Privacy Policy

Last Updated: 21/08/2025

1. Introduction

Fox By The Lake (“we”, “our”, “us”) is committed to safeguarding the privacy and personal data of all individuals we interact with, including clients, website visitors, business partners, suppliers, and job applicants.

We process personal data in accordance with:

  • UK GDPR (United Kingdom General Data Protection Regulation)

  • EU GDPR (European Union General Data Protection Regulation)

  • Data Protection Act 2018

  • Other applicable international data protection frameworks, depending on where services are delivered or data subjects are located.

This Privacy Policy explains:

  • What data we collect.

  • How and why we use it.

  • The legal bases we rely upon.

  • How we secure, retain, and share data.

  • Your rights and how to exercise them.

We are committed to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

2. Scope

This policy applies to all personal data processed by Fox By The Lake in the context of:

  • Clients – individuals or organisations purchasing our consultancy services.

  • Prospective Clients – individuals or organisations engaging with us during pre-contract discussions.

  • Website Visitors – individuals visiting our website or using online resources.

  • Suppliers & Contractors – individuals and organisations providing goods or services.

  • Job Applicants – individuals applying for employment or freelance opportunities.

  • Event Participants – individuals registering for workshops, webinars, or training sessions.

  • It does not cover data that has been anonymised so that individuals can no longer be identified.

3. Information We Collect

3.1 Identity & Contact Information

  • Full name, address, phone number, email address.

  • Job title, employer name, professional background.

3.2 Business & Contractual Information

  • Details provided during proposals, contracts, and engagements.

  • Billing, payment, and transaction records.

  • Records of communications (emails, meeting notes, contracts).

3.3 Technical & Usage Data

  • IP address, device type, operating system, browser details.

  • Website usage data (pages visited, session duration, clicks).

  • Cookies, pixels, and tracking technologies.

3.4 Marketing & Communication Data

  • Email preferences (subscriptions, opt-in/out status).

  • Engagement with marketing campaigns, newsletters, and events.

  • Survey or feedback responses.

3.5 Recruitment Data

  • Curriculum vitae (CV), cover letter, qualifications, employment history.

  • References and interview notes.

  • Right-to-work documentation, background checks (if required).

3.6 Special Category Data (Sensitive Data)

We generally do not process sensitive data. However, if necessary (e.g., accessibility requirements at training events), we will obtain explicit consent before processing.

4. How We Collect Data

We collect data through the following methods:

  • Direct Interactions: When you contact us via email, phone, web forms, or in person.

  • Contracts & Agreements: Data provided to deliver consultancy services.

  • Website Use: Through cookies, analytics tools (e.g., Google Analytics), and forms.

  • Third-Party Sources: Networking events, professional directories, referrals.

  • Recruitment Processes: Applications submitted directly or through recruitment agencies.

  • Public Sources: LinkedIn, company websites, industry databases.

5. Purposes of Processing

We process personal data to:

  • Deliver Consultancy Services – Fulfilling contracts, tailoring solutions, managing projects.

  • Client Relationship Management – Responding to enquiries, maintaining contact, providing aftercare.

  • Marketing & Business Development – Sending newsletters, sharing insights, inviting participation in events (with prior consent where required).

  • Operational & Financial Management – Processing payments, issuing invoices, maintaining accounting records.

  • Recruitment & HR – Assessing suitability of candidates, conducting interviews, onboarding successful applicants.

  • Legal & Regulatory Compliance – Meeting obligations under tax, anti-fraud, and data protection law.

  • Website & Service Improvement – Analysing usage data to optimise content and performance.

  • Security & Risk Management – Preventing misuse, ensuring system integrity, and mitigating risks.

6. Legal Basis for Processing

The lawful bases we rely on include:

  • Consent – Where you opt-in to marketing communications or provide explicit consent (e.g., sensitive data for accessibility).

  • Contractual Necessity – To provide consultancy services, fulfil obligations, and process transactions.

  • Legal Obligation – To comply with tax, employment, and regulatory laws.

  • Legitimate Interests – For business development, preventing fraud, ensuring security, and improving services.

  • We conduct Legitimate Interest Assessments (LIAs) where required to ensure interests do not override your rights.

7. Data Sharing & Third Parties

We share personal data only when necessary, with:

  • IT & Cloud Providers – Hosting, storage, communications, productivity tools.

  • Marketing Platforms – Newsletter distribution, campaign management.

  • Professional Advisers – Legal, financial, compliance, auditors.

  • Contractors/Subconsultants – Where needed for delivering projects.

  • Regulators/Authorities – Where disclosure is required by law.

  • All third parties are contractually bound by confidentiality and data protection obligations.

8. International Transfers

If personal data is transferred outside the UK or EEA, we ensure:

  • Adequacy decisions (e.g., EU-approved countries).

  • Standard Contractual Clauses (SCCs).

  • Appropriate technical and organisational safeguards.

9. Data Retention

We retain data only as long as necessary. Typical periods:

  • Client Data: 10 years after engagement (legal/accounting requirement).

  • Marketing Data: Until consent is withdrawn or after 2 years of inactivity.

  • Recruitment Data: 12 months unless consent is given for longer.

  • Website Data: Typically 12–24 months (depending on cookie type).

  • We securely delete or anonymise data once retention periods expire.

10. Data Security

We use robust security measures including:

  • Encrypted communications (SSL/TLS).

  • Access controls and authentication.

  • Firewalls, intrusion detection, anti-malware.

  • Regular vulnerability scans and audits.

  • Employee training on confidentiality and GDPR compliance.

11. Data Breach Management

We maintain an incident response plan. In case of a breach:

  • Assess impact and contain the breach.

  • Notify the ICO within 72 hours if required.

  • Notify affected individuals if high risk to their rights is likely.

  • Document all breaches, even those not reportable.

12. Cookies & Tracking Technologies

We use cookies for:

  • Essential Functionality: Login sessions, preferences.

  • Performance & Analytics: Visitor numbers, behaviour tracking.

  • Marketing: Retargeting ads, campaign measurement.

  • Users can manage cookie preferences through their browser. For full details, see our Cookie Policy.

13. Children’s Data

Our services are designed for business professionals and are not directed at children. We do not knowingly process data of individuals under 16. If such data is discovered, it will be deleted promptly.

14. Your Rights

Under GDPR and equivalent laws, you have the right to:

  • Access – Obtain a copy of your personal data.

  • Rectification – Correct inaccuracies.

  • Erasure – Request deletion (“right to be forgotten”).

  • Restriction – Limit processing under certain conditions.

  • Portability – Receive your data in machine-readable format.

  • Objection – Opt out of processing based on legitimate interests.

  • Withdraw Consent – Where processing is based on consent.

We will respond to all rights requests within one month (extendable to three months for complex requests).

15. Governance & Accountability

Fox By The Lake ensures accountability through:

Appointment of a Data Protection Officer (DPO).

Data Processing Registers maintained under GDPR Article 30.

Regular Data Protection Impact Assessments (DPIAs).

Periodic staff training and audits.

Vendor due diligence and contracts with processors.

16. Updates to This Policy

We may update this Privacy Policy to reflect changes in law, technology, or our practices. Updates will be published on our website with a revised “Last Updated” date. Material changes may be communicated directly to clients and subscribers.

17. Contact Us

For questions, concerns, or to exercise your rights, please contact:

Data Protection Officer

Email: compliance@foxbythelake.email

Phone: +44 7304 072703

If you are dissatisfied with our response, you may lodge a complaint with:

The Information Commissioner’s Office (ICO) in the UK: https://ico.org.uk

Or your local supervisory authority if outside the UK.