top of page

Privacy Policy

June 2026

Introduction

XANDR Digital respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store and protect personal information when you visit our website, contact us, engage with our services, subscribe to updates, or otherwise interact with us.

XANDR Digital provides business, digital, technology and transformation consultancy services. We only collect personal data that is necessary for normal business, client relationship, marketing, supplier management and service delivery purposes.

For the purposes of UK data protection law, XANDR Digital is the “data controller” for the personal data we collect and use in connection with our own business activities, unless we are acting on behalf of a client as a “data processor” under a separate agreement.

Company details:


XANDR Digital
Registered address: Windsor House C/O Adm Accountants, Cornwall Road, Harrogate, North Yorkshire, United Kingdom, HG1 2PW
Company number: 14627104
Email: info@xandrconsulting.uk

Personal data we may collect

We only collect personal data that is necessary for normal business and professional purposes.

This may include:

  • Identity details: name, job title, company name and professional role.

  • Contact details: email address, telephone number, business address and LinkedIn or other professional contact details.

  • Business relationship information: details of enquiries, proposals, contracts, meetings, services provided, communications and relationship history.

  • Client engagement information: relevant business, operational, technical, commercial or organisational information shared with us during consulting, advisory, technology, transformation or partner selection engagements.

  • Website and technical data: IP address, browser type, device information, pages visited, website usage information and cookie data.

  • Marketing preferences: whether you have opted in or out of receiving updates from us.

  • Payment and transaction information: billing details, invoices, payment status and related financial records.

  • Supplier and partner information: contact details, service records, commercial arrangements and correspondence.

 

We do not intentionally collect or process special category personal data, including health information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, sexual orientation, or similar sensitive personal information.

We also do not intentionally collect criminal offence data.

We ask clients, suppliers, partners and website users not to provide this type of information to us. If such information is provided to us inadvertently, we will take reasonable steps to delete it or handle it appropriately in accordance with applicable data protection laws.

How we collect personal data

We may collect personal data when:

  • you contact us through our website, email, telephone, LinkedIn or other business channels;

  • you request information about our services;

  • you become a client, prospective client, supplier, partner or associate;

  • you attend a meeting, event, webinar, workshop or business discussion with us;

  • you engage us to provide consulting, advisory, technology, transformation or partner selection services;

  • you visit or interact with our website;

  • information is provided to us by a client, supplier or business partner;

  • information is available from public or professional sources, such as company websites, Companies House, LinkedIn or professional directories.

How we use personal data

We use personal data for the following purposes:

 

Responding to enquiries

  • Name, contact details, enquiry detail - Legitimate interests / pre-contractual steps

Providing consulting, advisory, technology or transformation services

  • Contact details, business relationship information, client engagement information - Contract / legitimate interests

Preparing proposals, quotes and statements of work

  • Identity, contact and business information - Pre-contractual steps / legitimate interests

Managing client relationships

  • Contact details, meeting notes, correspondence and commercial records - Contract / legitimate interests

Managing supplier, contractor and partner relationships

  • Contact details, supplier records and commercial information - Contract / legitimate interests

Delivering workshops, meetings and advisory sessions

  • Contact details, role information and relevant business context - Contract / legitimate interests

Invoicing, payment and financial administration

  • Contact, billing and transaction information - Contract / legal obligation

Keeping business records

  • Contracts, correspondence, financial records and relationship history - Legal obligation / legitimate interests

Improving our website and services

  • Website usage and technical data - Legitimate interests / consent where required

Sending relevant business updates or marketing

  • Contact details and marketing preferences - Consent / legitimate interests where permitted

Managing legal, regulatory and compliance obligations

  • Contracts, correspondence and relevant business records - Legal obligation / legitimate interests

Protecting our business, systems and information

  • Technical data, access records and security information - Legitimate interests

Where we rely on legitimate interests, we will only do so where we believe our interests are not overridden by your rights and freedoms.

Marketing communications

We may send relevant business updates, insights or information about XANDR Digital services to professional contacts where permitted by law.

We will only send marketing communications where we have a lawful basis to do so. This may include your consent, or our legitimate interests in developing and promoting our business where this is permitted.

You can opt out of marketing communications at any time by using the unsubscribe link in our emails, where available, or by contacting us directly.

We will not sell your personal data to third parties.

Cookies and website tracking

Our website may use cookies and similar technologies to operate effectively, understand website performance and improve user experience.

Cookies may include:

  • Strictly necessary cookies: required for the website to function properly.

  • Analytics cookies: help us understand how visitors use our website.

  • Preference cookies: remember choices you make.

  • Marketing cookies: support relevant communications or measure engagement.

 

Where required, we will ask for your consent before placing non-essential cookies on your device.

 

You can manage or disable cookies through your browser settings or through any cookie preference tool made available on our website.

 

A separate Cookie Policy may be published where appropriate.

Sharing personal data

We may share personal data with trusted third parties where necessary for business, operational, legal or service delivery purposes.

This may include:

  • IT, website, cloud hosting and software providers;

  • professional advisers, such as accountants, legal advisers and insurers;

  • payment, accounting and administration providers;

  • delivery partners, contractors or associates supporting client engagements;

  • marketing, CRM or business communication platforms;

  • regulators, authorities or law enforcement bodies where legally required;

  • prospective buyers, investors or advisers in the event of a business restructure, sale or transfer.

 

Where third parties process personal data on our behalf, we expect them to protect it appropriately and only use it in line with our instructions.

Client engagements and processor activity

In some circumstances, XANDR Digital may process limited personal data on behalf of a client as part of a consulting, advisory, technology, transformation or partner selection engagement.

 

Where this happens, the client will usually be the data controller and XANDR Digital will act as a data processor.

 

The handling of that data will be governed by the relevant contract, statement of work, data processing agreement or client instructions.

We do not require clients to provide health, special category or criminal offence data for our normal services and ask clients not to share such data with us.

International transfers

Some of our service providers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we will take appropriate steps to ensure it is protected in line with applicable data protection laws. This may include using recognised safeguards, adequacy regulations or approved contractual protections.

How long we keep personal data

We only keep personal data for as long as necessary for the purposes for which it was collected.

Typical retention periods may include:

  • Enquiry records - Up to 24 months after last contact

  • Proposal records - Up to 3 years after the proposal or opportunity closes

  • Client records and contracts - Up to 7 years after the end of the client relationship

  • Supplier and partner records - Up to 7 years after the end of the relationship

  • Financial and tax records - Usually 6 years plus the current financial year

  • Marketing contacts - Until you unsubscribe, object or become inactive

  • Website analytics data - As defined by the relevant analytics tool or cookie settings

  • Client engagement materials - As agreed in the relevant contract, statement of work or data processing agreement

We may retain information for longer where required for legal, regulatory, tax, accounting, dispute resolution or legitimate business purposes.

How we protect personal data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include:

  • access controls;

  • secure systems and cloud platforms;

  • password protection and multi-factor authentication where appropriate;

  • data minimisation;

  • supplier due diligence;

  • confidentiality obligations;

  • secure storage and deletion practices;

  • internal policies and good information governance practices.

 

However, no method of data transmission or storage is completely secure, so we cannot guarantee absolute security.

Your rights

Under UK data protection law, you may have the right to:

  • request access to your personal data;

  • ask us to correct inaccurate or incomplete data;

  • ask us to delete your personal data;

  • ask us to restrict how we use your data;

  • object to our use of your data;

  • request transfer of your data to another organisation;

  • withdraw consent, where we rely on consent;

  • complain to the Information Commissioner’s Office.

 

Some rights may not apply in all circumstances. For example, we may need to retain certain information for legal, contractual, tax, accounting or regulatory reasons.

To exercise your rights, contact us at: info@xandrconsulting.uk

We may need to verify your identity before responding to certain requests.

Complaints

Please contact us first if you have concerns about how we use your personal data, so we can try to resolve the matter.

You also have the right to complain to the UK Information Commissioner’s Office, which is the UK regulator for data protection.

Links to other websites

Our website may contain links to third-party websites, platforms or services.

We are not responsible for the privacy practices, content or security of those third-party sites. You should review their privacy policies before providing personal data to them.

Children’s data

Our services are intended for business and professional users.

We do not knowingly collect personal data from children.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The latest version will be published on our website with the date it was last updated.

© 2025 by Xandr Consulting Ltd. 

Policies

bottom of page