Effective date: 1 January 2024
Last updated: March 2026
This privacy policy explains how Paula Bolton Consulting (“we”, “us”, “our”) collects, uses, and protects your personal data when you use our website or services.
We act as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. What personal data we collect
We collect personal data that you provide directly to us. This may include your name, email address, phone number, and any information you submit through contact forms, enquiries, or when accessing our services or resources.
We also collect certain information automatically when you use the website. This may include your IP address, browser type, device information, pages visited, time spent on the site, and referral source. This data is collected using cookies and analytics tools.
2. How we use your personal data
We use your personal data to respond to enquiries and communicate with you where you have contacted us. The lawful basis for this is legitimate interests.
We use your data to deliver services, programmes, or resources you have requested. The lawful basis for this is contract, or steps taken prior to entering into a contract.
We may send you marketing communications where you have opted in. The lawful basis for this is consent. You can withdraw your consent at any time by unsubscribing or contacting us.
Where you subscribe to The Sales Diagnosis or any other email newsletter, we collect your name, email address and consent preferences so we can send you the emails you have requested. We may also collect information about email engagement, such as opens, clicks and unsubscribe activity, to understand what content is useful and to improve our communications.
We use website usage data to understand how visitors interact with our site and to improve performance and user experience. The lawful basis for this is legitimate interests.
Where affiliate links are used, we may receive a commission if you make a purchase. The lawful basis for this is legitimate interests as part of operating and maintaining the business.
3. Cookies
We use cookies and similar technologies to analyse traffic, improve functionality, and personalise content.
You will be given the option to accept or reject non-essential cookies when you first visit the site. You can also manage cookie preferences through your browser settings.
4. Sharing your data
We do not sell your personal data.
We may share your data with trusted third-party service providers who support the operation of our business. This may include email marketing platforms, CRM systems, analytics providers, website hosting services, payment processors and professional advisers.
We use Mailchimp to manage newsletter subscriptions and email communications. When you subscribe to our newsletter, your name, email address, consent preferences and email engagement data may be processed by Mailchimp on our behalf.
Mailchimp may process personal data outside the UK. Where personal data is transferred outside the UK, we rely on appropriate safeguards, such as UK adequacy regulations, standard contractual clauses, the UK International Data Transfer Addendum, or equivalent lawful transfer mechanisms.
All third-party service providers are required to process your data in line with data protection law and only where they have a lawful basis to do so.
5. Data retention
We only retain personal data for as long as necessary for the purposes it was collected.
Newsletter subscription data is retained for as long as you remain subscribed. If you unsubscribe, we may retain a limited record of your email address and unsubscribe preference to make sure we do not send you further marketing emails.
This will typically include retaining contact and enquiry data for up to 24 months, and client data for up to 6 years where required for legal, tax, or contractual reasons.
We may retain certain data for longer where required to comply with legal obligations.
6. Data security
We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, or disclosure.
However, no system is completely secure, and we cannot guarantee absolute security of data transmitted via the internet.
7. Your rights
Under UK data protection law, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request erasure of your data in certain circumstances
- Restrict or object to processing where applicable
- Request transfer of your data to another provider
- Withdraw consent where processing is based on consent
To exercise your rights, please contact us using the details below.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Further information can be found at https://ico.org.uk
8. Changes to this policy
We may update this privacy policy from time to time to reflect changes in legal requirements or how we operate.
Any updates will be published on this page with a revised “last updated” date.
9. Contact
If you have any questions about this privacy policy or how your data is handled, you can contact:
Paula Bolton Consulting
paula@paulabolton.co.uk