Privacy policy.

This privacy notice explains how Hadom Consulting Ltd (“we”, “us”, “our”) collects, uses, and protects your personal information when you visit our website or engage with our services.

We are committed to handling your personal data securely and transparently, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Contact Details

Hadom Consulting Ltd
Registered in England: No. 16341859
Registered Office: 7 Knightsbridge Crescent, Staines-Upon-Thames, England, TW18 2QR

Email: omar.hadjel@hadomconsulting.com
Telephone: +44 (0) 775 226 8094
Website: www.hadomconsulting.com

2. What Information We Collect, Use, and Why

We collect and use personal information to deliver our consulting services, manage client relationships, and operate our business effectively.

2.1 To Provide Services, Consulting, and Advisory Support

We may collect and use:

  • Names and contact details

  • Business details and organisational information

  • Project or contractual information

  • Records of meetings, consultations, and decisions

  • Invoicing information and payment details

  • Information relating to enquiries, compliments, or complaints

This allows us to deliver bid-writing services, social value consultancy, and sustainability advisory work.

2.2 For Account Management and Ongoing Client Support

We may collect and use:

  • Names and contact details

  • Business addresses

  • Purchase history and service engagement records

  • Account information including proposals, contracts, and project notes

  • Payment information (for invoicing and transfers)

  • Marketing and communication preferences

This enables us to manage relationships, track project progress, and communicate efficiently with clients.

2.3 For Service Updates, Insights, and Marketing

We may collect and use:

  • Names and email addresses

  • Marketing preferences

  • Website usage and engagement data

  • Location or device information (where applicable)

This allows us to inform you of opportunities, resources, updates, and insights relevant to public procurement, social value, and sustainability.

3. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

To provide services and fulfil contracts

  • Contract – to perform a contract or take steps prior to entering a contract

  • Consent – where you have explicitly given permission

For account management and customer guarantees

  • Contract

  • Consent

For marketing, newsletters, or service updates

  • Consent – you may withdraw consent at any time

  • Legitimate Interests – where communications relate to services we reasonably expect you to benefit from (e.g., events, policy changes, or procurement updates)

4. Where We Get Personal Information

We collect personal information from:

  • You directly (via website forms, email, phone, meetings, or events)

  • Documents you provide to us

  • Publicly available sources (e.g., company websites, procurement portals)

  • Professional networking interactions (e.g., LinkedIn)

5. How Long We Keep Information

Client Records
• Microsoft 365 (OneDrive/SharePoint)
• Retention: Active client + 3 years
• Action: Delete
Website Contact Form Submissions
• Website backend / Email
• Retention: 2 years
• Action: Delete
Prospective Client Enquiries
• CRM / Email
• Retention: 12 months
• Action: Delete
Project / Contract Documents
• Microsoft 365
• Retention: Contract duration + 6 years
• Action: Delete

Retention periods may be extended if legally required (e.g., HMRC documentation).

6. Who We Share Information With

We only share personal information when necessary for business operations.

Data Processors

These third parties help us deliver our services:

Microsoft 365 (OneDrive, SharePoint, Outlook)
– Secure storage of documents, client information, and communications.

Calendly
– Facilitates meeting bookings and scheduling.

Website Form Provider (e.g., Squarespace/GoDaddy/other form plugins)
– Processes enquiries submitted through our website.

We ensure all processors comply with UK GDPR requirements.

Other Sharing

Where appropriate, we may also share information:

  • With clients (e.g., project deliverables, shared documents)

  • In marketing materials, testimonials, or case studies only with consent

  • With regulators or legal authorities where required by law

7. Transfers Outside the UK

If personal data is transferred outside the UK:

  • We ensure appropriate safeguards are in place (e.g., adequacy decisions, SCCs)

  • All processors comply with UK GDPR standards

You may contact us for more details on safeguards.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Right of access – request copies of your personal data

  • Right to rectification – correct incomplete or inaccurate data

  • Right to erasure – request deletion in certain circumstances

  • Right to restrict processing – limit how we use your data

  • Right to object – object to processing, including marketing

  • Right to data portability – request transfer of your data to another organisation

  • Right to withdraw consent – at any time, where consent was the basis

You will not be charged a fee for exercising your rights.

To make a request, contact us using the details at the top of this notice.

9. How to Complain

If you have concerns about how we handle your data, please contact us first.
If you are not satisfied, you may complain to the Information Commissioner’s Office (ICO).

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
Website: ttps://www.ico.org.uk/make-a-complaint

Last Updated

18 November 2025