Privacy Policy
Last updated: February 17, 2026
1. Introduction
Infinitic Consultancy Ltd ("we", "our", "us") is committed to protecting your privacy and ensuring your personal data is handled safely and responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.
We are registered in England and Wales (Company Number: 10595903), registered office: 128 City Road, London, EC1V 2NX. Infinitic Consultancy Ltd is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner's Office (ICO).
2. Information We Collect
2.1 Information you provide: We collect information when you contact us, register for services, subscribe to newsletters, request a consultation, or attend training. This includes your name, email, phone number, job title, organisation name, and professional information. We do not collect or store payment card details — transactions are handled by PCI-DSS compliant third-party processors.
2.2 Automatically collected: When you access our website we collect IP address, browser type, operating system, pages visited, time on pages, navigation paths, and cookie data.
2.3 From third parties: We may receive information from business partners, professional networks (with your consent), and public registers for due diligence.
3. How We Use Your Information
We use your personal data to provide information governance, data protection, and compliance consultancy services; to deliver NHS DSPT support, DPO services, GDPR advisory, IG training, and access to IG Helpdesk and DataPro; to respond to enquiries and provide customer support; to perform contracts; to send service communications; to improve our website and services; and to send newsletters and updates where you have consented.
4. Legal Basis for Processing
We process personal data under UK GDPR Article 6 on these legal bases: Consent — where you have given clear consent (e.g. marketing communications); Contract — where processing is necessary to perform a contract with you; Legal Obligation — where we must comply with a legal requirement; Legitimate Interests — where processing is necessary for our legitimate interests, provided your fundamental rights do not override them.
5. Sharing Your Information
We may share your data with: cloud hosting and email service providers (including Supabase); payment processors; professional advisers (lawyers, accountants, insurers); regulatory bodies (ICO, NHS Digital) where required by law; NHS Trusts, ICBs, and healthcare organisations we work with in delivering services. All third parties are contractually required to protect your data in accordance with the law. We do not allow them to use your data for their own purposes.
6. International Transfers
Where we transfer personal data outside the UK, we ensure equivalent protection through UK Government adequacy decisions, International Data Transfer Agreements (UK IDTA), or the UK Addendum to EU Standard Contractual Clauses.
7. Data Retention
We retain personal data only as long as necessary. Standard retention periods: Client records — 7 years from end of business relationship; Contract documents — 6 years after contract ends; Marketing consent records — subscription period plus 2 years; Website analytics — 26 months; Job applicant data — 6 months; Training records — 3 years. In some circumstances we may anonymise data for use without further notice.
8. Your Data Protection Rights
Under UK GDPR and the Data Protection Act 2018 you have these rights:
- Right of Access — request a copy of personal data we hold about you
- Right to Rectification — request correction of inaccurate or incomplete data
- Right to Erasure — request deletion in certain circumstances
- Right to Restriction — request we limit processing in certain circumstances
- Right to Data Portability — receive your data in a structured, machine-readable format
- Right to Object — object to processing based on legitimate interests or for direct marketing
- Rights re Automated Decisions — not to be subject to decisions based solely on automated processing
- Right to Withdraw Consent — at any time where we rely on consent for processing
To exercise any right, contact us at privacy@infiniticservices.com. We will respond within one month. There is no fee unless a request is clearly unfounded, repetitive, or excessive.
9. Data Security
We have implemented appropriate technical and organisational measures including: TLS/SSL encryption in transit; AES-256 encryption at rest; access controls and multi-factor authentication; regular security assessments and penetration testing; staff data protection training; incident response and breach notification procedures; and Cyber Essentials certification. Access is limited to those with a business need to know, subject to a duty of confidentiality.
10. Cookies
We use essential cookies (required for operation), analytics cookies (using privacy-friendly analytics to understand site usage), and functionality cookies (to remember preferences). You can set your browser to refuse cookies, though some site features may not function correctly.
11. Third-Party Links
Our website may link to third-party websites. We are not responsible for their privacy policies. When you leave our site we encourage you to read the privacy policy of each site you visit.
12. Children's Privacy
Our services are not intended for individuals under 18. We do not knowingly collect personal data from children, and will delete it promptly if we become aware we have done so inadvertently.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be posted on this page with an updated date. We encourage you to review this policy periodically.
14. Contact Us
Infinitic Consultancy Ltd — Data Protection Officer
128 City Road, London, EC1V 2NX, United Kingdom
Email: privacy@infiniticservices.com
15. Complaints
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would appreciate the opportunity to address your concerns first.