top of page

Privacy Policy

Introduction

This Privacy Notice explains how I collect, use and protect your personal information, and what rights you have under data protection law. It also explains who I am and how you can contact me if you have any questions. My aim is to make it easy to access, read and understand but I am always open to feedback, as a consultant I need it to be the best it can be.

Data Controller

Laura Palmariello, trading as Data Protection and Privacy Expert, is the data controller for the information I collect and use. This means I am responsible for deciding how and why your information is used.

You can contact me by email at laura@dataprivacyexpert.co.uk, by telephone on 07943 879 142, or through my LinkedIn profile if you prefer to message me there. I am based in the United Kingdom.

I sometimes use trusted third parties or applications to help me deliver my services. They act only on my instructions and are bound by contract to protect your information. Details of these organisations are included in this notice.

I do not sell or authorise any processors to sell your information or to use it for any purpose other than those specified.

I am registered with the Information Commissioner’s Office (ICO) under registration number ZB563052.

Data Processor

In some cases, I act as a data processor. This is true for my clients or for organisations I deliver training or consultancy for. This means I may process information on their behalf, following their instructions and for specific agreed purposes.

When I act as a processor, I do not decide how or why personal data is used. That responsibility remains with the client, who is the data controller. We always have a written data processing agreement in place that sets out responsibilities and safeguards.

If you are a service user of one of my clients, any requests about your data, or concerns about how your information is used, should be directed to them as the controller. I will always cooperate fully and support them in meeting their data protection duties.

If you are my client, I will advise and guide you on meeting these obligations effectively and in line with best practice.

I do not record meetings or calls unless you have given clear consent, or I have been instructed to do so by the data controller. If a recording is made at a client’s request, I will direct you to their privacy notice for more information about how that recording is used and stored.

Personal Data

As a controller, I only ever collect the minimum amount of data necessary. I do not collect or use special category data unless it is essential for a service you have requested. This is more sensitive data that needs extra protection under GDPR due to the sensitivity of the information, like health data, religious background an political views.

Generally, I will collect your name and email address. You may also choose to share your phone number, job title or organisation, but this is optional. If we enter into a contract, I may need to process information about any of your employees I will be working with but we will include such details in our data processing agreement.

 

Special Category Data

I usually only process special category data when it is necessary for my consultancy work and only in my role as a data processor. This is always done in line with strict legal safeguards and only for as long as needed.

If I deliver training and you share information about accessibility needs, this may include special category data. I will only use this temporarily to meet your request and will delete it once it is no longer needed.

Legal Basis for Processing

I only use your personal data when there is a lawful reason under the UK GDPR/GDPR.  The main legal bases I rely on are:

 

Legitimate interest – when processing is necessary for my business activities and does not override your rights or freedoms, for example if you send me an enquiry.

Contract – when processing is needed to enter into or perform a contract with you.

Consent – when you have given clear permission, for example for marketing updates or newsletters.

Legal obligation – when the law requires me to process certain data.

 

Consent

Where I rely on consent, you can withdraw it at any time by contacting me. You can also object to processing based on legitimate interest unless I have a lawful reason to continue.

You can manage cookie consent through the settings on my website. You can also unsubscribe from any marketing emails at any time using the opt-out link in the message or messaging me. 

International Transfers

I do not routinely transfer data outside the UK or European Economic Area. However, some trusted service providers may store data on secure servers outside these regions. When this happens, I make sure suitable safeguards are in place, such as a UK adequacy decision, Standard Contractual Clauses, or other recognised protections under UK data protection law.

Systems and Software

I use Microsoft 365 (Outlook, Teams and SharePoint) to manage data securely in a cloud environment. All devices are encrypted and protected by multi-factor authentication. For secure cloud storage and IT management, I work with a trusted partner who is Cyber Essentials certified and manages my information security environment. I have taken all necessary steps to verify that I can trust the service they provide. 

I also use Wix to host my website and contact forms. Wix may store or process data outside the UK, but they have appropriate safeguards in place.

 

To learn more about how your data is stored by these services, you can view their privacy notices:

 

Microsoft: https://privacy.microsoft.com/en-gb/privacystatement

Wix: https://www.wix.com/about/privacy

 

Information Sharing, Security and Retention

I do not share your data with any third party for marketing purposes. Where I use other professionals or suppliers, they act as data processors and only process your data under my instruction.

 

Personal data is kept only for as long as needed to meet legal, regulatory or contractual obligations. Data is securely deleted or anonymised when it is no longer required. Contact me to get a copy of the retention schedule. 

I do not download sensitive information to my devices. My work phone and laptop are protected by encryption and multi-factor authentication. In the event of an incident involving personal data, I can remotely wipe all information from both devices.

I work entirely paperless and do not print personal data.

 

Your Data Protection Rights

You have rights under UK data protection law, including:

The right to access your personal data

The right to have inaccurate data corrected

The right to request deletion of your data in certain cases

The right to restrict processing in certain cases

The right to object to processing based on legitimate interest

The right to data portability where processing is based on consent or contract

These rights are not absolute and may be limited by law in certain situations.

 

If you make a request, I will respond within one month and always as soon as possible.


If you are a data subject of one of my clients, I will refer your request to them as the data controller.

 

Cookies

Cookies are small text files stored on your device when you visit a website. I use necessary and analytics cookies to help the site work properly and to understand how visitors use it.

You can manage your cookie preferences at any time through the settings on my website or in your browser. You do not have to accept non-essential cookies to use this site.

 

Artificial Intelligence and Automated Decision-Making

Nothing I do involves automated decision-making that would infringe on your individual rights. 

I sometimes use generative AI tools to help edit or translate written content for clarity.

 

I do not use AI to make decisions about individuals or to process personal data.

 

I never share personal or sensitive information with these tools, and I review all content myself before it is used.

 

If you have any concerns

If you have any concerns about how your personal data is handled, please contact me at laura@dataprivacyexpert.co.uk or by phone on 07943 879 142, I would appreciate the opportunity to rectify any issues. 

 

If you remain unhappy, you have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk

 

Review and Updates

This Privacy Notice is reviewed annually or whenever there is a change in law or in how I handle personal information.


Last reviewed: October 2025

bottom of page