1. Introduction
SRO innovate Ltd (“we”, “us”, “our”) is committed to protecting the privacy and security of your personal data. This Privacy Notice explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Who We Are
SRO innovate Ltd is a consultancy providing governance, compliance, operational infrastructure and related professional services. As a Data Controller, we determine how and why your personal data is processed.
3. What Personal Data We Collect
We may collect and process the following categories of personal data:
• Identity data – Name, Job Title, Organisation
• Contact data – Email Address, Telephone Number, Postal Address
• Business information – Details relating to your enquiry or project requirements
• Financial data – Invoicing details, payment information
• Technical data – IP address, browser type, device information (for website visitors)
• Usage data – How you interact with our website, emails, or services
We do not intentionally collect special category data unless required for a specific engagement and only with your explicit consent.
4. How We Collect Your Data
We collect personal data through:
• Direct interactions (email, phone, meetings, online forms)
• Engagements and contracts
• Website analytics
• Third-Party referrals
• Publicly available sources (e.g., Companies House, LinkedIn)
5. How We Use Your Personal Data
We process your data for the following purposes:
• Responding to enquiries
• Delivering consultancy services
• Managing contracts and billing
• Maintaining statutory records
• Improving our services and website
• Complying with legal and regulatory obligations
• Sending relevant business updates or communications, with your consent
6. Legal Bases for Processing
We rely on one or more of the following lawful bases:
• Contract – Processing necessary to perform a contract with you
• Legal obligation – Compliance with UK law
• Legitimate interests – Providing and improving our services
• Consent: – Where required for specific communications or activities
7. Sharing Your Personal Data
We may share your data with:
• Professional advisers (e.g., legal, financial, compliance)
• Service providers (e.g., provider of IT or cloud hosting, email platforms)
• Regulators or authorities where legally required
• Third Parties involved in delivering our services
We do not sell your personal data.
8. International Transfers
If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.
9. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Typically:
• Client records – Up to 7 years
• Enquiry data: – Up to 12 months
• Statutory records: – As required by law
10. Your Rights
Under UK GDPR, you have the right to:
• Access your personal data
• Request correction or deletion
• Object to processing
• Restrict processing
• Request data portability
• Withdraw consent at any time
To exercise your rights, please contact us (see below).
11. Security
We implement appropriate technical and organisational measures to protect your data from loss, misuse, unauthorised access, alteration or disclosure.
12. Complaints
If you have concerns about how we handle your data, please contact us first. You also have the right to complain to the Information Commissioner’s Office (ICO).
13. Contact
If you need to contact us, send an email to our Data Protection team at the following email address: info@sroinnovate.net.
14. Updates to This Notice
We may update this Privacy Notice periodically. The latest version will always be available on our website.