Privacy & Data Protection
Privacy Notice
Lineage Advisory Limited is a UK-based consultancy providing professional advisory services. We are committed to protecting your personal information and respecting your privacy rights. This Privacy Notice explains how we collect, use, and safeguard your personal data in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
When we refer to personal data, we mean any information that relates to you as an identifiable individual, such as your name, email address, or professional details. Processing means any activity we carry out with your personal data, including collecting, storing, using, sharing, or deleting it.
Who We Are and How to Contact Us
The data controller responsible for your personal information is Stuart Simpson, trading as Lineage Advisory Limited. This means we decide how and why your personal data is processed, and we are accountable for doing so lawfully and transparently.
We do not have a statutory Data Protection Officer. For any questions, concerns, or requests regarding your personal data or this Privacy Notice, please contact us at privacy@lineageadvisory.co.uk. We aim to respond to all privacy enquiries promptly and thoroughly.
Privacy Contact
Data Controller:
Stuart Simpson
Lineage Advisory Limited
Stuart Simpson
Lineage Advisory Limited
What Personal Data We Collect
We collect personal data in various ways when you interact with us or visit our website. The type and amount of information we collect depends on the nature of your engagement with our services. We only collect information that is necessary and relevant to provide our services, respond to your enquiries, and operate our business effectively.
Identity & Contact Data
When you email us, complete a contact form, book a consultation call, or subscribe to our newsletter, we collect your name, email address, telephone number, job title, and organisation name where provided.
Professional Information
We may receive details about your role, business interests, and professional context when you engage with us. This helps us understand your needs and provide tailored advisory services.
Communications Content
We retain the content of messages, enquiries, and correspondence you send to us. This includes the substance of your questions, the information you share, and our responses.
Technical Data
When you visit our website, we may collect basic technical information such as your IP address, browser type, device information, and pages visited if analytics tools are enabled. This data helps us understand site performance and security.
Special Category Data: We do not intentionally collect sensitive personal information such as health data, racial or ethnic origin, religious beliefs, or biometric data. Please do not include such information in your communications with us unless it is necessary and relevant to the services we are providing, and you have explicitly chosen to share it.
How We Use Your Data and Our Lawful Bases
UK data protection law requires us to have a valid legal reason, called a lawful basis, for processing your personal data. We rely on several lawful bases depending on the purpose for which we use your information. Below we explain the main ways we use your data and the legal grounds that apply to each activity.
Responding to Enquiries
Purpose: Answering questions, providing information about our services, and engaging in preliminary discussions before any formal engagement.
Lawful Basis: We rely on our legitimate interests in operating our business and communicating with prospective clients. Where discussions progress towards a potential contract, we process data as steps taken at your request prior to entering into a contract.
Delivering Services
Purpose: Providing consultancy services, managing client relationships, preparing deliverables, and fulfilling our contractual obligations to you.
Lawful Basis: Processing is necessary for the performance of a contract between you (or your organisation) and Lineage Advisory Limited.
Invoicing & Administration
Purpose: Issuing invoices, processing payments, maintaining financial records, and meeting accounting and tax obligations.
Lawful Basis: Processing is necessary for contract performance and to comply with legal obligations under tax, accounting, and company law.
Marketing Communications
Purpose: Sending newsletters, insights, updates, or information about our services to those who have subscribed or shown interest.
Lawful Basis: Where you have explicitly subscribed, we rely on your consent. For existing or recent enquirers, we may rely on legitimate interests in marketing similar services, and you can opt out at any time via an unsubscribe link or by contacting us.
Site Security & Performance
Purpose: Monitoring website security, detecting and preventing fraud or misuse, understanding site usage patterns, and improving our digital services.
Lawful Basis: We rely on our legitimate interests in maintaining a secure, efficient, and user-friendly website, and protecting our systems and users from threats.
Sharing Your Data and Third-Party Processors
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. However, like most modern businesses, we rely on carefully selected third-party service providers to help us run our operations efficiently and securely. These providers act as data processors on our behalf, meaning they only process your data according to our instructions and under strict contractual terms that protect your information.
We may share your personal data with service providers in the following categories:
Technology & Infrastructure
- Email hosting and communication platforms
- Website hosting and domain management services
- Cloud storage and document management systems
- Customer relationship management (CRM) tools
Business Operations
- Scheduling and calendar management tools
- Analytics and performance monitoring services
- Accounting and invoicing software providers
- Professional advisers (legal, accounting, regulatory)
All processors we engage are required to implement appropriate security measures and to process personal data only in accordance with our written instructions and applicable data protection law. We carry out due diligence before appointing any processor and maintain contracts that clearly set out their data protection obligations.
In certain limited circumstances, we may need to disclose personal data to comply with a legal obligation, enforce our terms and conditions, protect our rights or property, or respond to lawful requests from public authorities or law enforcement agencies.
International Transfers of Data
We aim to keep your personal data within the United Kingdom wherever practical and commercially reasonable. However, some of our trusted service providers and technology platforms may store or process data on servers located outside the UK, including in the European Economic Area (EEA) or other jurisdictions.
Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place to protect your information in accordance with UK data protection law. These safeguards may include:
01
Adequacy Decisions
Transferring data to countries that the UK government has recognised as providing an adequate level of data protection, such as EEA member states or other approved jurisdictions.
02
Standard Contractual Clauses
Using the UK Addendum to the EU Standard Contractual Clauses (SCCs) or similar approved transfer mechanisms that impose strict data protection obligations on the recipient.
03
Supplier Due Diligence
Carefully vetting international suppliers and ensuring they implement robust technical and organisational security measures equivalent to those required under UK law.
If you would like further information about the specific safeguards we use for international data transfers, or details of where your data may be processed, please contact us at privacy@lineageadvisory.co.uk.
How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal and regulatory requirements, and protect our legitimate interests. Retention periods vary depending on the nature of the data and the reason we hold it. We regularly review our records and securely delete or anonymise data that is no longer needed.
1
Enquiry Emails
Correspondence and enquiries from prospective clients are typically retained for 12 to 24 months after the last contact, unless a formal engagement follows.
2
Client Records
Personal data relating to contracted services, deliverables, and invoices is retained for at least 6 years following completion to meet tax, accounting, and contractual obligations.
3
Marketing Lists
Subscribers and marketing contacts are retained until they unsubscribe or after 24 months of inactivity, whichever is sooner, unless ongoing consent or legitimate interest applies.
4
Technical Logs
Website analytics and security logs are typically retained for short periods, often 30 to 90 days, unless required longer for security investigations.
Where we are required by law to retain data for longer periods, such as for tax purposes or regulatory compliance, we will do so in accordance with those legal obligations. In all cases, once data is no longer required, it is securely deleted or irreversibly anonymised so that you can no longer be identified from it.
Your Rights Under Data Protection Law
UK data protection law grants you important rights over your personal information. These rights give you control over how your data is used and enable you to hold us accountable for processing your information lawfully and transparently. You can exercise these rights at any time by contacting us at privacy@lineageadvisory.co.uk.
Right of Access
You can request a copy of the personal data we hold about you, along with information about how we use it. This is commonly known as a Subject Access Request (SAR).
Right to Rectification
If you believe any personal data we hold is inaccurate or incomplete, you can ask us to correct or update it promptly.
Right to Erasure
Also known as the 'right to be forgotten', you can request deletion of your personal data in certain circumstances, such as where it is no longer necessary or you withdraw consent.
Right to Restriction
You can ask us to restrict processing of your data in specific situations, such as while we verify its accuracy or investigate your objection to processing.
Right to Object
Where we rely on legitimate interests or process data for direct marketing, you have the right to object. We must stop processing unless we have compelling legitimate grounds.
Right to Portability
In certain cases, you can request that we provide your personal data in a structured, commonly used, and machine-readable format, or transfer it directly to another organisation.
Right to Withdraw Consent
Where we process your data based on your consent (such as for marketing), you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us in writing at privacy@lineageadvisory.co.uk, clearly stating which right you wish to exercise and providing enough information for us to identify your records. We may need to verify your identity before responding to your request, particularly for access requests, to ensure we do not disclose data to unauthorised individuals. We will respond to valid requests without undue delay and normally within one month, though this may be extended in complex cases. There is no charge for most requests, though we reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests.
Cookies and Analytics
Our website may use cookies and similar technologies to ensure functionality, security, and an optimal user experience. Essential cookies are necessary for the website to operate correctly, such as those that enable security features, load balancing, or maintain your session as you navigate between pages. These cookies do not require your consent because they are strictly necessary.
We may also use analytics cookies or tracking tools to understand how visitors interact with our website, which pages are most popular, and how we can improve site performance. If such tools are active, more detailed information about the cookies we use, their purposes, and how long they remain on your device can be found on our dedicated Cookies page. You can manage your cookie preferences and opt out of non-essential cookies through settings provided on that page or via your browser settings.
How We Protect Your Data
We take the security of your personal data very seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or damage. While no system can guarantee absolute security, we strive to follow industry best practices and continually review our security arrangements.
Access Controls
We restrict access to personal data to employees, contractors, and service providers who need it to perform their duties. Access is granted on a need-to-know basis and protected by strong authentication.
Secure Infrastructure
We use reputable, security-focused hosting providers and cloud services that employ encryption, firewalls, intrusion detection, and regular security updates to safeguard data.
Data Minimisation
We collect and retain only the personal data we genuinely need, reducing the risk exposure. Unnecessary or outdated data is regularly reviewed and securely deleted.
Supplier Standards
Our third-party processors are selected based on their security credentials and contractually required to maintain high standards of data protection and confidentiality.
Despite our best efforts, no method of electronic transmission or storage is entirely secure. If you have reason to believe that your interaction with us is no longer secure, or if you suspect a data breach, please notify us immediately at privacy@lineageadvisory.co.uk.
Making a Complaint
We are committed to handling your personal data responsibly and transparently. If you have any concerns, questions, or complaints about how we process your personal information, we encourage you to contact us first at privacy@lineageadvisory.co.uk. We will do our best to address your concerns promptly and fairly.
You also have the right to lodge a complaint with the UK's data protection supervisory authority, the Information Commissioner's Office (ICO). The ICO can investigate your complaint and take enforcement action where appropriate. You can contact the ICO through their website at ico.org.uk, by telephone, or in writing. The ICO provides guidance and support to individuals who believe their data protection rights have been breached.
ICO Contact
Website: ico.org.uk
Helpline: 0303 123 1113
Address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make changes, we will post the updated notice on this page and revise the effective date below. If we make significant changes that materially affect how we use your personal data, we may notify you by email or through a prominent notice on our website.
We encourage you to review this Privacy Notice periodically to stay informed about how we protect your information. Continued use of our services or website after changes have been posted constitutes your acceptance of the updated notice.
Effective Date: 1 January 2026
How to Contact Us About Privacy
If you have any questions, concerns, or requests regarding this Privacy Notice or how we handle your personal data, please do not hesitate to get in touch. We are here to help and will respond to your enquiry as quickly as possible.
You can contact us about privacy matters by email at privacy@lineageadvisory.co.uk. Please provide enough detail in your message so we can identify your records and respond appropriately. We aim to handle all privacy enquiries professionally, transparently, and in accordance with UK data protection law.
