Privacy Notice

Privacy Notice

Dated 19/05/26

The Roundhouse Farm Ltd. t/a Bullen Consulting is a consulting firm providing change management, project delivery and learning solutions that help organisations embed sustainable change, strengthen stakeholder engagement and build long-term capability.

Your privacy is extremely important us and we are fully committed to providing you with clear and transparent information about how we use your personal data. We will:

  • clearly specify our purposes before we process personal data;
  • ask for you consent to process your personal data (in cases where this is required); 
  • take appropriate security measures to protect your personal data and demand the same from parties who process personal data on our behalf; 
  • respect your right to access, rectify or delete your personal data;
  • only use your personal data for specified, explicit, and legitimate purposes. 

Please contact catherine@bullenconsulting.co.uk if you have any questions.

Information we collect about you when you use our website

You do not need to give us any information about yourself to view the Bullen Consulting website. When you access the website, our webserver logs your Internet Protocol (IP) address (a unique set of numbers that identifies one or more devices on a computer network), browser identifier and the time of access.

Our website contains links to other third-party websites, as well as social media websites including (but not limited to) LinkedIn; however, we do not control the privacy practices of such websites. For further information, you should refer to the respective website’s Privacy Notice.

Our website provides the option for individuals to contact us for further information about our services or to arrange an initial consultation. We will always respond using the contact information provided.

Our legal reasons for processing your personal data

We will only process information about you when we have a lawful reason to do so. When we process your information, we rely upon one of the following lawful reasons:

  • To comply with a legal obligation;
  • To perform a contract with you or to take steps at your request before entering into a contract with you;
  • To protect your vital interests or those of another individual;
  • When it is in our legitimate interests or those of another third party, providing that these interests are not overridden by your own interests and rights; and
  • With your consent.

Special categories of personal data

Special categories of personal data are a category of information that is more sensitive and requires greater protection. None of the information we process falls into this category. 

Other lawful reasons for processing information about you

We may need to process information about you to comply with a legal or statutory obligation. This includes but is not limited to:

  • auditing, compliance and administration practices; and
  • to maintain records of amendments to consents and to create suppression lists to ensure people who object to processing are excluded from the relevant processing activity.

When we share information about you

We will not share any information you have provided without your consent, unless there is a legal or other legitimate reason to do so, or it is necessary to provide the service you have requested.

Where it is necessary to share your personal information, we will limit the personal data that we share to the minimum required to provide the service and the provider will only be able to use personal data for the specific purposes for which it was shared.

Providing personal data to third parties 

We may share your personal data with our Associates, but do not, under any circumstances, share it with other companies or organisations, unless we are required to do so by law: 

We will never share your personal data with our Associates without a Data Processing Agreement in place and we only work with those that are compliant with EU laws and regulations.

How long we keep information about you

We will retain your personal data as long as is necessary to provide the services to which you have subscribed, or where we have another legitimate and lawful reason to do so. In addition, we may need to retain some information to comply with our legal obligations.

As the reason for retaining certain types of information varies, retention periods can vary significantly. Please contact us if you require any further information on specific retention periods.

Transfers of data out of the EEA

We may transfer your personal information to third-party data processors who are based in countries outside the European Economic Area (EEA). We may use some US-based companies that provide services such as IT, communications and data analytics service such as Google Analytics. We only use US-based organisations that are self-certified as adhering to the EU-US Privacy Shield.

We will not transfer your information to any processors based in other countries outside the EEA unless there is a European Commission adequacy decision for the specific country to which the data is transferred, or where we can be certain that there are adequate safeguards provided for your information and individual rights standards that meet the GDPR requirements. Please contact us if you require any further information relating to international transfers.

Security

We take the following security measures to reduce misuse of and unauthorised access to personal data:

  • We regularly evaluate our security measures. 
  • All Employees and Associates that have access to personal data are requested to sign a Non-Disclosure Agreement. 
  • The number of Employees and Associates that have access to your personal data is kept to an absolute minimum; only those that need the access to be able to provide you with the service your data was provided for, have access to it. 
  • Employees and Associates have no right to copy or use your personal data in any other way than for the purpose the data was provided for. 
  • All Employees and Associates are obliged to secure their workstation(s), laptop(s) and phone(s) with a password and must not store any of your personal data on local drives, in hard copy, or within personal cloud storage. 
  • All Employees and Associates are reminded of the importance and basic principles of GDPR compliance. 

Your rights in respect of your personal data

Your rights under the General Data Protection Regulation include:

  • Right of access - You have the right to see the personal information we hold about you. This is called a Data Subject Access Request (DSAR). You can request a copy of any personal information that we hold by writing to us.
     
  • Right to rectification - If we do hold information about you, you can ask us to correct or amend any inaccurate or incomplete information by contacting us in writing at the address below. We will either make the requested amendments or provide an explanation as to why we are not making changes.
     
  • Right to object and right to restriction of processing - If you object to processing, we will restrict the processing of your information for the purpose to which you are objecting whilst we review your objection.
     
  • Right to erasure - You have a right to request the deletion of your information in advance of our standard retention periods. We will delete this information unless there is a lawful reason for the information to be retained.
     
  • Right to data portability - This right has been introduced to make it easy to move someone’s personal data to a new service provider. The personal information must be transmitted in a structured, machine-readable and compatible electronic format.
     
  • Rights regarding automated decision-making, representation and compensation - You have the right not to be subjected to a decision that is based only on automated processing, including profiling. 

To exercise any of these rights, please contact us using the details provided below.

While we hope to be able to resolve any concerns you have about the way that we are processing your personal data, you have the right to lodge a complaint with the relevant supervisory authority if you believe your data has been processed in a way that does not comply with the GDPR or have any wider concerns about our compliance with data protection law. 

How to contact us

We hope that you have found this information helpful but if you have any questions or concerns, please contact us:

The Roundhouse Farm Ltd. t/a Bullen Consulting
25-27 Sandy Lane, Pell Wall, Market Drayton, Shropshire, TF9 2EE. United Kingdom
catherine@bullenconsulting.co.uk
 

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.