Privacy Policy - pre engagement

Privacy Policy 1: Pre-Services Engagement (Enquiries, Discovery, Quotes)
Version: 1.0
Last updated: 4 March 2026
1) Who we are
East London Automation Consulting (“we”, “us”, “our”) is the data controller for the personal data described in this notice.
Contact (privacy enquiries): contact.us@elaconsulting.uk
Email: contact.us@elaconsulting.uk
Telephone: +44 (0) 7958 910363
Address: Essex SS7 2AN
We do not currently have to appoint a Data Protection Officer (DPO). If this changes, we will update this notice. (Information Commissioner's Office)
2) What this notice covers
This notice applies when you contact us before any services start — for example, when you:
    • email or call us with an enquiry
    • book a discovery call
    • request a quote/proposal
    • discuss requirements, access, security constraints, or timelines
    • share documents so we can understand your needs (e.g., process notes, screenshots)
3) What personal data we collect
We may collect:
    • Identity and contact details: name, job title, company, email, phone number, business address
    • Communication records: emails, messages, meeting notes, call summaries
    • Project scoping details: what you want to automate, systems involved, high-level security constraints (e.g., VPN required, MFA used)
    • Technical context (limited): device/app details relevant to scoping (e.g., Microsoft 365 version, Power Automate licensing level if you tell us)
    • Basic billing readiness (if needed for a quote): purchase order process, billing contact details
We aim not to collect passwords. If you accidentally send credentials, tell us straight away so we can delete/secure them. (For delivery we use safer access methods — see the post-services notice.)
4) Where the data comes from
Usually from you, or from someone in your organisation who contacts us. In some cases, another colleague may introduce you and share your work contact details. (GDPR)
5) Why we use your data (purposes)
We use pre-engagement data to:
    • respond to enquiries and communicate with you
    • run discovery conversations and understand requirements
    • produce proposals, statements of work, and quotes
    • check feasibility and risks (including high-level security requirements)
    • keep a record of business discussions (for accuracy and continuity)
6) Our lawful bases
We rely on the following lawful bases under UK GDPR:
    • Legitimate interests: running and growing our consulting business, responding to enquiries, preparing proposals (balanced against your rights). (Information Commissioner's Office)
    • Contract (steps before entering a contract): where you ask us to provide a quote/proposal or take steps towards a contract. (GDPR)
    • Legal obligation: where we must keep certain records (e.g., tax/accounting). (Legislation.gov.uk)
    • Consent: only where we explicitly ask and you freely agree (for example, certain marketing). You can withdraw consent at any time. (Information Commissioner's Office)
7) Who we share data with
We may share personal data with:
    • Professional advisers (accountants, insurers, legal advisers) where needed
    • IT and hosting providers we use to run email, calendars, file storage, backups, and security tools (acting as processors)
We do not sell your personal data.
8) International transfers
Some suppliers may store or process data outside the UK. Where this happens, we use appropriate safeguards (for example, recognised transfer mechanisms and contractual protections). (Information Commissioner's Office)
9) How we keep your data secure
We use sensible technical and organisational measures, such as access controls, MFA where available, secure devices, and limiting data to what’s needed for scoping.
10) How long we keep pre-engagement data
    • If you do not become a client: typically up to 12 months after last contact (to handle follow-ups and keep an audit trail).
    • If you do become a client: relevant information moves into the post-services records (see the next notice).
If we must keep something longer (e.g., for legal reasons), we will do so. (Information Commissioner's Office)
11) Your rights
You have rights including: access, rectification, erasure, restriction, objection, and (in some cases) data portability. (Information Commissioner's Office)
To exercise rights, contact us using the details above.
12) Complaints
If you’re unhappy, please contact us first so we can try to resolve it. You can also complain to the Information Commissioner’s Office (ICO) (UK regulator). (Information Commissioner's Office)
13) Updates to this notice
We may update this notice from time to time. The “Last updated” date will change.

 

Privacy Policy - post engagement

Privacy Policy 2: Post-Services Engagement (Delivery, Support, Retainers)
Version: 1.0
Last updated: 4 March 2026
1) Who we are
East London Automation Consulting (“we”, “us”, “our”) is the data controller for the personal data described in this notice.
Contact (privacy enquiries): contact.us@elaconsulting.uk
Email: contact.us@elaconsulting.uk
Telephone: +44 (0) 7958 910363
Address: Essex SS7 2AN
2) What this notice covers
This notice applies once you become a client and we are delivering services — including implementation, support, change requests, training, and troubleshooting.
3) What personal data we process during delivery
Depending on what you ask us to do, we may process:
    • Client contact and relationship info: authorised contacts, approvers, stakeholders, billing contacts
    • Project delivery records: statements of work, project plans, meeting notes, decisions, change requests
    • Service desk/support records: tickets, email threads, call notes
    • Technical and security information: user accounts (names/emails), role/access requirements, MFA methods, IP allow-lists, VPN requirements (but not your passwords)
    • Automation artefacts: scripts, workflows, configuration files, logs, run histories, error reports
    • Remote access/audit logs (where remote sessions are used and recorded by your tools or ours)
    • Client data within systems (only if necessary for the work): this might include personal data of your staff or customers that exists inside your business applications
Important: If our work may involve special category data (e.g., health), we will handle this carefully and agree controls with you before proceeding. (Information Commissioner's Office)
4) Why we use your data (purposes)
We use post-services data to:
    • deliver the contracted services
    • manage access to systems safely
    • build, test, run, and support automation solutions
    • diagnose issues and improve reliability
    • manage billing, accounting, and contract administration
    • comply with legal and regulatory obligations
    • defend or establish legal claims if needed
5) Our lawful bases
We rely on:
    • Contract: delivering the services you have engaged us to provide. (GDPR)
    • Legal obligation: tax/accounting and other compliance requirements. (Legislation.gov.uk)
    • Legitimate interests: running our business, maintaining records, preventing fraud/abuse, securing systems, and improving services (balanced against your rights). (Information Commissioner's Office)
    • Consent: only where we explicitly request it and you freely agree (rare in a B2B delivery context). (Information Commissioner's Office)
Where we process special category data, we will identify an appropriate UK GDPR condition and document it as part of the engagement. (Information Commissioner's Office)
6) Client systems and “processor/controller” roles
In many projects, you decide why and how personal data in your business systems is used. In that case, you are the controller for that data and we act as a processor when we handle it on your instructions.
Where appropriate, we will agree:
    • what data we will access
    • how access is granted (e.g., named accounts, least privilege)
    • how data is handled, stored, and deleted
    • incident reporting and security expectations
7) Who we share data with
We may share personal data with:
    • Your organisation (authorised contacts and relevant teams)
    • Our service providers (email, storage, backup, security, accounting) acting as processors
    • Professional advisers (accountants, insurers, legal advisers) when necessary
    • Authorities where required by law
We do not sell your personal data.
8) International transfers
If any of our suppliers process data outside the UK, we use appropriate safeguards (such as contractual protections and recognised transfer mechanisms). (Information Commissioner's Office)
9) Security measures
We use practical measures to protect data, such as:
    • access controls and MFA where available
    • least-privilege access
    • secure storage and encrypted transfer where possible
    • separating client data by engagement where relevant
    • keeping logs needed for troubleshooting and accountability
10) Data retention (how long we keep post-services records)
Typical retention (unless your contract says otherwise):
    • Contract, invoices, and accounting records: usually 6 years (UK tax/accounting practice).
    • Project documentation and deliverables: typically up to 6 years after the end of the engagement (to support warranty, disputes, audit, and continuity).
    • Support tickets and operational logs: typically 12–24 months, unless required longer for ongoing support or legal reasons.
    • Client system data accessed during delivery: we aim not to extract or keep it unless needed; where we do hold it (e.g., exported logs for debugging), we keep it only as long as necessary and then delete it securely.
If you want shorter retention, we can agree this in writing where feasible. (Information Commissioner's Office)
11) Your rights
You have rights including: access, rectification, erasure, restriction, objection, and (in some cases) data portability. (Information Commissioner's Office)
Where we act as your processor, we may direct the request to you (as controller) or assist you under the contract.
12) Complaints
Contact us first so we can try to fix the issue. You can also complain to the Information Commissioner’s Office (ICO). (Information Commissioner's Office)
13) Updates to this notice
We may update this notice occasionally and will change the “Last updated” date.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.