Effective Date: 17th April 2025

Last Updated: 17th April 2025

Purpose: This Privacy Policy outlines how HOF Consulting ("we", "us", "our") collects, uses, discloses, protects, and otherwise processes the personal data of individuals ("you", "your") who visit or interact with our website located at https://hofconsulting.co.uk/ (the "Website").

Data Controller: For the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller responsible for the personal data collected through this Website is HOF Consulting. Our contact details can be found in Section 12 of this policy.

Commitment to Privacy: HOF Consulting is committed to protecting your privacy and handling your personal data in a transparent and secure manner. We process personal data in accordance with the UK GDPR and the Data Protection Act 2018. This policy serves to inform you about our data practices and your rights concerning your personal data. Establishing clarity regarding the entity responsible for data processing is a fundamental requirement for transparency under data protection law.

Scope: This policy applies solely to personal data collected through your use of the Website. It does not extend to data collected offline or through other means, unless explicitly stated otherwise.

We collect personal data to provide and improve our services, respond effectively to your inquiries, and ensure the secure and efficient operation of our Website. The types of personal data we collect fall into two main categories:

Information You Provide Directly:

We collect personal data that you voluntarily submit to us through the Website. This includes:

• Contact Form: When you use the contact form on our Website, we collect your Name and Email Address, along with the content of your message. The form also provides an option to attach files; any personal data contained within files you choose to upload will also be collected. This feature is intended for relevant business documents related to your inquiry; submitting unnecessary sensitive personal information is discouraged. The collection via file uploads increases the potential for receiving varied data types, underscoring the need for users to share only what is necessary for their inquiry related to our services.
• Direct Communications: If you contact us directly via the email address (info@hofconsulting.co.uk) or phone number (+44(0)7748 322256) provided on the Website, we will collect your contact details and any personal data contained within your communication.

Information Collected Automatically:

When you navigate and interact with our Website, we automatically collect certain information about your device and browsing actions. This includes:

• Usage Data: Technical information such as your Internet Protocol (IP) address, browser type and version, operating system, the pages you visit on our Website, the time and date of your visit, the time spent on those pages, and other diagnostic data.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Website and hold certain information. Cookies are small data files stored on your device. We use them to analyse website traffic, optimise your website experience, and ensure essential website functionality. You are informed about cookie usage via a banner upon visiting our site, where you can accept or decline non-essential cookies. Further details are provided in Section 9 (Cookies).
• Google reCAPTCHA: Our contact form utilises Google's reCAPTCHA service to protect against spam and automated abuse. This service operates by collecting hardware and software information, such as device and application data, and sending it to Google for analysis to determine whether the user is human. This collection and processing by Google are subject to Google's own Privacy Policy and Terms of Service, linked on the contact form. The use of this third-party service involves sharing data with Google, which has implications detailed in Sections 5 and 10.

We use the personal data we collect for specific, explicit, and legitimate purposes, directly related to our business operations as strategic and technical consultants for the medical device industry. Your data is used in the following ways:

• Responding to Inquiries: To communicate with you, respond to your questions submitted via the contact form or direct contact methods, provide information about our services (such as strategic planning, regulatory affairs, quality assurance, manufacturing support, etc.), and engage in potential business discussions.
• Website Operation and Security: To maintain the functionality, stability, and security of our Website. This includes using IP addresses and browser data for troubleshooting and technical administration. We also use data collected by Google reCAPTCHA specifically to protect our Website and services from spam and abuse.
• Website Improvement: To understand how visitors interact with our Website by analysing aggregated usage data collected through cookies (where consent is given). This helps us improve the Website's content, navigation, user experience, and overall performance. Linking data collection to the improvement of services offered ensures the processing is relevant and purposeful.
• Service Provision: Should you engage our services following an initial inquiry via the website, we may use the contact information provided to facilitate the delivery of those services under a separate agreement.
• Legal Compliance: To comply with applicable legal or regulatory obligations, such as responding to lawful requests from authorities.

We process data only for the purposes for which it was collected, adhering to the purpose limitation principle under UK GDPR.

We only process your personal data when we have a valid legal basis to do so under the UK GDPR. The lawful bases we rely upon depend on the specific purpose of the processing activity:

• Responding to Inquiries (Contact Form/Direct Contact): We process the personal data you provide when contacting us based on our Legitimate Interests. Our legitimate interest is to respond to your business inquiries, provide requested information about our consultancy services , and explore potential client relationships initiated by you. We consider that this processing is necessary to fulfil your request and that your interests and fundamental rights do not override our legitimate interest in engaging with potential business contacts.
• Website Operation and Security (incl. essential cookies, reCAPTCHA): We process technical data and utilise essential cookies and reCAPTCHA based on our Legitimate Interests. Our legitimate interest lies in ensuring the proper functioning, security, and integrity of our Website, protecting it from malicious activities like spam , and providing a stable online presence.
• Website Improvement (Analytics Cookies): For processing data collected via analytical or performance cookies for website improvement purposes, we rely on your Consent. This consent is obtained through the cookie banner presented when you first visit our Website, where you have the option to accept or decline these non-essential cookies.
• Service Provision (if applicable): If processing is necessary to deliver services you have contracted with us (following initial contact via the website), the lawful basis would be Contractual Necessity.
• Legal Compliance: Where we need to process your personal data to comply with a legal requirement, the lawful basis is Legal Obligation.

Clearly identifying the lawful basis for each distinct processing activity is a core requirement of transparency under data protection law.

HOF Consulting respects the confidentiality of your personal data. We do not sell your personal data to third parties. We only share your personal data with third parties in specific circumstances and where legally permitted, primarily to facilitate the operation of our Website and business activities. The categories of recipients with whom we may share your data include :

• IT Service Providers: Companies that provide essential services such as website hosting, data storage, and technical maintenance for our Website. They process data on our behalf and under our instruction.
• Analytics Providers: Third-party services (e.g., potentially Google Analytics, based on cookie usage) that help us analyse website traffic and user behaviour. Data sharing for this purpose is subject to your consent for non-essential cookies.
• Security Providers: We share information with Google through its reCAPTCHA service implemented on our contact form for the purpose of distinguishing human users from automated bots and preventing spam. This involves sharing device and interaction data as described in Google's policies. Specificity regarding this type of sharing is important for transparency.
• Professional Advisors: Our lawyers, accountants, auditors, insurers, or consultants, when necessary for them to provide professional services to us.
• Legal and Regulatory Authorities: Government bodies, regulators, law enforcement agencies, or courts, where we are required to do so by law, regulation, legal process, or to protect our legal rights or the rights, property, or safety of others.

We ensure that any third party with whom we share personal data provides adequate protection for that data and complies with applicable data protection laws. The following provides a structured overview of our data sharing practices:

IT Hosting Provider

Website content, potentially usage logs, contact form data - Website operation, maintenance, data storage

Analytics Provider(s)

Aggregated/anonymised usage data, IP address (potentially) - Website traffic analysis & performance improvement

Security Provider (Google reCAPTCHA)

Device and application data, interaction data - Spam prevention, website security

Professional Advisors

Contact details, inquiry details (as relevant) Obtaining legal, financial, or consulting advice

Legal/Regulatory Authorities

Relevant data as legally required - Compliance with legal obligations, legal proceedings

HOF Consulting takes the security of your personal data seriously. We implement and maintain appropriate technical and organisational measures designed to protect the personal data we process against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are proportionate to the risks involved in the processing activities, considering the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing.

Our security measures include, but are not limited to:

• Access controls to limit access to personal data to authorised personnel.
• Secure storage solutions for electronic data.
• Procedures for managing data access and handling.
• Regular review of our security practices.

While we strive to use commercially acceptable means to protect your personal data, it is important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. Given the nature of our business within the medical device sector, we recognise the importance of robust data protection practices, even for the business contact information processed via this Website.

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, as outlined in this Privacy Policy, and to comply with our legal, accounting, or reporting obligations. The criteria used to determine our retention periods include the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and applicable legal requirements.

Specific retention periods or criteria include:

• Contact Form/Inquiry Data: Personal data submitted through inquiries will be retained for the duration necessary to address the inquiry and for a reasonable period thereafter for follow-up communications or record-keeping purposes (e.g., typically 24 months after the last communication, unless an ongoing business relationship is established or legal requirements dictate otherwise).
• Analytics Data: Data collected for website analytics, often in aggregated or anonymised form, is retained according to the configurations of our analytics tools or provider policies (e.g., potentially up to 26 months), or until consent is withdrawn.
• Data for Legal Obligations: Where data must be retained to comply with legal or regulatory requirements (e.g., financial records), it will be kept for the period specified by the relevant law.

Vague statements about retention are insufficient; providing clear periods or criteria is essential for transparency. We periodically review our data retention practices to ensure data is not held longer than necessary.

Under the UK GDPR, you have several rights concerning your personal data. HOF Consulting is committed to upholding these rights. Subject to certain exemptions and limitations provided by law, your rights include:

• The Right to be Informed: To be informed about how we collect and use your personal data (which is the purpose of this Privacy Policy).
• The Right of Access: To request access to and receive a copy of the personal data we hold about you.
• The Right to Rectification: To request correction of inaccurate or incomplete personal data we hold about you.
• The Right to Erasure (Right to be Forgotten): To request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purpose it was collected).
• The Right to Restrict Processing: To request the restriction of processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data).
• The Right to Data Portability: To receive the personal data you provided to us in a structured, commonly used, and machine-readable format and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.
• The Right to Object: To object to the processing of your personal data where we are relying on legitimate interests as our lawful basis, under certain circumstances. You also have the absolute right to object to processing for direct marketing purposes (though we do not currently engage in direct marketing based on website data).
• Rights related to Automated Decision-Making and Profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (we do not currently conduct such processing based on website data).
• The Right to Withdraw Consent: Where we rely on consent as the lawful basis for processing (e.g., for analytics cookies), you have the right to withdraw your consent at any time.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the details provided in Section 12. We may need to request specific information from you to help us confirm your identity before processing your request. We aim to respond to all legitimate requests within one month. Providing clear pathways for users to exercise their rights is a key aspect of compliance.

Right to Complain: You have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues, if you are unsatisfied with our response or believe we are not processing your personal data in accordance with the law. Contact details for the ICO can be found on their website: www.ico.org.uk.

What are Cookies? Cookies are small text files placed on your device (computer, smartphone, etc.) when you visit websites. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners.

How We Use Cookies: Our Website uses cookies for several purposes:

• Strictly Necessary Cookies: These are essential for the basic operation of the Website, such as enabling navigation and ensuring security. They do not require your consent and are processed based on our legitimate interests in providing a functional website.
• Analytical/Performance Cookies: These cookies allow us to recognise and count the number of visitors and see how visitors move around our Website when they are using it. This helps us improve the way our Website works. We only use these cookies if you provide your consent via the cookie banner.
• (If applicable) Functional Cookies: We may use functional cookies to remember choices you make (such as language preferences) to provide a more personalised experience. These would typically require your consent.
• Targeting/Advertising Cookies: We do not currently use targeting or advertising cookies on our Website.

Your Consent: When you first visit our Website, a banner appears informing you about our use of cookies and requesting your consent for non-essential cookies (Analytical/Performance and Functional, if used). By clicking "Accept", you consent to our use of these cookies. If you click "Decline", only strictly necessary cookies will be used. The alignment between this policy (providing information) and the banner (obtaining consent) is crucial for compliance with cookie regulations.

Managing Cookies: Most web browsers allow some control of most cookies through the browser settings. You can usually block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Website. You can typically find information on how to manage cookies in the 'Help' section of your browser or by visiting www.aboutcookies.org or www.allaboutcookies.org.

Personal data collected through the Website may be processed in, and transferred to, countries outside the United Kingdom (UK). This occurs primarily through our use of third-party service providers, such as Google for reCAPTCHA and potentially website hosting or analytics providers, whose servers may be located globally, including in the United States. The use of such global services makes international data transfers highly probable.

When we transfer your personal data outside the UK to countries that have not been deemed by the UK government to provide an adequate level of data protection, we ensure that appropriate safeguards are in place to protect your personal data. These safeguards may include:

• Reliance on UK Adequacy Regulations where applicable.
• Implementing the UK's Standard Contractual Clauses (SCCs) or the International Data Transfer Agreement (IDTA) with the recipient.

We take steps to ensure that any data transferred internationally is treated securely and in accordance with this Privacy Policy and applicable data protection laws. You can request further information about the specific safeguards used for international transfers by contacting us using the details in Section 12. Transparency regarding such transfers and the protections applied is a key requirement.

We may update this Privacy Policy from time to time to reflect changes in our data processing activities, legal requirements, or best practices. Any changes will be effective immediately upon posting the revised policy on this Website.

We will indicate the date the policy was last updated at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. For significant changes, we may provide a more prominent notice on the Website. Regular review, at least annually or upon significant changes in processing, is considered best practice.

If you have any questions about this Privacy Policy, our data protection practices, or if you wish to exercise any of your data protection rights, please contact us at:

HOF Consulting

Email: info@hofconsulting.co.uk 

Phone: +44 (0)7748 322256

(Further contact details, such as a registered address, are available upon request).

Data Protection Officer (DPO): HOF Consulting has assessed its processing activities and currently is not required to appoint a formal Data Protection Officer under the UK GDPR. However, we take data protection seriously, and inquiries can be directed to the contact details above.

This Privacy Policy is provided for informational purposes only and does not constitute legal advice. The information contained herein is intended to be accurate and up-to-date, but HOF Consulting makes no warranty or representation regarding its completeness or accuracy. You should consult with a qualified legal professional for advice tailored to your specific circumstances regarding data protection compliance.

This Privacy Policy is effective as of 17th April 2025

This Privacy Policy was last updated on 17th April 2025