Privacy Policy

1. About this Privacy Notice

This Privacy Notice explains how EWRConsultation (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you visit the website ewrconsultation.co.uk (the “Site”) or interact with us. We are committed to handling your personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Who is the Controller and How to Contact Us

EWRConsultation is the controller of personal data processed through this Site.

  • Website: ewrconsultation.co.uk
  • Contact: You can reach us via the contact form or contact details provided on our website. Please include “Privacy” in your message subject if your query concerns data protection.

3. What Personal Data We Collect

3.1 Data you provide directly

  • Contact information: name, email address, telephone number.
  • Consultation submissions and feedback: your views, comments, and any information you choose to include.
  • Account and preference information (if applicable): username, password, communication preferences.
  • Enquiries and correspondence: information contained in emails, forms, or other communications you send us.
  • Marketing preferences and consent records.

3.2 Data we collect automatically

  • Technical data: IP address, device identifiers, browser type, operating system, time zone, and approximate location (derived from IP).
  • Usage data: pages visited, navigation paths, referral sources, interaction data, and session duration.
  • Cookie data and similar technologies (see Section 7).
  • Server logs for security and diagnostics.

3.3 Data from third parties

  • Service providers that support our Site (e.g., hosting, analytics, survey or form platforms, email delivery).
  • Publicly available sources where appropriate to verify or enrich information you provide.

3.4 Special category data

We do not seek to collect sensitive personal data (e.g., health, racial or ethnic origin, political opinions). Please do not include such data in your consultation responses or communications unless we explicitly ask for it and explain why it is necessary. If you choose to provide such information, we will process it only with your explicit consent, which you may withdraw at any time (see Section 10.7), unless another lawful basis clearly applies.

4. Purposes and Legal Bases for Processing

We process personal data only where we have a lawful basis. The purposes and legal bases include:

  • Providing and operating the Site, features, and online tools:
    • Legal basis: legitimate interests (to operate and administer our Site and services) and, where applicable, performance of a contract with you.
  • Managing consultations, gathering and analysing responses, and reporting aggregated findings:
    • Legal basis: legitimate interests (to conduct and evidence effective engagement and to inform decision-making) and, where applicable, consent where you choose to include sensitive data.
  • Responding to enquiries and user support:
    • Legal basis: legitimate interests (to respond to queries and maintain relationships) or performance of a contract where relevant.
  • Sending updates or marketing communications where you opt in:
    • Legal basis: consent; and, where permitted, legitimate interests/soft opt-in under PECR for similar services. You can opt out at any time.
  • Improving the Site, measuring performance, and understanding audience engagement (e.g., analytics cookies):
    • Legal basis: consent (for non-essential cookies and similar technologies).
  • Ensuring security, preventing fraud and abuse, and diagnosing technical issues:
    • Legal basis: legitimate interests (to keep our services secure) and legal obligations where applicable.
  • Compliance with legal obligations and regulatory requests:
    • Legal basis: legal obligation.
  • Establishing, exercising, or defending legal claims and maintaining appropriate records:
    • Legal basis: legitimate interests.

5. What Happens If You Do Not Provide Data

You are not required to provide personal data. However, if you choose not to provide certain information, we may be unable to respond to your enquiry, accept a consultation submission, or provide particular features.

6. Sharing Your Personal Data

We only share personal data as necessary and subject to appropriate safeguards:

  • Service providers/Processors: hosting and cloud infrastructure, website security and maintenance, analytics, survey and form platforms, email distribution, customer support tools, content delivery networks, and CAPTCHA/anti-abuse tools.
  • Professional advisers: legal, compliance, or other advisors where reasonably necessary.
  • Authorities and regulators: where required by law or to protect rights, safety, and security.
  • Business transfers: in the event of a reorganisation, merger, or similar corporate event, subject to confidentiality and data protection safeguards.

We do not sell your personal data.

7. Cookies and Similar Technologies

7.1 What cookies we use

We use:

  • Strictly necessary cookies: required for basic site functionality (e.g., load balancing, security, cookie consent records). These operate without consent.
  • Analytics/performance cookies: help us understand how the Site is used so we can improve it. These only operate with your consent.
  • Functionality cookies: remember choices (e.g., preferences). These may require consent depending on their purpose.
  • Embedded/third-party content: features such as maps, videos, or survey widgets may set cookies. We seek your consent before loading non-essential third-party cookies where feasible.

7.2 Managing your cookie choices

  • Consent: We request your consent for non-essential cookies when you first visit. You can decline non-essential cookies.
  • Change your mind: You can revisit the Site to review your cookie preferences. You can also adjust your browser settings to block or delete cookies.
  • Impact: Blocking cookies may affect some Site features.

7.3 Cookie duration

Session cookies expire when you close your browser. Persistent cookies last for a defined period (typically up to 24 months for analytics).

8. International Data Transfers

Some service providers may be located outside the UK or may store data in other countries. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with an adequacy regulation by the UK government; or
  • UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to EU Standard Contractual Clauses, with supplementary measures where necessary.

You can request more information about international transfer safeguards by contacting us (see Section 2).

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Notice, including to comply with legal, accounting, or reporting requirements. Typical retention periods are:

  • Consultation submissions: up to 6 years after the relevant consultation closes, to evidence engagement and manage potential legal claims.
  • Enquiries and correspondence: up to 24 months after we close your request.
  • Account information (if applicable): for as long as your account remains active and for up to 12 months after closure, unless a longer period is required by law.
  • Marketing preferences and consent records: up to 6 years after the last communication or withdrawal of consent, whichever is later.
  • Server logs and security records: up to 12 months, unless required longer for investigations.
  • Analytics data: up to 24 months.

We may retain data longer where required by law or necessary to establish, exercise, or defend legal claims. When retention is no longer necessary, we securely delete or anonymise the data.

10. Your Rights

Subject to legal limitations, you have the following rights under the UK GDPR:

  • Access: to obtain a copy of your personal data and information about how it is processed.
  • Rectification: to have inaccurate or incomplete data corrected.
  • Erasure: to request deletion of your data where there is no overriding reason to continue processing.
  • Restriction: to request restriction of processing in certain circumstances.
  • Portability: to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
  • Object: to object to processing based on legitimate interests or to direct marketing, including profiling related to direct marketing.
  • Withdraw consent: where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect prior lawful processing.

To exercise your rights, please contact us using the details in Section 2. We may need to verify your identity. You will not be charged for exercising your rights unless your request is manifestly unfounded or excessive.

If you are not satisfied with our response, you can lodge a complaint with the UK Information Commissioner’s Office (ICO): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone 0303 123 1113.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, confidentiality obligations, security monitoring, regular updates and patching, and vendor due diligence. Despite these measures, no online system can be guaranteed to be 100% secure. We maintain incident response procedures to address potential breaches and will notify you and regulators of a personal data breach where legally required.

12. Children’s Privacy

Our Site is not directed to children under 13. We do not knowingly collect personal data from children under 13 without appropriate consent. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.

13. Automated Decision-Making

We do not use your personal data to make decisions based solely on automated processing that produce legal or similarly significant effects.

14. Data Protection Officer (DPO) and Privacy Contacts

We are not required to appoint a Data Protection Officer under the UK GDPR. For any questions about this Privacy Notice or our data protection practices, please contact us using the details in Section 2 and address your enquiry to the “Data Protection Lead”.

15. Third-Party Websites and Services

The Site may include links to, or integrations with, third-party websites or services. Those third parties are responsible for their own privacy practices. We encourage you to review their privacy information before interacting with them. We are not responsible for third-party content or practices.

16. Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated version on this page and adjust the “Effective date” below. Material changes will be highlighted where appropriate. Please review this Notice periodically.

17. Effective Date

Effective date: 06 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 EWRConsultation