1. Introduction
Flow Efficiency Consulting ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website (flowefficiency.co.uk) and services.
We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
Information you provide directly:
- Contact information: Name, email address, phone number, business name, website address
- Business information: Company size, annual revenue range, industry sector, operational challenges
- Communication records: Emails, phone call notes, meeting notes related to our services
- Audit data: Operational data you share with us during the audit process
Information collected automatically:
- Technical data: IP address, browser type, device information, operating system
- Usage data: Pages visited, time spent on site, click patterns, referring website
- Cookie data: See our Cookie Policy for details
3. How We Use Your Information
We use your personal data for the following purposes:
- To provide our services: Conducting operational audits, preparing reports, providing recommendations
- To communicate with you: Responding to enquiries, scheduling calls, sending service updates
- To assess qualification: Determining whether your business is suitable for our services
- To improve our services: Analysing how our website and services are used
- For marketing: Sending relevant information about our services (only with your consent)
- For legal compliance: Meeting our legal and regulatory obligations
4. Legal Basis for Processing
We process your personal data on the following legal bases:
- Consent: Where you have given clear consent for us to process your data for specific purposes (e.g., marketing emails)
- Contract: Where processing is necessary for a contract we have with you or to take steps at your request before entering a contract
- Legitimate interests: Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights
- Legal obligation: Where we need to comply with a legal requirement
5. How We Share Your Information
We do not sell your personal data. We may share your information with:
- Service providers: Companies that help us deliver our services (e.g., email providers, CRM systems, hosting providers)
- Professional advisors: Lawyers, accountants, and insurers where necessary
- Legal authorities: Where required by law or to protect our legal rights
All third parties are required to respect the security of your personal data and treat it in accordance with the law.
6. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest
- Secure access controls and authentication
- Regular security assessments
- Staff training on data protection
- Secure disposal of data when no longer needed
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Enquiry data: 2 years from last contact if you don't become a client
- Client data: 7 years after the end of our business relationship (for legal and tax purposes)
- Marketing preferences: Until you withdraw consent
- Website analytics: 26 months
8. Your Rights
Under UK GDPR, you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data in certain circumstances
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Request transfer of your data to another organisation
- Right to object: Object to processing based on legitimate interests or for marketing
- Right to withdraw consent: Withdraw consent at any time where we rely on consent
To exercise any of these rights, please contact us using the details below. We will respond within one month.
9. Marketing Communications
We will only send you marketing communications if you have opted in to receive them. You can unsubscribe at any time by:
- Clicking the unsubscribe link in any marketing email
- Contacting us directly
Even if you opt out of marketing, we may still contact you about our services if you are a client.
10. Cookies
Our website uses cookies to improve your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.
11. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice on our website or contacting you directly. The date at the top of this policy indicates when it was last updated.
13. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
14. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.