Get in Touch
Get in Touch
← Back to Home

Privacy Policy

Last updated: 1 January 2026

1. Introduction

Blue Oak Consulting ("Blue Oak Consulting", "we", "us", or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our consulting services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

  • Contact us through our website, email, or telephone
  • Request information about our services
  • Enter into a consulting engagement with us
  • Subscribe to our publications or communications
  • Attend our events or webinars
  • Apply for employment or contracting opportunities

This information may include:

  • Name, job title, and professional credentials
  • Contact details including email address, telephone number, and business address
  • Company name, size, and industry sector
  • Details of your enquiry or the services you are interested in
  • Payment and billing information where applicable

2.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including:

  • IP address and approximate geographic location
  • Browser type, version, and language preferences
  • Device type, operating system, and screen resolution
  • Pages visited, time spent on pages, and navigation patterns
  • Referring website or source
  • Date and time of access

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us analyse web traffic and improve our services. You can control cookie preferences through your browser settings. For more information, please see our Cookie Policy section below.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide consulting services, respond to enquiries, and fulfil contractual obligations
  • Communication: To send you relevant information about our services, industry insights, and updates you have requested
  • Business Development: To understand your needs and how we might assist your organisation
  • Website Improvement: To analyse how visitors use our website and improve its functionality and content
  • Legal Compliance: To comply with applicable laws, regulations, and professional standards
  • Legitimate Business Interests: To protect our rights, safety, and property, and to detect and prevent fraud

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract: Processing necessary to perform a contract with you or take steps at your request before entering into a contract
  • Legitimate Interests: Processing necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms
  • Consent: Where you have given clear consent for us to process your personal data for specific purposes
  • Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our business, such as IT support, hosting services, and professional advisors, subject to appropriate confidentiality obligations
  • Professional Obligations: Where required by our professional regulatory bodies or to maintain professional standards
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with any merger, acquisition, or sale of all or a portion of our assets, with appropriate notice to affected individuals
  • With Your Consent: In any other circumstances where you have provided explicit consent

6. International Data Transfers

Our primary operations are based in the United Kingdom. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office, or transfers to countries with adequate data protection laws.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period depends on the nature of the information and the purposes for processing. Generally:

  • Client engagement records: 7 years after completion of the engagement
  • Marketing and communication preferences: Until you withdraw consent or unsubscribe
  • Website analytics data: 26 months
  • Employment application records: 12 months for unsuccessful applications

8. Your Rights

Under UK data protection law, you have the following rights:

  • Right of Access: To request a copy of the personal data we hold about you
  • Right to Rectification: To request correction of inaccurate or incomplete personal data
  • Right to Erasure: To request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: To request limitation of processing in certain circumstances
  • Right to Data Portability: To receive your personal data in a structured, commonly used format
  • Right to Object: To object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: To withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication procedures
  • Regular security assessments and updates
  • Staff training on data protection and confidentiality
  • Secure disposal of data when no longer required

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

10. Cookie Policy

Our website uses the following types of cookies:

  • Essential Cookies: Required for the website to function properly. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous information.
  • Preference Cookies: Remember your settings and preferences for future visits.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect website functionality.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any changes on this page with an updated revision date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Blue Oak Consulting

167 City Road

London EC1V 1AW

United Kingdom

Email: contact@blue-oak-consulting.com

Phone: +44 7831 210753