Skip to content
CiAConsultancy in ActionAI Operations for Real Businesses

Privacy

Privacy notice

A plain-English summary of how we handle personal data. This is the policy customers and assessment respondents agree to.

Who we are

Consultancy in Action (“we”, “us”) is a UK consultancy delivering AI Operations services to small and medium-sized businesses. You can contact us at hello@consultancyinaction.co.uk.

What we collect

  • · AI Readiness Assessment leads: name, work email, company, optional phone, budget range, your answers, your computed score, and your consent record (version, timestamp, IP).
  • · Consultation bookings: whatever you submit via Calendly (typically name, email, company, time-slot).
  • · Engagement records: details necessary to deliver a paid engagement (project scope, contact information, invoicing details).
  • · Analytics (consent-based): aggregate, non-identifying usage data via Google Analytics 4 and Microsoft Clarity — loaded only if you accept analytics cookies. See our cookie policy.

Lawful basis

  • · Legitimate interest — to deliver the report or service you’ve asked for.
  • · Consent — for marketing-style follow-up (separate opt-in; never pre-ticked).
  • · Contract — to perform an engagement once you become a client.
  • · Legal obligation — for accounting and tax records.

Your rights

Under the UK GDPR and the EU GDPR you have the right to access, correct, delete, restrict or object to the processing of your personal data, to data portability, and to withdraw consent at any time (without affecting processing already carried out). Email hello@consultancyinaction.co.uk and we will action requests promptly, normally within one month.

Retention

Assessment leads are retained for up to 24 months from your last interaction with us, then automatically deleted by a scheduled retention job unless you have asked to stay on marketing. You can ask us to erase your data at any time and we action it promptly. Client engagement records are retained for the statutory period required for tax and accounting purposes.

Sub-processors

We use third-party processors for transactional email (e.g. Resend or SendGrid), CRM (e.g. HubSpot or Pipedrive), scheduling (Calendly) and analytics (Google Analytics 4, Microsoft Clarity). All are bound by their own GDPR commitments.

International transfers

Some of our sub-processors are located outside the UK and EEA. Where personal data is transferred internationally, we rely on an adequacy decision or appropriate safeguards — such as the UK International Data Transfer Agreement / Addendum or the EU Standard Contractual Clauses — so your data keeps an equivalent level of protection.

Complaints

If you’re in the UK, you can complain to the Information Commissioner’s Office at ico.org.uk. If you’re in the EU/EEA, you can lodge a complaint with your national data protection supervisory authority — you can find yours via the European Data Protection Board. We’d appreciate the chance to resolve it with you first.

Cookies

For how we use cookies and how to change your choice, see our cookie policy.

This page is a plain-English summary. Where a written client Data Processing Agreement is in place, that DPA governs in case of conflict. Get in touch for the full DPA template.

Last reviewed: June 2026.