MICHELLE HOWARD

Privacy Notice

At Michelle Howard Consulting we take your privacy seriously. This notice explains how and why we collect, use, and protect personal information when you use our website, contact us, or purchase services. Your rights are protected in line with:

This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you need further clarification do not hesitate to contact us via the email address below.

Contact: michelle@michellehoward.co.uk

What information do we collect and why do we need it?

We only collect information necessary to run our business and provide services. This may include:

Name
Job title
Business organisation /address
Email address
Telephone number
Username
If you contact us via the website, we may keep a record of that correspondence
Internet Protocol address, details of the web browser you use
Information on how you use the site and cookies.

We will do our utmost to ensure that such data will be accurate, complete and kept up to date and is only stored for the time period required related to the purposes agreed unless formal consent is given to the contrary. Information may be collected via:

Filling in forms on our site
By email or phone correspondence
When signing up for newsletters or updates
When making payments for services
When signing up for programmes / events

We process personal data based on your consent, contractual necessity, legitimate interests, or legal obligation, as appropriate, in accordance with UK GDPR. All data is stored securely within the United Kingdom, and we are the data controller for the purposes of the regulations.

How we will use this information

We are committed to respecting the personal data you supply to us. Information given will only be used by authorised representatives of Michelle Howard Consulting Ltd. We may use and process your personal information where you have consented for us to do so. We use information for the purposes of fulfilling your requests; this includes providing you with information that may be of interest to you, to customise content that you see, or for technical website administration.

We may use subcontractors to maintain and service the website. Where these subcontractors require access to your information, we seek assurances that they comply with the UK GDPR, that your information is be kept confidential and that they will not use your information except to fulfil their obligations to us.

Your data will only be used for marketing purposes via email, web/online, post or SMS if you have opted-in or consented, in line with updated UK GDPR requirements. You can choose to restrict the collection or use of your personal information for this purpose. You can ask us to change your preference for receiving such communications at any time. Whenever you receive marketing communications from us, you will be able to indicate whether you wish to update your details or preferences.

We will not pass your data to third parties for marketing purposes. We may pass on your personal information if we have a legal obligation to do so. We will also share your data to protect public safety or in emergency situations consistent with UK GDPR and recognised legitimate interests. Except as set out above, we will not disclose the information collected about you on the website.

Gaining consent

When gaining consent, we will:

Display consent clearly and prominently
Ask individuals to positively opt-in, in line with good practice
Give sufficient information to make a choice on consent
Give individuals the option to opt out and will explain consequences of withdrawal.

Data retention and security

We have implemented appropriate technical and organisational measures to protect personal data and ensure it is handled securely.

We will retain your personal information only for as long as necessary for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements. In determining appropriate retention periods, we consider the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and applicable legal requirements. We consider ICO guidelines. We regularly review the information we hold and securely delete or anonymise data that is no longer required. Access to personal data is restricted to authorised personnel who have a business need to know. You can request a copy of our data retention policy at any time by contacting us. Leadership diagnostic self-assessment data is retained for a maximum of 24 months from the date of submission, after which it is permanently deleted.

Our website host is 20i and their privacy policy is located here. Data transmitted via our website is protected using SSL encryption and other appropriate security measures.

Contact forms and email links

Should you choose to contact us using the contact form or via our email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third-party data processors. Instead, the data will be collated into an email and sent to us over the SMTP. Our SMTP servers are protected meaning that email content is encrypted and then the content is decrypted via our local computers and devices.

Secure access area

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Events

If you register for or attend events, your email address may be forwarded to partner organisations when and if necessary. Data will only be shared for the purpose of the event or to comply with law or emergency obligations. Only the minimum required information is shared.

Use of AI and automated tools

We may use AI tools to assist decision-making, analyse trends, or improve services. These tools only support human decisions and do not make significant decisions about you on their own. There is no solely automated decision-making with legal or similarly significant effects.

Marketing communications

If you have enquired about our services, we may send you marketing communications about our services or other relevant updates, but only where you have opted in or where the law allows. You can withdraw consent or change your preferences at any time using links in communications or by contacting us. We do not sell or share your personal data with third parties for their own marketing purposes.

Email newsletter

If you choose to join our email newsletter, the email address that you submit to us will be forwarded to Mailchimp, a third-party data processor. Mailchimp processes your data in line with GDPR. Your email address will remain in their database until removal is requested. You can withdraw consent at any time.

Payments and billing

If you purchase services or products via the website, we collect the information needed to process payment, such as name, billing address, and transaction details. Payments are processed securely by third-party providers, and full card details are not stored by us. Payment information is retained only as long as necessary to meet legal, accounting, and tax obligations.

International data transfers

Some service providers may process data outside the UK. We ensure appropriate safeguards are in place so that your data is protected to a standard not materially lower than UK requirements, consistent with the new “data protection test” under the DUAA (Articles 44–50 UK GDPR).

Children’s data

Our services are not intended for children, and we do not knowingly collect personal data from anyone under 16. If we become aware that we have collected data from a child, we will delete it promptly.

Your rights

Whenever personal data is obtained, you have the following rights under UK GDPR:
Access your personal data and obtain copies
Rectification of inaccurate or incomplete data
Erasure (“right to be forgotten”) where it is lawful
Restriction of processing
Data portability – you can request your data in a structured, commonly used format to transfer to another controller
Object to processing, including for direct marketing purposes
Object to automated decision-making or profiling where applicable – including the right to human intervention, express your point of view, and contest the decision

You can exercise these rights at any time. Requests are free of charge and will normally be responded to within one month, extendable by two months for complex requests. You also have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal

Sharing information – our third-party data processors

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We use several third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation required.

All third-party processors have data processing agreements in place and comply with UK GDPR 2025–2026 guidance. We monitor and review their compliance regularly.

Data security

We take appropriate technical and organisational steps to protect your data. Access is limited to authorised personnel, and our website uses SSL encryption. While no system is completely secure, we take reasonable measures to safeguard your information.

Data breaches

We will report any personal data breach to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it where the breach is likely to result in a risk to the rights and freedoms of individuals. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

All personal data breaches, including minor incidents, are recorded internally in line with UK GDPR accountability requirements.

Changes/updates to our privacy policy

We reserve the right to revise this notice from time to time. Changes will be incorporated on this page. We review our policy annually or as regulations change. Please review this page regularly.

Terms of use

If you continue to browse and use this website [our ‘site’] you are agreeing to comply with and be bound by the following terms and conditions of use.

The content of the pages of this website is for your general information and use only. It is subject to change without notice.
This website contains material which is owned by us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
Unauthorised use of this website may give rise to a claim for damages and be a criminal offence.
From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website. We have no responsibility for the content of the linked website(s).

Your use of this website and any dispute arising out of such use of the website is subject to the laws of England and Wales.

Privacy support and right to complain

If you have any questions or suggestions, please contact the data controller/protection officer of this website via michelle@michellehoward.co.uk

We will take reasonable steps to resolve or answer concerns as soon as possible and normally within 30 days in line with UK GDPR Guidance. We will continue to review this in alignment to further ICO and DUAA guidance.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.