Privacy Policy
Last updated: January 18, 2026
Kensington is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that data.
We operate in accordance with UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Information We Collect
We collect information in the following ways:
Information You Provide Directly
When you contact us through our website forms, email, or telephone, you may provide personal information such as your name, email address, telephone number, company details, and the content of your enquiry. We only collect information that you choose to provide.
Information Collected Automatically
When you visit our website, we may automatically collect certain technical information including your IP address, browser type, operating system, referring URLs, pages viewed, and the dates and times of visits. This is collected through cookies and similar technologies, subject to your consent where required.
Information from Third Parties
We may receive information about you from publicly accessible sources or through referrals from existing clients, but only where relevant to our business relationship or potential engagement.
How We Use Your Information
We process your personal data for specific, legitimate purposes:
- • Responding to Enquiries: To communicate with you regarding your questions or requests for information about our services
- • Service Delivery: To provide consulting services to clients and manage ongoing engagements
- • Business Communications: To send information about our services that may be relevant to your business needs, where you have provided consent or we have a legitimate interest
- • Website Improvement: To analyse website usage and improve our online presence and user experience
- • Legal Compliance: To comply with legal obligations and protect our legitimate business interests
- • Record Keeping: To maintain accurate business records and document our professional relationships
Legal Basis for Processing
We process your personal data under the following legal bases:
- • Consent: Where you have given clear consent for specific processing activities, such as marketing communications
- • Contract Performance: Where processing is necessary to fulfil our contractual obligations to clients
- • Legitimate Interests: Where we have legitimate business interests that are not overridden by your privacy rights, such as improving our services or maintaining business relationships
- • Legal Obligations: Where we must process data to comply with legal or regulatory requirements
Data Sharing and Disclosure
We take data sharing seriously and only disclose your information when necessary:
- • Service Providers: We may share data with carefully selected third-party service providers who assist us with website hosting, email communications, or business operations. These providers are contractually obligated to protect your data
- • Professional Advisors: We may share information with legal, financial, or professional advisors when necessary for business purposes
- • Legal Requirements: We may disclose information if required by law, court order, or to protect our legal rights
- • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
We do not sell your personal data to third parties for their marketing purposes.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- • Enquiry Data: Information from general enquiries is retained for up to two years unless you become a client
- • Client Data: Data related to client engagements is retained for seven years following completion of services, in line with professional standards and legal requirements
- • Marketing Data: Where you have consented to marketing communications, we retain your data until you withdraw consent or after three years of inactivity
- • Website Analytics: Anonymous analytics data may be retained indefinitely for statistical purposes
Data Security
We implement appropriate technical and organisational measures to protect your personal data:
- • Secure storage systems with encryption and access controls
- • Regular security assessments and updates to our systems
- • Restricted access to personal data on a need-to-know basis
- • Secure disposal of data when no longer required
- • Training for staff on data protection responsibilities
While we take reasonable steps to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but remain committed to maintaining appropriate safeguards.
Your Rights
Under UK data protection law, you have the following rights regarding your personal data:
- • Right of Access: You can request a copy of the personal data we hold about you
- • Right to Rectification: You can request correction of inaccurate or incomplete data
- • Right to Erasure: You can request deletion of your data in certain circumstances
- • Right to Restriction: You can request that we limit how we use your data in certain situations
- • Right to Data Portability: You can request your data in a structured, commonly used format
- • Right to Object: You can object to processing based on legitimate interests or for direct marketing
- • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month, though this may be extended in complex cases.
Your Rights and Opt-Out Instructions
You are not required to provide any personal information when using this website. If you prefer not to share your data, you may:
- • Avoid filling out contact forms, account registrations, or any data-submitting features
- • Disable cookies through your browser settings (see our Cookie Policy for more details)
- • Contact us directly to request the deletion of any previously shared personal data
We respect your privacy choices. If you would like us to delete your data, please reach out to us at the contact details provided below. We will process your request promptly.
International Data Transfers
Your personal data is primarily stored and processed within the United Kingdom. However, some of our service providers may be located in other countries. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as:
- • Standard contractual clauses approved by the UK Information Commissioner's Office
- • Transfers to countries with adequate data protection standards
- • Other legally approved transfer mechanisms
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes indicates your acceptance of the updated policy.
Contact Us and Complaints
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your data, please contact us:
Phone: +44 121 753 4289
Email: info@domain.com
Address: 9 Colmore Row, Birmingham B3 2BJ
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO through their website at ico.org.uk or by telephone on 0303 123 1113.