Privacy Policy

Who We Are

Landry Ntahe Consultancy ("we", "us", "our") operates the website landryntahe.co.uk. We are committed to protecting your privacy and complying with applicable data protection laws, including the UK GDPR and EU GDPR.

Data Controller

For the purposes of data protection law, Landry Ntahe is the data controller responsible for your personal data.

What Personal Data We Collect

Information You Provide Directly

• Contact information: Name, email address, phone number
• Booking details: Service preferences, availability requirements, special requests
• Payment information: Processed securely through Stripe (we don't store card details)
• Account information: Login credentials, profile preferences

Information Collected Automatically

• Technical data: IP address, browser type, operating system
• Usage data: Pages visited, time spent on site, click patterns
• Cookies: See our Cookie Policy for details

How We Use Your Data

Providing Our Services

• Process and manage your booking requests
• Communicate with you about your consultations
• Send payment confirmations and receipts
• Manage your client account and preferences

Legal Obligations

• Comply with accounting and tax requirements
• Maintain business records for legal purposes
• Respond to legal requests from authorities

Improving Our Services

• Analyse website usage and user behaviour
• Improve our website functionality and user experience
• Develop new features and services

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

To provide the consulting services you have requested and manage our contractual relationship.

Legitimate Interests

To operate our business, communicate with clients, and improve our services, where this doesn't override your rights.

Legal Obligations

To comply with applicable laws, regulations, and legal processes.

Consent

For non-essential cookies and marketing communications (where applicable).

Data Sharing and Third Parties

Service Providers

We work with trusted third-party service providers who help us operate our business:

• Stripe: Payment processing (PCI DSS compliant)
• HubSpot: CRM and marketing automation
• Google Calendar: Appointment scheduling
• SendGrid: Email communications
• Vercel: Website hosting and deployment
• Sanity: Content management system

Data Security

All third-party providers are carefully selected and contractually required to maintain appropriate security measures and comply with data protection laws.

No Sale of Personal Data

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Client data: Retained for 7 years after last service for accounting purposes
• Marketing data: Retained until consent is withdrawn or account is deleted
• Analytics data: Anonymised after 26 months
• Deleted accounts: Data permanently removed within 30 days of deletion request

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

We will respond to your request within 30 days. Some requests may require identity verification to protect your personal data.

Cookies and Tracking

We use cookies and similar technologies to enhance your experience on our website. For detailed information about our cookie practices, please see our Cookie Policy.

You can manage your cookie preferences at any time by:

• Using the cookie preference centre on our website
• Adjusting your browser settings
• Contacting us to withdraw consent

International Data Transfers

Some of our service providers are located outside the UK/EU. When we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Certification schemes and codes of conduct

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure hosting environments with regular security audits
• Access controls and employee training
• Regular security updates and monitoring

Children's Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email or through a prominent notice on our website.

The "Last updated" date at the top of this page indicates when this privacy policy was last revised.

Complaints

If you are unhappy with how we have handled your personal data or our response to your concerns, you have the right to complain to the Information Commissioner's Office (ICO), the UK data protection regulator.