Privacy Policy

The People Vault

Last updated: 1 December 2025

1. Introduction

The People Vault ("we", "us", or "our") is committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are a consultancy specialising in organisational development and people strategy. This policy applies to all personal data we process in connection with our services.

2. Data Controller

The People Vault is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, please contact us at:

Email: danielle@thepeoplevault.co.uk

Address: Suite 1-2, Brookfield Court, Selby Road, Leeds, England, LS25 1NB

3. Information we collect

We may collect and process the following categories of personal data:

3.1 Information you provide directly

  • Name and contact details (email address, phone number, business address)

  • Job title and company information

  • Information provided during consultations or assessments

  • Payment and billing information

  • Communications and correspondence with us

3.2 Information collected automatically

  • Technical data such as IP address, browser type, and device information

  • Website usage data through cookies and similar technologies

  • Analytics data about how you interact with our website

4. How we use your information

We use your personal data for the following purposes:

  • To provide our consultancy services and fulfil our contractual obligations

  • To communicate with you about our services and respond to enquiries

  • To process payments and manage our business relationship

  • To send relevant updates about our services (where you have consented)

  • To improve our website and services

  • To comply with legal obligations

5. Lawful basis for processing

We process your personal data on the following legal bases:

  • Contract: Processing necessary for the performance of a contract or to take steps prior to entering into a contract

  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services and marketing

  • Consent: Where you have given specific consent to processing (e.g., marketing communications)

  • Legal obligation: Processing necessary to comply with a legal obligation

6. Data sharing

We may share your personal data with:

  • Service providers who assist us in delivering our services (e.g., IT providers, payment processors)

  • Professional advisers such as accountants and lawyers

  • Regulatory authorities where required by law

  • Associates who work with us to deliver client services (under appropriate confidentiality agreements)

We do not sell your personal data to third parties.

7. International transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office (ICO), or transfers to countries with adequate data protection laws.

8. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Typically, we retain client data for six years after the end of our engagement, after which it is securely deleted.

9. Your rights

Under UK data protection law, you have the following rights:

  • Right of access: Request a copy of your personal data

  • Right to rectification: Request correction of inaccurate data

  • Right to erasure: Request deletion of your data in certain circumstances

  • Right to restrict processing: Request limitation of processing

  • Right to data portability: Receive your data in a structured, machine-readable format

  • Right to object: Object to processing based on legitimate interests or for direct marketing

  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details above. We will respond to your request within one month.

10. Cookies

Our website uses cookies to enhance your browsing experience and analyse website traffic. You can manage your cookie preferences through your browser settings. For more information, please see our Cookie Policy [if applicable, link to separate cookie policy].

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

12. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Complaints

If you have any concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.