Privacy Policy - Smith and Stankevitch Consulting Limited

Smith and Stankevitch Consulting Limited

Project Management as a Service | http://www.ssc-ltd.co.uk

Effective date: 29 May 2026 | Last reviewed: 29 May 2026

1. Who We Are

Smith and Stankevitch Consulting Limited (“SSC”, “we”, “us”, “our”) is a company registered in England and Wales, providing Project Management as a Service (PMaaS) to small and medium-sized enterprises. Our registered office is:

Smith and Stankevitch Consulting Limited

Rushden, Northamptonshire, NN10 0BA

Email: enquiries@ssc-ltd.co.uk

Website: http://www.ssc-ltd.co.uk

We are the data controller for personal data collected through this website and in connection with our services. This means we decide how and why your personal data is processed.

2. What This Policy Covers

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

It applies to all visitors of our website and anyone who contacts us or uses our services.

3. Personal Data We Collect

We may collect the following categories of personal data:

Identity data – your name, job title, and the name of your organisation.

Contact data – email address, telephone number, and postal address.

Communication data – messages, enquiries, and feedback you send us via our contact form, email, or the client portal.

Technical data – IP address, browser type and version, device type, pages visited, and time spent on our website (collected via cookies and analytics tools).

Usage data – how you interact with our website and client portal.

Contract and project data – information needed to deliver our project management services, such as project briefs, timelines, and documents you share with us.

We do not collect any special category (sensitive) personal data and we do not knowingly collect data from children under the age of 16.

4. How We Collect Your Data

We collect personal data through:

Our website contact form and feedback form.

Direct email and telephone communication.

Our client portal when you log in and interact with it.

Cookies and analytics tools when you browse our website (see Section 9).

Third parties, such as referrals from existing clients or professional networking.

5. Why We Use Your Data (Legal Bases)

We process your personal data only where we have a lawful basis to do so. The table below sets out our purposes and legal bases:

Responding to enquiries – Legitimate interests (to respond to and develop business relationships).

Delivering our PMaaS services – Performance of a contract (or steps taken prior to entering a contract).

Sending service updates and project communications – Performance of a contract.

Sending marketing information – Consent (where obtained) or legitimate interests (where you are an existing client). You may opt out at any time.

Improving our website and services – Legitimate interests.

Complying with legal obligations – Legal obligation (e.g. keeping financial records).

6. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law. Our general retention periods are:

Enquiries and contact records: 2 years from last contact, unless a business relationship is established.

Client and contract records: 6 years after the end of the contract (in line with UK limitation periods).

Financial records: 6 years (as required by HMRC).

Website analytics data: Up to 26 months.

7. Who We Share Your Data With

We do not sell your personal data. We may share it with:

Our team members – who need access to deliver services to you.

IT and hosting providers – who host our website and client portal (e.g. WordPress.com / Automattic).

Email and communication tools – used to send and receive correspondence.

Professional advisers – such as accountants or legal advisers, where necessary.

Regulatory or law enforcement authorities – where required by law.

Where we use third-party processors, we ensure they process your data only on our instructions and have appropriate security measures in place.

8. International Transfers

We primarily store and process your data within the UK and European Economic Area (EEA). If any of our service providers are based outside the UK/EEA, we ensure appropriate safeguards are in place (such as UK adequacy decisions or Standard Contractual Clauses) before transferring your data.

9. Cookies

Our website uses cookies — small text files placed on your device — to help the site function properly and to understand how visitors use it. The cookies we may use include:

Strictly necessary cookies – essential for the website to operate (e.g. login sessions for the client portal).

Analytics cookies – help us understand visitor behaviour in an anonymised way (e.g. WordPress.com stats).

Preference cookies – remember your settings and choices.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the website. Where required by law, we will ask for your consent before placing non-essential cookies.

10. Your Rights

Under UK GDPR you have the following rights regarding your personal data:

Right of access – to request a copy of the personal data we hold about you.

Right to rectification – to ask us to correct inaccurate or incomplete data.

Right to erasure – to request deletion of your data in certain circumstances (“right to be forgotten”).

Right to restrict processing – to ask us to limit how we use your data.

Right to data portability – to receive your data in a structured, commonly used format.

Right to object – to object to processing based on legitimate interests, including for direct marketing.

Right to withdraw consent – where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details in Section 12. We will respond within one calendar month. There is no charge for most requests.

11. How We Protect Your Data

We take data security seriously. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include secure email communication, password-protected systems, and access controls limited to those who need the data to do their job.

While we take all reasonable precautions, no method of transmission over the internet is completely secure. If you suspect any misuse of your data, please contact us immediately.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please contact us:

Data Controller: Smith and Stankevitch Consulting Limited

Email: enquiries@ssc-ltd.co.uk

Address: Rushden, Northamptonshire, NN10 0BA

Hours: Monday – Friday, 9am – 5pm

13. Right to Complain

If you are not satisfied with how we have handled your data, you have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

We would, however, appreciate the opportunity to resolve any concern directly before you approach the ICO.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last reviewed” date at the top of this page. We encourage you to review this policy periodically.