Privacy Policy
Who we are
Our website address is: https://www.highhopesconsulting.co.uk.
What personal data we collect, why we collect it and who we share it with
Contact form
If you use our contact form, we capture your email and name when you submit the contact form and keep it whilst you remain in contact with us. We do not use the information submitted for marketing purposes.
The legal basis for this processing is consent.
Contacting Us Via Email
We may process data enabling us to get in touch with you. This may include your name, email address, telephone number, postal address and/or social media account identifiers. The source of the contact data is you.
The legal basis for this processing is consent.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
The legal basis for this processing is consent.
Signing Up for Our Newsletter
If you sign up for our newsletter, you agree to us sending emails to you on a regular basis with news, articles and promotions. You may unsubscribe from the email at any time by clicking the unsubscribe link in the email.
If you subscribe to our newsletter, the details you provide (e-mail address, name and any other optional information) are collected via our sign-up form and transferred to our newsletter service-provider MailerLite Limited, 38 Mount Street Upper, Dublin 2, D02 PR89, Ireland for processing
We have inncluded MailerLite’s Data Processing Addendum, which incorporates the requirements of the UK GDPR/EU GDPR and sets out robust security, confidentiality and international-transfer safeguards
| What we do | Why we do it | Legal basis |
|---|---|---|
| Store your contact details on MailerLite’s servers and send you newsletters | To keep you informed about our news, services and offers | Your explicit consent (UK GDPR Art 6(1)(a)) |
Analytics – MailerLite supplies aggregated statistics (e.g. open and click-through rates) so we can improve our content. These statistics do not identify individual subscribers.
International transfers – Subscriber data is stored in the EU. If MailerLite or its sub-processors move data outside the UK/EEA (e.g. to the USA), they rely on the UK Addendum to the EU Standard Contractual Clauses or another mechanism recognised as providing adequate protection.
Retention – Your data remains on our mailing list until you withdraw consent. You can unsubscribe at any time by clicking the “unsubscribe” link in any newsletter or by emailing us at [insert email]. Unsubscribing deletes or anonymises your data within 30 days (unless a longer period is required by law).
Your rights – You may request access to, rectification or deletion of your personal data, restrict or object to its processing, and lodge a complaint with the UK Information Commissioner’s Office (ICO). Contact details are in the “Our details” section below.
We do not use subscriber data for automated decision-making that produces legal or similarly significant effects, and we never sell or rent your e-mail address to third parties.
The legal basis for this processing is consent.
Sending Emails
For email broadcast purposes your email address will be added to our third party cloud-based delivery system (SendInBlue). Your data is not subject to any form of additional processing and is not shared with any third party. The SendInBlue servers are located within France and the organisation is itself bound by GDPR regulations relating to data processing and security. Further information on SendInBlue's compliance can be found at https://www.sendinblue.com/legal/privacypolicy/
The legal basis for this processing is consent via our contact form.
Web Hosting and Backups
Your personal data held in our website database will be stored on the servers of our hosting services providers https://www.heartinternet.uk/, backups are made using Microsoft Services and stored on UK based servers. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.
Security
What personal data we collect and why we collect it - Security Logs
The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.
Who we share your data with
This site is scanned for potential malware and vulnerabilities by Sucuri's SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri's privacy policy.
The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.
Direct marketing
We may process contact data, account data and/or transaction data for the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is consent.
Web Design
We may disclose your contact data to our web designer identified at www.briidea.co.uk insofar as reasonably necessary for design and update of the website. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.
Insurance and Legal Claims
Maintaining insurance cover, managing risk and obtaining professional device - the legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Defence of initiation of legal claims - The legal basis for this processing is our legitimate interests, namely the protection of our legal rights, your legal rights and the legal rights of others.
To meet any legal obligations, in order to protect the vital interests of you or others.
How long we retain your data
Personal data that we process shall not be kept for longer than is necessary.
Specifically, we will retain your personal data as follows:
- Security logs are retained for 60 days.
- Contact details for our newsletter are kept for as long as subscribed to our newsletter
What rights you have over your data
Your principal rights under data protection law are:
- The right to be informed – you have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.
- The right of access – you have the right to ask for access to your personal data
- The right to rectification – you have the right to ask for correction and completion of inaccurate personal data
- The right to erasure - you have the right to ask for deletion of your personal data. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
- The right to restrict processing – you right to request the restriction or suppression of your data but applies in certain circumstances only.
- The right to data portability – you have the right for a copy of your data so you can transfer to another organisation
- The right to object – you have right to object to the processing of your personal data
- Rights in relation to automated decision making and profiling.
You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
These rights are subject to certain exceptions.
You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.
How we protect your data
We use encryption, backup, security on both the website and the website server.
What data breach procedures we have in place
We have a data breach process, that records any data breaches and notifies the relevant authorities within 72 hours of the breach occurring.
Amendments
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
Our details
The data protection officer can be contacted via nicolahopes@highhopesconsulting.co.uk
This website is owned and operated by High Hopes Consulting
Our principal place of business is at 
You can contact us:
(a) by post, to the postal address given above
(b) using our website contact form;
(c) by telephone, on the contact number published on our website; or
(d) by email, using the email address published on our website.
Last updated May 2025
