Privacy Policy

Privacy at Romano Security Consulting 

1. Introduction

Romano Security Consulting (“we”, “us”, “our”) is committed to protecting the privacy and security of personal data. This privacy notice explains how we collect, use, store, and protect personal data when you interact with us, whether through our website, services, or business relationships.

We act as a data controller for the personal data we process for our own purposes.

2. Contact Details

If you have any questions about this privacy notice or wish to exercise your rights, please contact:

Email: enquiries@romanosecurityconsulting.com
Post: Data Protection Officer, Romano Security Consulting, 18 Higher Lane, Kerridge, SK10 5AR
Telephone: +44 (0) 1625 3150210

3. Personal Data We Process

We process personal data in the following contexts:

3.1 Consultancy Services

We may process personal data as part of delivering our services to clients.

  • Data types: Name, email address, telephone number, job role, business contact details, signatures

  • Purpose: Delivery of contracted services

  • Lawful basis: Contract (Article 6(1)(b)) and Legitimate Interests (Article 6(1)(f))

3.2 Website Enquiries

When you contact us via our website or email.

  • Data types: Name, email address, message content

  • Purpose: Responding to enquiries

  • Lawful basis: Legitimate Interests (responding to enquiries)

3.3 Prospective Clients

We process business contact information obtained through networking, meetings, or events.

  • Data types: Name, email address, telephone number, business details, correspondence

  • Purpose: Managing business relationships and opportunities

  • Lawful basis: Legitimate Interests (business development)

3.4 Financial Management

We process data for accounting and legal obligations.

  • Data types: Contact details, bank details, invoices, transaction records

  • Purpose: Financial management and compliance

  • Lawful basis: Legal Obligation (Article 6(1)(c)) and Contract

3.5 Client Satisfaction Surveys

  • Data types: Contact details, feedback responses

  • Purpose: Service improvement

  • Lawful basis: Legitimate Interests

3.6 Marketing Communications

  • Data types: Contact details

  • Purpose: Sending relevant updates or marketing

  • Lawful basis:

    • Consent (where required)

    • Legitimate Interests (for B2B communications)

You can opt out at any time.

3.7 Employees

We process employee data separately under an internal employee privacy notice.

4. Data Retention

We retain data only for as long as necessary:

  • Client and contract data: Up to 7 years after contract end

  • Financial records: 6–7 years (legal requirement)

  • Marketing data: Until you withdraw consent or object

  • General enquiries: Up to 12 months after last contact

We regularly review and delete data when no longer required.

5. Sharing Your Data

We may share personal data with trusted third-party service providers, including:

  • Cloud hosting providers (e.g. Microsoft Azure / AWS)

  • Email and office systems (e.g. Microsoft 365)

  • CRM systems

  • Accounting and financial platforms

All third parties are required to process data securely and in accordance with data protection law.

6. International Data Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreement (IDTA)

  • Standard Contractual Clauses (SCCs)

7. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption

  • Access controls

  • Secure cloud infrastructure

  • Information Security Management practices

We assess risks to ensure confidentiality, integrity, and availability of data.

8. Cookies and Website Tracking

Our website may use cookies or similar technologies to improve user experience and analyse website usage.

You will be provided with clear information and choices regarding cookies when visiting our website.

9. Your Rights

Under UK data protection law, you have the right to:

  • Be informed about how your data is used

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Object to processing

  • Request data portability

  • Withdraw consent at any time

You can exercise your rights by contacting us.

10. Complaints

If you are unhappy with how we process your data, you can contact the regulator:

Information Commissioner’s Office

Website: https://ico.org.uk
Telephone: 0303 123 1113

11. Changes to This Privacy Notice

We may update this privacy notice from time to time. Any significant changes will be communicated via our website or directly where appropriate.