Privacy Policy

We operate in a sector where confidentiality, discretion and information discipline matter. We therefore take a careful and proportionate approach to personal information.

We do not ask visitors to provide unnecessary personal data. We do not encourage the submission of classified information, controlled technical material, restricted documents, sensitive security information or confidential third-party information through public website forms.

If a matter requires more careful handling, we ask that you provide only a high-level description at the first stage. We can then agree an appropriate route for further communication.

The personal information we collect depends on how you interact with us.

If you use our contact form or email us, we may collect your name, work email address, organisation, country, telephone number, enquiry type, message content and any information you choose to include in your communication.

If you contact us about tendering, procurement or partnership opportunities, we may collect your contact details, role, organisation, professional correspondence, tenderrelated information, deadline details, procurement route information and other business information needed to review or respond to the enquiry.

If you apply for a role or submit a speculative careers enquiry, we may collect your name, contact details, CV, cover email, employment history, education, qualifications, professional experience, writing samples and any other information you choose to provide as part of your application.

If you visit our website, we may collect basic technical information such as your IP address, browser type, device information, pages visited, referral source and approximate location derived from technical data, depending on the analytics and cookie settings used on the site.

If you communicate with us by email, telephone, post or other professional channels, we may retain a record of that communication for business, administrative, compliance or relationship-management purposes.

Please do not submit the following through our website forms:

• Classified information.
• Controlled technical information.
• Restricted security documents.
• Export-controlled technical material.
• Sensitive defence or security documents.
• Confidential tender documents unless an appropriate process has first been agreed.
• Personal data that is not necessary for your enquiry.
• Documents belonging to an employer, client, government body, supplier, partner or third party where you do not have authority to share them.

If your enquiry may involve sensitive information, please describe the matter at a high level only and ask us to confirm the appropriate next step.

We may use personal information for the following purposes:

• To respond to enquiries.
• To assess whether we can assist with a potential matter.
• To communicate with clients, partners, suppliers, applicants and professional contacts.
• To manage business relationships.
• To review tendering, procurement or partnership enquiries.
• To assess job applications and speculative careers enquiries.
• To arrange meetings or introductory calls.
• To prepare proposals, capability statements or engagement documents where appropriate.
• To maintain business records.
• To manage website security and performance.
• To comply with legal, regulatory, accounting or administrative obligations.
• To protect our rights, interests, confidentiality and business integrity.
• To prevent misuse of our website or communication channels.

We will only use personal information where we have a lawful basis to do so. Under UK GDPR, organisations must have a lawful basis for processing personal information; legitimate interests is one such lawful basis and requires a balancing assessment against the individual's interests, rights and freedoms.

Depending on the circumstances, we may rely on one or more of the following lawful bases.

We do not usually ask for special category data through our website. Special category data may include information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, sex life or sexual orientation.

Please do not send special category data unless it is necessary and specifically requested through an appropriate process.

If you provide special category data voluntarily, we will handle it carefully and only use it where we have a lawful basis and, where required, an additional condition under data protection law.

Our website may use cookies and similar technologies. Some cookies may be essential for the website to function properly. Others, such as analytics cookies, should only be used with appropriate consent.

Cookies are small files placed on a device to remember information or support website functions. The ICO says organisations must tell users what cookies do and why, and must obtain consent for non-essential cookies, while essential cookies may be exempt where they are necessary to provide a service requested by the user.

• We do not sell personal information.
• We may share personal information where necessary with:
• Website hosting providers.
• IT and email service providers.
• Professional advisers, such as accountants, solicitors or compliance advisers.
• Recruitment advisers or HR support providers, where relevant.
• Tendering or procurement platforms, where required by a process you are involved in.
• Business partners or subcontractors, only where appropriate and necessary for the relevant engagement.
• Public authorities, regulators, law enforcement bodies or government departments where legally required or where necessary to protect our legal interests.
• Service providers must handle personal information appropriately and only for the purposes agreed with us.

Because Halifax Defence Consulting may engage with international partners, enquiries may sometimes involve organisations or individuals outside the United Kingdom.

Where personal information is transferred outside the UK, we will seek to ensure that appropriate safeguards are in place, where required by data protection law. This may include using recognised transfer mechanisms, contractual safeguards or other lawful routes depending on the circumstances.

We will not transfer personal information internationally in a careless or unnecessary way.

We retain personal information only for as long as necessary for the purpose for which it was collected and for any related legal, accounting, regulatory, administrative or business-record purposes.

As a general guide:

• General enquiries may be retained for up to 2 years after the last meaningful contact, unless a longer period is required.
• Client and business relationship records may be retained for up to 6 years after the end of the relationship, where necessary for contractual, tax, accounting or legal reasons.
• Tendering and procurement records may be retained for up to 6 years, or longer where required by the relevant procurement process, contract or legal obligation.
• Recruitment applications may usually be retained for up to 12 months after the recruitment process ends, unless you agree that we may keep your details for future opportunities.
• Website analytics data may be retained according to the settings of the analytics tool and our Cookie Policy.

These periods may be adjusted where necessary to comply with legal obligations, resolve disputes, preserve evidence or protect legitimate business interests.

We take appropriate steps to protect personal information against unauthorised access, loss, misuse, alteration or disclosure.

These steps may include access controls, password protection, secure email practices, careful information handling, limited access to files, staff awareness and appropriate use of service providers.

No website, email system or electronic communication method is completely risk-free. Please do not send sensitive, classified, controlled or confidential material through ordinary website forms or unapproved channels.

Depending on the circumstances, you may have rights under UK data protection law. These may include:

• The right to be informed about how your information is used.
• The right of access to your personal information.
• The right to request correction of inaccurate information.
• The right to request erasure of information in certain circumstances.
• The right to request restriction of processing in certain circumstances.
• The right to object to processing in certain circumstances, including an absolute right to object to direct marketing.
• The right to data portability in certain circumstances.
• Rights relating to automated decision-making and profiling, where applicable.

The ICO explains that the right of access allows people to obtain a copy of their personal information, while rights such as erasure, restriction, portability and objection apply in particular circumstances and are not always absolute.

To exercise your rights, please contact:

Email: privacy@halifaxdefenceconsulting.com

Alternative email: info@halifaxdefenceconsulting.com

Please include enough information for us to identify you and understand your request. We may need to verify your identity before responding.

We will respond to valid requests in accordance with the applicable legal timescales.

We do not intend to send unsolicited marketing emails without an appropriate lawful basis.

If we send business updates, newsletters or similar communications in the future, we will provide a clear way to unsubscribe or opt out where required.

You can ask us not to send marketing communications by contacting:

Email: privacy@halifaxdefenceconsulting.com

If you have a concern about how we handle personal information, please contact us first so that we can review the matter.

Email: privacy@halifaxdefenceconsulting.com

Alternative email: info@halifaxdefenceconsulting.com

If you are unhappy with our response, you have the right to complain to the Information Commissioner's Office. GOV.UK explains that individuals should contact the

organisation first and may complain to the ICO if unhappy with the response; the ICO can investigate misuse or insecure handling of personal data.

Organisations that act as data controllers may need to pay a data protection fee to the ICO unless an exemption applies. The ICO explains that there are different fee tiers and that not all controllers must pay because some may rely on an exemption.

Halifax Defence Consulting Limited will keep its ICO fee position under review and will comply with applicable requirements.

We may update this Privacy Policy from time to time to reflect changes in our website, services, legal requirements or business operations.

The latest version will be published on this page with an updated "last updated" date.