‹ Back to policies

RS-101

Privacy Policy

Public-facing privacy notice for Recreo Consilium

RECREO CONSILIUM

RS-101

Privacy Policy

Public-facing privacy notice for Recreo Consilium

Aligned with RS-001: The Recreo Standard.

Version 1.0
Classification Public
Website www.recreo.co.uk
Positioning Independent Advisory Practice

Document Control

Field Detail
Document reference RS-101
Title Privacy Policy
Version 1.0
Status Issued for website publication
Owner Director, Recreo Consilium
Classification Public
Applies to www.recreo.co.uk and related business enquiries
Jurisdiction United Kingdom
Related documents RS-001 The Recreo Standard; RS-102 Cookie Policy; RS-103 Website Terms of Use

Revision History

Version Date Status Summary
1.0 3 July 2026 Issued for website publication Clean version 1.0 issue for website publication.

Contents

1. Introduction

2. Who we are

3. Scope of this policy

4. Personal information we collect

5. How we collect personal information

6. How we use personal information

7. Lawful bases for processing

8. Marketing and communications

9. Cookies and website information

10. Sharing information

11. International transfers

12. How long we keep information

13. Security

14. Your rights

15. Complaints

16. Changes to this policy

17. Contact details

Appendix A - Data retention summary

1. Introduction

Recreo Consilium is an independent advisory practice. We recognise that trust is not only built through the advice we give, but also through the way we handle information entrusted to us.

This Privacy Policy explains how we collect, use, store and protect personal information when you visit www.recreo.co.uk, contact us, engage with us, or otherwise provide information to us in connection with our advisory services.

This policy is intended to be clear, proportionate and practical. It should be read alongside our Cookie Policy and Website Terms of Use.

2. Who we are

Recreo Consilium is a company registered in England and Wales under company number 17315664, with its registered office at 223 Avonmouth Road, Bristol, BS11 9EJ.

For data protection purposes, Recreo Consilium is the data controller for personal information processed in connection with this website and our business activities, unless we agree otherwise in writing.

Details to complete before publication
Insert final company name, company number, registered office, contact email, telephone number and any ICO registration number if applicable.

3. Scope of this policy

This policy applies to personal information processed by Recreo Consilium in connection with:

  • Visitors to our website.

  • People who submit enquiries or contact us by email, telephone, website form or social media.

  • Prospective clients, clients and client representatives.

  • Suppliers, consultants, associates and professional advisers.

  • People who attend meetings, events or workshops with us.

  • People who apply for roles or express interest in working with us.

This policy does not form part of any contract for services. Where we are engaged by a client, separate terms of engagement may also apply.

4. Personal information we collect

The information we collect depends on how you interact with us. We only seek to collect information that is relevant and proportionate to the relationship or purpose involved.

Contact details

Name, job title, organisation, postal address, email address, telephone number and related contact information.

Business information

Information about your organisation, role, project, enquiry, requirements or professional interests.

Correspondence

Messages, emails, meeting notes, file notes and records of communications with us.

Client and project information

Information provided in connection with advisory work, proposals, reports, workshops or consultancy engagements.

Supplier and associate information

Contact details, payment information, professional qualifications, insurance information and engagement records.

Recruitment information

CVs, covering letters, employment history and information provided as part of a recruitment or associate enquiry.

Technical website information

IP address, device information, browser type, approximate location, pages visited and basic website usage information where collected by necessary website technologies.

Marketing preferences

Preferences about receiving communications from us and records of consent or opt-out requests.

We do not intentionally collect special category personal data through the website. If such information is provided to us voluntarily, we will only process it where there is a lawful basis and where it is necessary for a legitimate purpose.

5. How we collect personal information

We may collect personal information directly from you when you complete a form, send an email, call us, attend a meeting, provide a business card, respond to a proposal or engage us to provide services.

We may also receive information from your organisation, colleagues, professional advisers, public registers, publicly available business sources or third-party platforms where this is relevant to our professional relationship with you.

6. How we use personal information

  • Responding to enquiries and requests for information.

  • Preparing proposals and engagement documentation.

  • Delivering and managing advisory services.

  • Maintaining client, supplier and professional relationships.

  • Managing meetings, workshops, project communications and business administration.

  • Maintaining accurate business, accounting and legal records.

  • Protecting our website, systems and business from misuse or security risks.

  • Improving our website, services, communications and business processes.

  • Complying with legal, regulatory, tax, accounting and professional obligations.

7. Lawful bases for processing

We process personal information only where we have a lawful basis to do so under UK data protection law. Depending on the circumstances, the lawful bases we rely upon may include:

Contract

Where processing is necessary to take steps before entering into a contract or to perform a contract with you or your organisation.

Legitimate interests

Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include responding to enquiries, managing relationships, maintaining records, protecting our website and developing our services.

Where processing is necessary to comply with legal, tax, accounting, regulatory or other obligations.

Where you have given clear consent for a specific purpose, such as receiving certain optional communications. You may withdraw consent at any time.

8. Marketing and communications

We may contact business contacts with relevant professional updates, invitations, insights or information about Recreo Consilium where permitted by law and where the communication is relevant and proportionate.

Where consent is required, we will seek it before sending marketing communications. You may ask us to stop sending marketing communications at any time by using the unsubscribe method provided or by contacting us directly.

9. Cookies and website information

Our website may use cookies and similar technologies. At the date of issue, the website uses only strictly necessary cookies unless and until optional analytics or similar tools are deliberately introduced.

Where non-essential cookies are used, we will provide appropriate information and obtain consent where required. Further information is provided in RS-102 Cookie Policy.

10. Sharing information

We do not sell personal information. We may share personal information where necessary with:

  • Professional advisers, including accountants, solicitors, insurers and consultants.

  • IT, website, email, cloud hosting and software providers who support our operations.

  • Payment, accounting and business administration providers.

  • Clients, project teams, contractors or advisers where necessary for the delivery of advisory services.

  • Regulators, public authorities, courts or law enforcement bodies where required by law or necessary to protect our legal rights.

Where service providers process personal information on our behalf, we expect appropriate confidentiality, security and data processing arrangements to be in place.

11. International transfers

We intend to keep personal information within the United Kingdom where reasonably practicable. Some service providers may process information outside the UK. Where this occurs, we will seek to ensure that appropriate safeguards are in place in accordance with UK data protection law.

12. How long we keep information

We keep personal information only for as long as necessary for the purpose for which it was collected, including to meet legal, accounting, reporting and business record requirements.

Retention periods vary depending on the nature of the information and the context in which it was collected. A summary is included at Appendix A.

13. Security

We use appropriate technical and organisational measures to protect personal information from unauthorised access, loss, misuse, alteration or disclosure. These measures may include access controls, secure systems, appropriate software controls, staff awareness and supplier due diligence.

No method of transmission or storage is completely secure. We therefore apply proportionate safeguards and review them as the practice develops.

14. Your rights

Under UK data protection law, you may have the following rights in relation to your personal information:

Access

To request a copy of the personal information we hold about you.

Rectification

To ask us to correct inaccurate or incomplete information.

Erasure

To ask us to delete personal information in certain circumstances.

Restriction

To ask us to restrict processing in certain circumstances.

Objection

To object to certain processing, including processing based on legitimate interests or direct marketing.

Portability

To receive certain information in a structured, commonly used and machine-readable format.

To withdraw consent where we rely on consent as the lawful basis for processing.

To exercise your rights, please contact us using the details at the end of this policy. We may need to verify your identity before responding to a request.

15. Complaints

If you are concerned about how we handle your personal information, please contact us first so that we can try to resolve the matter.

You also have the right to complain to the Information Commissioner's Office, the UK's supervisory authority for data protection matters. Further information is available at www.ico.org.uk.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our business, website, systems or legal obligations. The latest version will be made available on our website.

17. Contact details

For questions about this Privacy Policy or how we handle personal information, please contact:

Recreo Consilium
Company number: 17315664
223 Avonmouth Road, Bristol, BS11 9EJ
Email: hello@recreo.co.uk
Website: www.recreo.co.uk

Appendix A - Data retention summary

Information category Indicative retention period Reason
General enquiries Up to 24 months after last contact To manage enquiries and maintain appropriate business records.
Client engagement records Up to 6 years after the end of the engagement, unless longer retention is required Contractual, legal, insurance, tax and professional record-keeping purposes.
Financial and accounting records Generally 6 years after the end of the relevant financial year Tax, accounting and statutory record requirements.
Supplier and associate records Up to 6 years after the end of the relationship Contractual and business administration purposes.
Recruitment enquiries Up to 12 months after the recruitment decision unless longer retention is agreed Recruitment administration and future opportunity consideration.
Marketing preferences Until you unsubscribe or ask us to remove your details, subject to suppression records To respect communication preferences and legal obligations.
Website technical data Short-term unless security or analytics requirements justify longer retention Website operation, security and performance.