top of page
Peyto Lake.jpg

Privacy & Cookies

Privacy Notice

Last updated on 10th January 2023


Peyto Consulting respects your privacy and commits to protect your personal data.  This Privacy Notice informs you of how we take care of your personal data, informs you of your privacy rights, and how you are protected by law.  Personal data, or personal information, is any information about an individual from which that person can be identified.  It does not include anonymous data, that is, data where the identity has been removed.

Controller of Personal Data
Peyto Consulting Limited is the Controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this notice).  If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please use the contact details set out below.


Company Name: Peyto Consulting Limited
Company Registration: Registered in England and Wales No. 11447730

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), who is the UK authority for data protection.  We would appreciate the opportunity to understand and resolve your concerns before you approach the ICO, and as such we ask that you please contact us in the first instance.


Our Principles on Personal Data
We aim to protect all personal data we hold, to manage your personal data in a responsible way, and to be transparent in our practices.  Because your trust in us is important, we have committed to these principles:

  • You are not obliged to provide any personal data requested by us, however it may limit the services we are able to offer if you choose not to, and we will advise you of any such limitations

  • We only collect and process your data for the purposes set out in this Privacy Notice or for specific purposes we have shared with you and for which we have gained your consent

  • We aim to collect, process and use as little personal data as is reasonably possible

  • When we collect your personal data, we aim to keep it as accurate and up to date as we reasonably are able

  • If any personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it

  • We will not share, sell, rent or disclose your personal data other than as described in this Privacy Notice

  • Peyto Consulting Limited is not intended for children and we do not knowingly collect data relating to children.

Your Duty to Inform us of Changes 
If your personal data changes during your relationship with us, please advise us of this, as it is important that the personal data we hold about you is accurate and up to date.

Third Party Links
There are no links to third party websites, plug-ins or applications on this website with the exception of Google Analytics which is used as described in “Personal Data We Collect” below.

Personal Data We Collect
We may collect, use, store and transfer personal data about you if you approach/engage us for services or when you apply for a role as a prospective candidate.  The types of personal data we may collect, use, store and transfer are detailed in the table below.

Identity Data

Including full name (title, first name, last name, middle/preferred/other names, maiden name (where applicable), username or similar identifiers, marital status, date of birth and gender

Contact Data

Including home address, business address, billing address, delivery address, email address and telephone numbers

Profile Data

Including your username and password, purchases made by you, your interests, preferences, feedback and survey responses

Transaction Data

Including payments to and from you and details of goods and services that are related to these payments

Financial Data

Including bank account details and payment card details

Technical Data

Including internet protocol (IP) address, login details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. This information is collected and tracked via Google Analytics and is not stored on website databases

Usage Data

Including information about how you use our website, products and services

Marketing & Communications Data

Including your preferences in receiving marketing from us and our third parties and your communication preferences

We collect, use and share Aggregated Data, which may be derived from your personal data but does directly or indirectly reveal your identity, so is not considered personal data in law.  If we combine or connect Aggregated Data with your personal data so that it can identify you (directly or indirectly), we treat the combined data as personal data and will use it in accordance with this Privacy Notice.  We do not collect any Special Categories of personal data about you.  We do not collect any information about criminal convictions and offences.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.  If this is the case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.


How We Collect Your Personal Data

We use a range of methods to collect data from and about you including those defined in the table below.

Direct Interaction

You may give us your Identity Data, Contact Data and Financial Data by any means of correspondence with us, including post, phone, and email. This includes personal data you provide when you engage with us to provide services, submit your details to apply for a position, request marketing to be sent to you, enter a competition, promotion or survey, send us feedback

Automated Interactions

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please refer to the "Cookies & Related Technologies" section below for further details.

Other Organisations and Public Sources

We may receive personal data about you from various other organisations and public sources as follows:

  • Technical Data from analytics providers such as Google based outside the EU

  • Marketing Data from providers based inside the EU

  • Identity and Contact Data from recruitment consultants who assist in sourcing candidates using publicly available sources

  • Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU

Why We Collect & Use Your Personal Data

Typically, we will use your personal data where:

  • We must comply with a legal or regulatory obligation

  • We need to enact and undertake work relating to the contract we are about to enter into or have entered into with you

  • It is necessary for our legitimate interests and your interests, and fundamental rights do not override those interests


We will only use your personal data when the law allows us to so we can provide you with the best possible service.  We do not generally rely on consent as a legal basis for processing your personal data, other than in relation to sending direct marketing communications to you.  You have the right to withdraw consent to marketing at any time, and should contact us to do so.  When we collect and use your personal data for purposes mentioned above or for other purposes, we will inform you before or at the time of collection.

Purposes for Which We Use Your Personal Data

We have laid out a description of the purposes for which we may use your personal data below, and which legal basis we rely on to do so.  We may process your personal data for more than one lawful ground.  You are welcome to contact us if you wish to have details on specific legal ground(s) we are relying on to process your personal data.

To register you as a new customer

Identity and Contact Data for the performance of a contract with you

To progress the delivery of services to you, for example, management of charges, fees, and payments, management of recruitment, recovery of money owed 

Identity, Contact, Financial, Transaction and Marketing & Communications Data for the performance of a contract with you and necessary for our legitimate interests (the recovery of debts owed to us)

To maintain our relationship with you, for example, informing you of changes to terms or policies, requesting completion of a survey or review

To allow you to take part in promotional activities such as competitions, prize draws and surveys

To deliver marketing content to you and measure its effectiveness

To suggest services that may be of interest to you

To use analytics to improve all aspects of our business

Identity, Contact, Profile, Usage, Technical and Marketing & Communications Data for the performance of a contract with you, necessary to comply with a legal or regulatory obligation, and necessary for our legitimate interests (keeping records up to date and understanding how customers use our services, developing services and grow our business)

To undertake administration and protection of all aspects of our business, for example, troubleshooting, testing, and maintenance

Identity, Contact and Technical Data that is necessary for our legitimate interests (for running our business, digital risk and security, and fraud prevention) 

The term “legitimate interests” means the interests of our company in conducting and managing our business to enable us to give you the best service.  When we process your personal information for our legitimate interests, we consider and balance any potential impact (positive and negative) on you, and your rights under data protection laws.  We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

The term "performance of contract" means processing your data where it is necessary for undertaking what is being or has been defined in a contract to which you are a party.

The term "comply with a legal or regulatory obligation" means processing your personal data where it is necessary for us to comply with legal or regulatory requirements or demands to which we are subjected. 

Personal Data Control

We may use your personal data to generate a view on products, services and offers we think may be of interest to you.  You will receive marketing communications from us if you have requested information or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.  We will get your express opt-in consent before we share your personal data with any other organisation.  You can ask us to stop sending you marketing messages at any time by contacting us, however this will not apply to personal data provided to us as a result of purchasing a service from us where it is used in relation to that specific service.


We may have to share your personal data for the purposes set out above with the following parties:

  • Other External Organisations, defined as:

    • Service providers acting as processors based in the UK who provide IT (including website) and system administration services

    • Professional advisers and recruitment support advisors acting as processors or joint controllers including associates, lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services

    • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.

  • Other organisations to whom we may choose to sell, transfer, or merge parts of our business or our assets.   Similarly, we may seek to acquire other businesses or merge with them.  Should such a change occur in our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.


We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed, altered or disclosed in an unauthorised way.  We limit access to your personal data only to those employees, agents, contractors and other organisations who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.  We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Retaining Your Personal Data

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected.  This includes satisfying any legal, accounting, or reporting requirements.  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.  By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.  In some circumstances you can ask us to delete your data. Please see ‘the right to erasure of your personal data’ below for further information.  In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your Rights

You are entitled to a series of rights where we process your personal data and you can exercise these rights at any point; an overview of these rights is below which you can exercise by contacting us.

Access to and correction of your personal data

You have the right to request access to your personal data.  This enables you to receive a copy of the personal data we hold about you, to check that we are lawfully processing it, and to request correction of the personal data we hold about you. It may be necessary for us to verify the accuracy of the new data you provide to us.

Deletion of your personal data

You have right to request that we delete your personal data if:

  • your personal data is no longer necessary in relation to the purposes for which it was collected, or

  • you withdraw consent that you had previously given for us to process your personal data and there is no other legal ground to process your personal data, or

  • you object to us processing your personal data for direct marketing or for our legitimate interests, or

  • your personal data is not being processed lawfully, or

  • your personal data needs to be deleted to comply with the law

If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.  Note that we may not always be able to comply with your request of deletion for specific legal reasons which will be notified to you at the time of your request.

Data portability

Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies where:

  • the processing is based on your consent

  • the processing takes place for the performance of a contract

  • the processing takes place by automated means

Restriction of processing

You have the right to restrict the processing of your personal data if:

  • you believe the personal data we have about you is inaccurate, or

  • the personal data is not being processed lawfully and you would prefer us to restrict processing instead of deleting it, or

  • we no longer need your personal data for the purposes it was collected, but you require the data in order to establish, exercise or defend legal claims, or

  • you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.


You have the right to object to the processing of your personal data at any time where we rely on a legitimate interest and there is something particular to your situation where you feel the processing impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Raise a complaint with a supervisory body

You have the right to register a complaint directly with a supervisory authority about how we process your personal data.

Withdraw consent

You have the right to withdraw consent at any time where we are relying on consent to process your personal data.  This will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain services to you and we will advise you if this is the case at the time you withdraw your consent.

Cookies & Related Technologies

Last updated on 10th January 2023

A cookie is a small file that contains information and is transferred to your computer's browser or hard drive and stored there.  Our website uses cookies to distinguish you from other users. This helps us provide you with a better and tailored experience when you browse our website.  At no point do we use cookies that identify you personally, and most cookies are deleted when you leave our website.  By continuing to browse the site, you are agreeing to our use of cookies.  We use the following type of cookie:

  • Analytical and performance cookies.  These allow us to recognise the number of visitors and to see how visitors move around the website as they use it. This helps with improvements to the website and how it works.

  • Functionality cookies.  These recognise you when you return to our website to enable us to personalise our content for you, greet you by name and remember your preferences.

  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed so our website and any advertising displayed on it is more relevant to you.

Google Analytics is the software used to track visitor usage through the use of cookies.  You can block cookies by enabling this setting on your browser so you can refuse some or all, however, if you use your browser settings to block all cookies you may not be able to access all of the content on our website.  Please contact us should you have any questions about our use of cookies.

bottom of page