Privacy Policy

Last updated: 1 April 2025

1. Who We Are

Summone Consulting is a trading name operated by Steven Summone, based at Springfield Gardens, Glasgow, Scotland, United Kingdom. We are the data controller for personal data collected via this website.

Contact: steven@summone.co.uk

2. What Data We Collect

We collect personal data only when you choose to contact us. This includes:

• Your email address (required to respond to your enquiry)
• Your name (if you choose to include it)
• The content of your message

We do not use cookies for tracking, advertising, or analytics at this time. If this changes, this policy will be updated and a consent notice will be displayed.

3. How We Use Your Data

We use your contact information solely to:

• Respond to your enquiry
• Follow up on any consulting engagement you request

We do not sell, share, rent, or transfer your personal data to third parties for marketing purposes. We do not use your data for automated decision-making or profiling.

4. Legal Basis for Processing

We process your data on the basis of legitimate interests (responding to a contact request you initiated) under UK GDPR Article 6(1)(f). Where you book a consultation or enter a service agreement, processing is necessary for contract performance under Article 6(1)(b).

5. How Long We Keep Your Data

Contact enquiries are retained for up to 12 months, after which they are securely deleted unless an active client relationship exists. Client engagement records are retained for 6 years for legal and accounting purposes in accordance with UK law.

6. Third-Party Services

Our contact form uses your default email client (via mailto:) to send your message. No data is stored on our servers when you submit a contact form.

Meeting bookings are handled via Calendly, which has its own privacy policy. By booking a call, you agree to Calendly's terms.

7. Your Rights Under UK GDPR

You have the right to:

• Access a copy of the personal data we hold about you
• Rectification of inaccurate data
• Erasure of your data (the “right to be forgotten”)
• Restriction of processing in certain circumstances
• Data portability in a machine-readable format
• Object to processing based on legitimate interests

To exercise any of these rights, contact us at steven@summone.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. Our website is served over HTTPS. Contact data is handled via encrypted email communication.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be noted with an updated “Last updated” date at the top of this page. Continued use of the site after changes constitutes acceptance of the updated policy.

10. Contact Us

For any privacy-related questions, requests, or complaints, please contact: