy Policy or the handling of personal data, please contact:
Email: privacy@harben.uk
Registered Office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ

Effective date: 1 February 2026