Privacy policy

Who are we?

Scenius Consulting and Coaching (‘Scenius’) is a limited company based in London. (Companies House registration number: 14859314.) Our contact details are at the bottom of this privacy policy. We undertake a wide range of consulting and coaching work, for businesses, public sector organisations and charities.

Whose personal data do we process?

Scenius processes personal data which relates to our clients’ current and potential customers, clients or supporters. We also process data belonging to people who work for our clients, and others with whom we have or have had a business connection.

Registration and legislation

Scenius is registered with the Information Commissioners Office (ICO), whose contact details are also at the bottom of this privacy policy, with registration number ZB550588. We are careful to work in compliance with the UK General Data Protection Regulation (UK GDPR), and, when working with charities’ supporter data we work in compliance with the Fundraising Regulator’s Code of Fundraising Practice.

Legal framework

Data entrusted to us by a client is controlled by a contract between ourselves and the client. This determines how we use personal data passed to us by them. We only use this data in the way in which the client has instructed us to. With this data, we act as a Data Processor as defined in the UK GDPR. Ultimate control of the personal data remains with the client, who is defined as the Data Controller.

Some of our work requires us to collect additional data from our clients’ current and potential customers, clients or supporters whom we meet. With this data, therefore, we act as both Data Processor and Data Controller.

We also act as a Data Controller in respect of data we hold on those who work for our clients and potential clients, as well as others with whom we have a business connection.

When we process data as a Data Controller we rely on three ‘lawful bases for processing’, as they are called in the UK GDPR:

  • For the purpose of administering contracts with clients, to the extent that we process personal data we do so because it is necessary for the administration of a Contract.

  • For our marketing and other promotional activity we process data because it is in our Legitimate Interests unless the law requires us to obtain your Consent in which case we will only process data with your consent.

  • When carrying out client activity we will usually seek Consent to process data, for example, to make interview notes. In some cases, and especially before we have met someone whom we may be seeking to interview, we will process data because it is in our Legitimate Interests to do so to properly advise our client.

More information on these terms can be found on the ICO website (details at the bottom of this privacy policy).

How do we keep your data safe?

In a number of different ways, we work hard to ensure data is kept secure. These methods are revised on an ongoing basis as technology changes. Physical records, such as notes or printed information, are locked away securely when not in use. Portable devices such as smartphones can be erased remotely should they be lost or stolen, and all removable media (on the rare occasion it is needed) is hardware encrypted. Computer systems, including laptops, are password protected and where possible use biometric security measures. We use large, reputable service providers for email, file sharing and file storage, such as Microsoft, Google and WeTransfer, and as far as possible we rely on Cloud storage provided by Microsoft and Google.

We store client and prospective client data on a secure, Cloud-based Customer Relationship Management (CRM) database called Capsule, a UK-based company. Capsule in turn uses Amazon Web Services (AMS) to store data. This is considered to be among the most secure platforms, and is used by millions of companies in many industries. For more information on how Capsule protects personal data in line with UK GDPR, click here.

What data do we process?

In carrying out our work as consultants and coaches, we hold data, whether as a Data Processor or Data Controller, which helps us to understand an individual and their relationship or potential relationship with our client. This information may include:

  • Personal details, including name and age;

  • Contact details;

  • Nature of the relationship with our client, including, for charity clients, information about past giving to the client and hoped for future giving;

  • Financial, business, family and networking information since, with charity clients, this often has a material impact on the way in which the person pursues their philanthropic interests;

  • Educational information and affiliations to organisations which are in the public domain;

  • Notes of meetings, correspondence and conversations which we may have with the data subject.

In carrying out administrative and marketing work for our own firm, information we hold includes:

  • Name;

  • Employment and contact information;

  • Communications preferences.

When you use this website, additional information is collected by Squarespace, which hosts the site. The website uses cookies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. You will have noticed that we opted to give you the choice of accepting the use of the non-essential cookies or not. For information about the cookies Squarespace uses, click here.

The personal data the site collects powers our analytics, including:

  • Information about your browser, network, and device

  • Web pages you visited prior to coming to this website

  • Your IP address

This information may also include details about your use of this website, including:

  • Clicks

  • Internal links

  • Pages visited

  • Scrolling

  • Searches

  • Timestamps

We also use Google Analytics, as it provides more helpful information, e.g. to help us to see which pages are most useful to visitors and how we might improve them. You can read more about the way Google Analytics works here and you can view Google’s privacy policy here.

What do we do with the data?

In general terms, we use data to provide both general and specific advice to clients. For example, with a charity client that might be on the planning and implementation of fundraising and supporter relations activities. This may include statistical analysis of data provided to or obtained by us.

If we are carrying out interviews with our clients’ current or potential customers, clients or supporters, we seek a person’s permission to take and to keep notes of our conversation(s) and correspondence. We ask the person to tell us what we may disclose to the client and what we may not. We may securely retain our notes following the close of a particular contract with the client since we have found that these are useful to the client should they choose to work with us again. It is also important for us to know with whom we have met in order that we can properly respect the relationship between a particular individual and the client(s) with whom that person interacts.

In pursuit of our own business interests, we use personal data to manage our contractual relationship with clients and to send news of interest about our firm and its services and about broader areas of interest to clients. We may do this by post, telephone or email.

To whom do we disclose information?

In our capacity as a Data Processor we never disclose any personal data to a third party unless the client to whom the data belongs requests or permits us to do so in writing.

In our capacity as a Data Controller we do not pass control of personal data to any other organisation except with the consent of the individual data subject, unless required to do so by law.

We may use email or Cloud-based data storage services based outside the European Economic Area. In such circumstances we will always ensure that adequate protection is in place such that data is secure. Data will always be transferred to, and stored by, such services in an encrypted form.

How long do we retain information?

In our capacity as a Data Processor we keep information for as long as the contract with our client requires.

In our capacity as a Data Controller we keep information for as long as is necessary for us to carry out our work as consultants and coaches. In respect of interview notes, we and the data subjects often find it helpful if we have a record of discussions that took place between us, even many years earlier. If a current or potential customer, client or supporter wishes us to remove this information we will of course comply with that request. Such a request can be made by using the details below.

For administering our own business, we retain personal data while clients are working with us and for a reasonable time beyond until such a time as repeat business seems unlikely. A data subject may ask us to remove them from our database or from the receipt of communications at any time. Again, such a request can be made by using the details below.

What rights do you have?

You have a number of rights under the UK GDPR legislation:

  • Your right to make a data protection complaint

  • Your right to be informed if your personal data is being used

  • Your right to get copies of your data

  • Your right to get your data corrected

  • Your right to get your data deleted

  • Your right to limit how organisations use your data

  • Your right to data portability

  • The right to object to the use of your data

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you, from receipt of your correspondence.

How to complain

If you have any concerns about our use of your personal data, the ICO encourages you in the first instance to make a complaint direct to us, which you can do by email or post.

Please contact us by email at hello@sceniusconsulting.com, which is monitored by both our Founders, Ann-Mari and Matt.

Our postal address is: Scenius Consulting and Coaching Ltd, 167-169 Great Portland Street, 5th Floor, London W1W 5PF.

You can also complain to the Information Commissioners Office (ICO) if you are unhappy with how we have used your data or dealt with your complaint to us. For the ICO’s contact details, click here.