Privacy Notice

Introduction

Marlborough Consulting LLP (“we”, “our”, “us”) is committed to protecting the privacy and handling of personal data of visitors to our website, in a secure and transparent way. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, in accordance with:

  • Our Information Security Management System (ISMS)
  • General Data Protection Regulation (GDPR) – EU Regulation 2016/679
  • ISO/IEC 27001:2022, including its controls relating to personal data
  • We are a data controller as defined under Article 4(7) of the GDPR.

Information We Collect

We may collect the following types of personal information when you interact with our website:

Identity Data Name, job title, company name, role Web forms
Contact Data Email address, phone number Contact forms
Technical Data IP address, browser type, OS, usage data Analytics and server logs
Marketing Data Preferences, opt-in/out status Form submissions, cookies
Cookies and usage data  Cookies, hits, web analytics Cookies, analytics, server logs


We do not knowingly collect special categories of personal data (e.g., health, biometric, or racial data) through our website.

How We Use Your Information

We may collect and use your personal data for the following purposes:

  • To respond to inquiries or contact form submissions
  • To provide requested information about our services
  • To improve our website and user experience
  • To meet legal or regulatory obligations
  • To support our internal information security controls in line with ISO 27001
  • Ensure information security, availability and performance

We do not sell or rent your personal data to third parties.

Legal Basis for Processing

Under Article 6(1) of the GDPR, our lawful bases for processing personal data includes:

  • Consent – when you submit a form or opt in to communications
  • Legitimate Interests – to operate our website and respond to inquiries
  • Legal Obligation – to comply with EU/UK regulations and other applicable laws and regulations

How We Store and Protect Your Information

In line with our Information Security Management System, we implement appropriate technical and organisational measures to safeguard personal data:

  • Encrypted website connections (TLS / HTTPS)
  • Access control to internal systems
  • Multi-factor authentication where applicable
  • Secure data backups
  • Monitoring and logging of access to personal data
  • Regular security assessments and reviews
  • Hosting in secure, GDPR-compliant data centres (EU / UK region)

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.

Sharing Your Information

We may share your data with trusted third parties under strict confidentiality agreements, such as:

Cloud service providers Website hosting, email services Data processing agreements
Analytics providers Usage tracking and improvement IP anonymisation, EU hosting
Legal authorities Compliance with legal obligations Only when legally required


All third parties are subject to appropriate data processing agreements and security controls.

International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • EU/UK adequacy decisions
  • Contractual commitments from service providers

Your Data Protection Rights (GDPR)

Depending on your location and applicable law (e.g. GDPR), you may have the right to:

  • Access – request access to your personal data
  • Rectification – correct inaccurate or incomplete data
  • Erasure – request deletion ("right to be forgotten")
  • Restriction – request limited processing
  • Portability – receive your data in a usable format
  • Objection – object to data processing based on legitimate interests
  • Withdraw Consent – where processing is based on your consent

You can exercise these rights by contacting our Data Protection Officer, under ‘Contact Us’.

If you are dissatisfied, you may lodge a complaint with your local supervisory authority (e.g., the ICO in the UK or DPA in the EU country where you reside).

Cookies and Tracking Technologies

We use cookies to analyse website traffic and improve user experience. By continuing to use our site, you agree to our use of cookies. You can manage cookie preferences through your browser settings.

Changes and Updates to this Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The updated version will be posted on this page with a revised "Last Updated" date.

Last Updated: June 2025

Contact Us

For any questions or concerns regarding this policy or your personal data, please contact:

contact@marlborough.co
+44 7788438558

Marlborough Consulting LLP
Richmond, London, United Kingdom

Any actual or suspected data breach, device loss, or suspicious activity must be reported to the Security Officer immediately using the Incident Reporting Procedure.

Have a business, digital or technology opportunity or threat to discuss?

Get in Touch with Us