Privacy Policy

Who we are

Bedrock Impact Consulting Ltd (“Bedrock”, “we”, “us”) is the controller of personal data collected through this website and our services.

  • Registered name: Bedrock Impact Consulting Ltd
  • Company number: 16747848 (registered with the Registrar of Companies for England and Wales)
  • Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
  • Contact for all privacy queries: hello@bedrockimpact.co.uk

Scope

This notice explains how we collect, use, disclose and protect personal data under the UK GDPR and Data Protection Act 2018.

1) What we collect

  • Identity & contact data: name, email, phone, job title, organisation, region.
  • Business context: project interests, sector, meeting notes.
  • Technical & usage data: IP address, device/browser, pages viewed, referrals (via cookies or similar—see Cookies).
  • Communications & preferences: enquiries, form submissions, newsletter preferences, call notes/recordings (if we tell you).
  • Payment/transaction data (if you purchase services): invoice details, billing address, VAT number (processed via our payment provider; we do not store full card numbers).

We do not intentionally collect special category data. Please do not send sensitive information in free-text fields. If a specific project ever requires it, we will explain why and seek your explicit consent first.

We do not target this site to children (13+ only).

2) How we collect it

  • Directly from you: forms, email, phone, bookings, events, proposals and delivery.
  • Automatically: analytics/performance cookies (subject to consent).
  • From third parties: professional networking sites, event partners or referrals, where lawful.

3) Why we use your data (purposes & lawful bases)

  • Respond to enquiries and provide our services (contract or steps before contract; legitimate interests in running our business).
  • Manage relationships, proposals, projects and billing (contract; legal obligations for tax/records).
  • Operate, secure and improve our website (legitimate interests; consent for non-essential cookies).
  • Send updates or invitations that are relevant to your role (consent where required; otherwise legitimate interests with an easy opt-out).
  • Comply with laws (e.g., accounting, fraud prevention).
  • We will not use your data for incompatible purposes. If we need a new purpose, we’ll explain it and the lawful basis.

4) How long we keep it

  • Enquiries: up to 24 months from last meaningful contact.
  • Client/project files: 7 years after the engagement ends.
  • Marketing contacts: until you unsubscribe or after inactivity (reviewed annually).
  • Cookies/analytics: per the cookie’s stated lifetime (see Cookie Policy).

5) Who we share it with

We do not sell personal data. We share limited data with service providers acting under our instructions (e.g., hosting/CMS, analytics, email and CRM, bookings/forms, cloud storage, e-signature, accounting, IT/security). We may share with professional advisers where necessary. Partners receive only what is needed and must protect it appropriately.

6) International transfers

Some providers may process data outside the UK/EEA. Where they do, we use approved safeguards (e.g., UK Addendum to EU Standard Contractual Clauses or adequacy decisions). Details available on request.

7) Cookies and similar technologies

We use necessary cookies for site operation and (subject to consent) analytics/performance cookies to improve content. Non-essential cookies are off by default until you accept. You can change choices at any time. See our Cookie Policy for details.

8) Marketing

We may send professional updates that match your interests. You can unsubscribe at any time via the link in our emails or by contacting us. We will ask for consent where required by law.

9) Automated decision-making

We do not make decisions with legal or similarly significant effects solely by automated means.

10) Security

We apply technical and organisational measures including TLS encryption, access controls and least-privilege permissions, MFA, vendor due diligence, and regular updates. No method is 100% secure, but we work to protect your data and respond quickly to concerns.

11) Your rights

You can access, correct, delete, restrict or object to certain processing; request data portability; and withdraw consent where we rely on it (this doesn’t affect past processing).

To exercise your rights, email hello@bedrockimpact.co.uk. You can also complain to the Information Commissioner’s Office (ICO). We’d appreciate the chance to resolve concerns first.

12) Third-party links

Our site may link to other websites with their own privacy notices. We are not responsible for their practices.

13) Changes to this notice

We may update this policy from time to time. We will post the new version here and update the effective date.

Effective date: 29 September 2025 • Version: v1.0


 

Bedrock Impact Consulting Ltd • Company No. 16747848 • Registered in England and Wales • Registered Office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ • hello@bedrockimpact.co.uk

© 2025 Bedrock Impact Consulting Ltd. All rights reserved.

Privacy Policy

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.