Privacy Policy
1. Introduction
This Privacy Policy explains how Latitude 30 Advisors Ltd (“we”, “us”, “our”, “Latitude 30”) collects, uses, shares and protects personal data when you visit www.latitude30.co (the “Site”) or otherwise interact with us.
We are committed to protecting your privacy and handling your personal data transparently and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, together with any other applicable data protection laws in the jurisdictions in which we operate.
Latitude 30 is a UK-located global consulting firm. We are open to working with clients in any jurisdiction, but our services and this policy are governed by the laws of England and Wales.
This policy covers personal data we collect through the Site. Personal data we process in the course of delivering client engagements is governed by the relevant engagement terms and data processing agreements. Certain projects — notably the Transition33 programme — involve additional cross-border arrangements that are addressed separately under their own documentation.
2. Who is the data controller
For data collected through this Site, the data controller is:
Latitude 30 Advisors Ltd
16-18 New Bridge Street, London EC4V 6AG, United Kingdom
Company number: 16839394
ICO registration: ZC112242
Email: contactus@latitude30.co
If you are in the UK or EEA and have questions about how your data is used, you can contact our Data Protection Officer / privacy contact at contactus@latitude30.co.
Note on structure: Latitude 30 is UK-located, and the UK entity named above is the controller for data collected through the Site. The wider group includes affiliated entities involved in specific projects (such as Transition33’s UAE and Pakistan arrangements); those are dealt with under the relevant project documentation rather than this Site policy.
3. What personal data we collect
We may collect the following categories of personal data:
- Information you provide directly — for example when you complete a contact or enquiry form, request a demo, subscribe to updates, or correspond with us. This may include your name, email address, mobile telephone number, company name, country, industry sector, and the content of your message.
- Information collected automatically — when you visit the Site we may automatically collect technical data such as your IP address, browser type and version, device information, operating system, referring URL, pages visited and time spent on the Site. This is collected through cookies and similar technologies (see Section 6).
- Information from third parties — for example analytics providers, or where you interact with us via a third-party platform.
We do not intentionally collect special category data (e.g. health, biometric or political data) through the Site. Please do not submit such information through our forms.
4. How and why we use your data (purposes and lawful bases)
Under UK GDPR we must have a lawful basis for each use of your personal data. We rely on the following:
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries and demo requests | Legitimate interests / steps to enter into a contract |
| Providing information you have requested (e.g. newsletters) | Consent |
| Operating, securing and improving the Site | Legitimate interests |
| Analytics and understanding how the Site is used | Consent (where required for cookies) / legitimate interests |
| Complying with legal and regulatory obligations | Legal obligation |
| Protecting against fraud and securing our systems | Legitimate interests |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights. You can ask us for details of that assessment. Where we rely on consent, you may withdraw it at any time.
5. Marketing communications
We will only send you marketing communications where you have consented, or where otherwise permitted under the Privacy and Electronic Communications Regulations (PECR). You can opt out at any time using the unsubscribe link in any email or by contacting us at contactus@latitude30.co.
6. Cookies and similar technologies
The Site uses cookies and similar technologies to function and to help us understand how it is used. Non-essential cookies (including analytics and marketing cookies) are only set with your consent, gathered through our cookie banner.
We use Google Analytics 4 to understand how visitors use the Site. Analytics cookies are only set after you give consent via our cookie banner.
For full details of all cookies used, their providers, purposes and durations, see our Cookie Policy.
7. Who we share your data with
We do not sell your personal data. We may share it with:
- Service providers and processors acting on our behalf (e.g. website hosting, email delivery via Microsoft Graph, anti-spam verification via Cloudflare Turnstile, CRM). These parties are bound by contract to process data only on our instructions and to keep it secure.
- Affiliated entities where relevant to a specific engagement or project (for example, the entities involved in the Transition33 programme).
- Professional advisers (legal, accounting, insurance) where required.
- Authorities or regulators where we are legally obliged to disclose information.
8. International data transfers
As a UK-located firm, we primarily process Site personal data in the United Kingdom. Because we work with clients globally and use service providers that may operate overseas, your personal data may sometimes be transferred to countries outside the UK that may not provide the same level of data protection.
Where we transfer personal data outside the UK, we put appropriate safeguards in place, such as:
- transfers to countries covered by UK adequacy regulations; or
- the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum, supported by a transfer risk assessment where required.
You can request details of the safeguards we use by contacting contactus@latitude30.co.
Note for review: The more complex multi-jurisdiction transfer arrangements (e.g. the UAE/Pakistan data-plane and processing-plane structure) relate to the Transition33 programme and should be documented under that project rather than in this general Site policy.
9. How long we keep your data
We keep personal data only for as long as necessary for the purposes set out in this policy, after which it is securely deleted or anonymised. Indicative retention periods:
- Enquiry and contact records: 6 years after last contact
- Marketing consent records: for the duration of your consent and 6 years after it is withdrawn (to evidence compliance)
- Analytics data: per provider settings (where analytics cookies are enabled)
10. How we protect your data
We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse. These include encryption of data in transit (TLS/HTTPS), access controls and authentication on the systems that hold personal data, confidentiality obligations on our staff, and due diligence on the third-party providers and processors we rely on. No transmission over the internet can be guaranteed fully secure, but we take reasonable steps to protect your information.
11. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data (“right to be forgotten”) in certain circumstances;
- Restrict or object to certain processing;
- Data portability for data you provided to us;
- Withdraw consent at any time, where processing is based on consent;
- Object to direct marketing at any time.
To exercise any of these rights, contact us at contactus@latitude30.co. We will respond within one month. You will not normally have to pay a fee.
If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or to your local supervisory authority. We would, however, appreciate the chance to address your concerns first.
12. Children’s privacy
The Site is not directed at children and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us so we can delete it.
13. Third-party links
The Site may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their own privacy policies.
14. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date and version number at the top will always reflect the current version, and we keep a record of previous versions.
For minor changes (such as clarifications or updates to contact details), updating this page and the “Last updated” date is sufficient.
For material changes — for example, collecting new categories of personal data, using your data for a new purpose, sharing it with new recipients, changing our lawful basis, or any change that affects your rights — we will take additional steps to bring the change to your attention before it takes effect. Depending on the change, this may include emailing individuals whose contact details we hold and/or displaying a prominent notice on the Site.
Where a change introduces processing that relies on your consent, we will ask for your fresh consent rather than relying on this notice alone.
15. Contact us
If you have any questions about this Privacy Policy or how we handle your data, contact:
Latitude 30 Advisors Ltd
16-18 New Bridge Street, London EC4V 6AG, United Kingdom
Email: contactus@latitude30.co