Privacy Notice (UK GDPR / EU GDPR)
Effective date: 18 August 2024
Last updated: 4 April 2026
- Who we are
Controller: Riada Consultancy Ltd
Registered office: Spaces Ealing Aurora, 71–75 Uxbridge Road, Ealing, London, W5 5SL, United Kingdom
Company number: 10566124
ICO registration number: ZB131839
Contact for data protection matters:
Name: Gemma Adair
Role: Data Protection Lead
Email: gemma@riadaconsultancy.com
Telephone: +44 (0)203 897 9453
We are the data controller responsible for your personal data.
EU Representative (Article 27 GDPR):
We do not currently have an establishment in the European Economic Area (EEA).
If we begin offering goods or services to individuals in the EEA or monitoring their behaviour, we will appoint an EU representative and update this notice accordingly.
Data Protection Officer (DPO):
We are not required to appoint a DPO. If this changes, we will update this notice.
- What data we collect
We may collect and process the following categories of personal data:
- Website usage data: IP address, browser type, device information, pages viewed, session duration, and cookie identifiers
- Contact data: name, email address, phone number, company, job title, and message content
- Event data: registration details, attendance, and (where provided) dietary or accessibility requirements
- Marketing data: communication preferences, subscription status, and consent records
- Recruitment data: CV, employment history, qualifications, references, and interview notes
- Supplier/partner data: contact and contractual information
- Security data: system logs and technical metadata
We do not knowingly collect data from children under 18.
- How we collect your data
We collect personal data:
- Directly from you (forms, emails, phone calls, meetings, applications)
- Automatically via our website (cookies and similar technologies)
- From third parties where lawful (e.g. recruitment agencies, event platforms, professional profiles, or your employer)
- How and why we use your data
We process personal data only where we have a lawful basis:
| Purpose | Lawful basis |
| Responding to enquiries | Legitimate interests / pre-contract steps |
| Providing services | Contract |
| Event management | Contract / legitimate interests |
| Marketing communications | Consent or legitimate interests (soft opt-in) |
| Website analytics | Consent |
| Security and fraud prevention | Legitimate interests / legal obligation |
| Recruitment | Legitimate interests / legal obligation / pre-contract steps |
| Legal compliance | Legal obligation |
Where we rely on legitimate interests, we balance these against your rights.
Where we rely on consent, you may withdraw it at any time.
- Cookies
We use cookies to operate and improve our website.
- Strictly necessary cookies: required for site functionality
- Analytics cookies: used only with your consent
- Optional third-party cookies: used only where applicable and with consent
You can manage your preferences at any time via our website cookie settings.
For more information, see our Cookie Policy:
https://www.riadaconsultancy.com/cookie-policy
We do not place non-essential cookies without your consent.
- Who we share your data with
We may share your personal data with:
- Service providers (e.g. hosting, CRM, analytics, email platforms)
- Payment processors (we do not store full card details)
- Professional advisers (legal, accounting)
- Authorities where required by law
All third parties are contractually bound to protect your data.
We do not sell your personal data.
- International transfers
Where data is transferred outside the UK or EEA, we ensure appropriate safeguards, such as:
- UK adequacy regulations (e.g. UK–US Data Bridge where applicable)
- Standard Contractual Clauses (SCCs)
- Transfer risk assessments where required
You can request further details about these safeguards.
- Data retention
We retain personal data only as long as necessary:
- Enquiries: up to 24 months
- Client records: 6 years after contract end
- Event data: 24 months (financial records: 6 years)
- Marketing data: until unsubscribe or inactivity (24 months)
- Recruitment data: up to 12 months unless agreed otherwise
- Security logs: typically up to 12 months
We may retain data longer where required for legal claims.
- Security
We implement appropriate technical and organisational measures, including:
- Access controls and least-privilege access
- Encryption in transit
- Regular system updates and monitoring
- Staff training
- Secure backups
- Your rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion (in certain cases)
- Restrict processing
- Data portability
- Object to processing (including marketing)
- Withdraw consent at any time
To exercise your rights, contact:
contact@riadaconsultancy.com
We will respond within one month where required.
You also have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk
- Direct marketing
We send marketing communications only in line with applicable laws.
- You can opt out at any time
- Every email includes an unsubscribe link
- We do not use bought-in marketing lists
- Recruitment
If you apply for a role, we process your data to assess your application and manage recruitment.
We may retain your data for future opportunities where you consent.
- Personal data breaches
If a data breach poses a risk to your rights, we will:
- Notify the ICO within 72 hours where required
- Inform affected individuals where there is high risk
- Third-party links
Our website may contain links to third-party sites.
We are not responsible for their privacy practices.
- Changes to this notice
We may update this Privacy Notice periodically.
The latest version will always be available on our website.
- Contact
Riada Consultancy Ltd
contact@riadaconsultancy.com
+44 (0)203 897 9453
Quick Links:
Home
About
Services
Resources
Contact
Book a Consultation
Privacy Policy
Telephone:
+44 (0) 203 897 9453
Email:
gemma@riadaconsultancy.com
