Privacy Notice

Rock Consultancy may use your personal data to communicate and provide information, or to provide consultancy services (together called “our services”) to you or your firm. We have described how we collect, store and use your data in this privacy notice.

We take seriously our responsibilities to look after your data and we are committed to protecting your privacy. There are steps you can take to control what we do with your data and we have explained those steps in this privacy notice.

This notice explains how and why we collect data, our lawful bases for it, and how we use it.

When we talk about data and personal data in this privacy notice, we mean personal data which identify you or which could be used to identify you such as your name and contact details. It may also include information about how you use our website and services.

What you need to know

  1. Who is responsible for your data

Rock Consultancy is responsible for your data. We are the data controller of the data which we collect from you, and as such we control the ways your personal data are collected and the purposes for which your personal data are used.

  1. Information we collect
When you make contact with us or use our services, we collect the following types of information: Additionally, we may collect publicly available information:
  • If you contact us to enquire about our services, we will use your name and contact details to respond to you and keep in contact with you, unless you ask us not to.
  • You might provide this information directly to us or, where you work for a firm, your firm might provide it to enable you to use our services on the firm’s behalf.
  • If you make your name and/or business contact details public (for example, on your firm’s website, LinkedIn, or other website), we may use those to contact you in relation to our services if we believe they are likely to be directly relevant to you.


  1. How we use your data, and our lawful basis

We can only use your personal data if we have a proper reason for doing so, such as:

  • To fulfil a contract we have with you (or with a firm you work for), or
  • If we have a legal duty to use your data for a particular reason, or
  • When you consent to it, or
  • When it is in our legitimate interests.

Legitimate interests are our business or commercial reasons for using your data but, even so, we will not unfairly put our legitimate interests above what is best for you.

Here are the ways in which we use your personal data and the reasons we rely on for doing so:

Your personal data How we use it Legal grounds for using it
Your name and contact details which you, or your firm, have given to us To communicate with you. Our legitimate interests

With your consent

Business contact information you make publicly available To communicate with you in respect of our services, to the extent that we believe the communication will be relevant to you and your business interests. Our legitimate interests


Where we rely on our legitimate interests for using your personal data, these may include:

  • Keeping our records up to date
  • Considering whether our services may be of interest and relevance to you
  • Developing our services and calculating our charges
  • Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties
  • Identifying ways to improve the way we deliver services to our customers

We may share your personal information with:

  • Our IT service and infrastructure providers that we use as part of our website and IT storage solutions
  • Any other third party entities who perform functions on our behalf and who also provide services to us
  • Companies that may merge with or acquire us.

Any third parties with which we share your personal information have entered into a legally binding data sharing agreement with us and comply with similar and no less stringent undertakings of privacy and confidentiality to those set out in this Privacy Notice.

  1. How long do we keep personal data for? Asking for personal data to be erased.

We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law.

We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.

If you ask us to erase your personal data before then, we will do so unless there is a legal or regulatory reason to retain it.

  1. Where is personal data stored and how do we protect it?

Data is held securely within our file systems with access controls to keep it safe. Regular daily backups ensure that integrity is preserved.

  1. Cookies

This website does not use cookies for users who simply browse, but do not log in. Cookies are small pieces of information stored on your device by the web browser of your device. For more information about cookies see

  1. Mailing Lists

If you register with us to join our mailing list, we ask for your personal data and your consent to use it. We will send you information and updates following your sign up, and hope that they will be useful and interesting to you. You can ask us to remove you from the list at any time (see 8. below).

  1. Your rights

If you have any questions or concerns, or if you want to access or amend your data, please contact us at 27 Old Gloucester Street, London, WC1N 3AX, or by email at or on 020 3143 5295.

  1. Complaints

In the unlikely event that you have a complaint about Rock Consultancy and how we have used your personal data, that you don’t feel we can rectify, you have the right to contact the Information Commissioner’s Office:

Changes to this privacy notice

This notice may be amended from time to time. If we change it, the alterations will be published on these pages, and on our website.