Privacy Policy

Effective Date: 01 October 2025
Last updated: 31 October 2025

1. Who we are

Meritos Consulting is committed to protecting your privacy and will handle personal information lawfully, fairly and transparently.

This privacy policy will apply to personal information collected through our website at www.meritosconsulting.com and in the course of operating our business.

Meritos Consulting is made up of one or more legal entities. When we say “Meritos”, “we”, “us” or “our”, we are referring to the relevant entity responsible for processing your personal information. The controller for this website will be:

Controller name: Meritos Consulting Limited

Company number: 16085258

If your interaction is with another Meritos entity, that entity will be the controller.

2. Our Data Privacy Lead

We have appointed a data privacy lead to oversee questions about this privacy policy and our data protection practices.

If you have any questions, including requests to exercise your legal rights, you will contact us using the details above.

3. Complaints

You will have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. See www.ico.org.uk for details. We will appreciate the chance to deal with your concerns before you contact the ICO, so please contact us first.

4. Keeping your information up to date

We will take reasonable steps to keep your personal information accurate and up to date. Please tell us if your information changes by contacting admin@meritosconsulting.com

5. What information we will collect

Depending on how you interact with us, we will collect the following categories of personal information:

  • Identity and professional details: name, organisation, job title, relationship to a client or supplier, and similar details for a personal assistant if applicable
  • Contact details: email address, telephone number, postal address
  • Technical and usage data: IP address, device identifiers, browser type, time zone setting, pages viewed, clickstream data. We will obtain this through cookies and similar technologies. See section 9
  • Marketing preferences: your choices about receiving marketing and your communication preferences
  • Event data: attendance information for meetings, webinars and events, including dietary or access requirements
  • Business acceptance and onboarding data: identification and background information collected as part of our due diligence and risk checks
  • Financial data: payment related information if you pay us or we reimburse you
  • Recruitment data: CVs, cover letters, interview notes, right to work information, references
  • Any other information you provide: information you share when you contact us or complete forms on our website.

We will not intentionally collect special category information unless you provide it voluntarily, for example dietary or access requirements for an event. We will only use such information where the law will allow us to do so and for the purpose for which it was provided.

6. How we will collect your information

  • Directly from you, for example when you contact us, download content, subscribe to updates, register for an event or apply for a role
  • Automatically, when you use our website or emails, through cookies and similar technologies
  • From third parties and public sources, such as social networks like LinkedIn, partners that help us organise events, analytics providers, background check providers, and publicly available registers, to keep our records accurate and to support our services

7. How we will use your information and legal bases

We will use your personal information for the purposes below. We will only use your personal information where the law will allow us to. The main legal bases will be contract, legitimate interests, consent and legal obligation.

  • Providing and improving our services including client engagement, project delivery, billing and account management. Legal basis: contract, legitimate interests
  • Operating and improving our website and digital channels, including security monitoring and analytics. Legal basis: legitimate interests
  • Responding to enquiries and providing information you request. Legal basis: legitimate interests, contract where applicable
  • Marketing and thought leadership such as sending insights, event invitations and newsletters where permitted. You will be able to opt out at any time. Legal basis: consent where required by law, otherwise legitimate interests
  • Event administration, including managing registrations and catering for dietary or access needs. Legal basis: legitimate interests, consent for special category data
  • Recruitment, including assessing candidates and maintaining a talent pipeline. Legal basis: legitimate interests, legal obligation
  • Business acceptance, risk and compliance, for example anti‑money laundering, conflicts and sanctions checks. Legal basis: legal obligation, legitimate interests
  • Protecting our business and users, including fraud prevention, network security and enforcing our terms. Legal basis: legitimate interests, legal obligation

Automated decision making and profiling

We will not make decisions about you that will have legal or similarly significant effects based solely on automated processing. We may use limited profiling for marketing segmentation and to tailor communications. You will be able to opt out of marketing at any time.

8. Our services

When we provide services to clients, we will process personal information that is relevant to that engagement. We will only process such information in accordance with our contract with the client and applicable law. Where we act as a processor on behalf of a client, the client will be the controller and will be responsible for providing appropriate privacy information to individuals.

9. Cookies and similar technologies

Our website will use cookies and similar technologies to distinguish you from other users, to provide essential functionality and to help us improve the site. For details, see our Cookie Policy. You will be able to refuse non‑essential cookies or withdraw consent at any time using the controls described in that policy. Blocking some cookies may affect your site experience.

10. Marketing

We will use your contact details to send you updates that we believe will be relevant and useful. Where the law will require consent, we will ask for it first. You will always be able to opt out by using the unsubscribe link in any email or by contacting admin@meritosconsulting.com

We may use a CRM and email analytics to understand whether emails were opened, links were clicked and whether our website was visited after clicking. This will help us improve the relevance of our content.

11. Who we will share your information with

We will share personal information only where necessary and appropriate:

  • Trusted service providers: IT hosting, cloud and collaboration tools, website and analytics providers, email and CRM platforms, event partners, background check providers, professional advisers and auditors. We will have written contracts in place with processors.
  • Third parties involved in client engagements: where required to deliver our services and with appropriate safeguards
  • Legal and regulatory bodies: where required to comply with law or to protect rights, property or safety
  • Business transfers: if we reorganise, merge or sell parts of our business, personal information may transfer as part of the transaction

We will not sell your personal information.

12. International transfers

Your personal information may be transferred outside the UK or EEA. Where this happens, we will ensure appropriate safeguards will be in place, for example:

  • Adequacy regulations made by the UK government or adequacy decisions by the European Commission
  • Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Agreement or Addendum
  • Other safeguards permitted by law.

You can contact us for a copy of the relevant safeguards.

13. Data security

We will use appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration and loss. Access will be limited to those who have a business need and are subject to confidentiality obligations. We will have procedures to deal with suspected personal data breaches and will notify you and applicable regulators where legally required.

14. How long we will keep your information

We will only retain personal information for as long as necessary for the purposes we collected it and to meet legal, accounting or reporting requirements. Retention will vary by category, for example:

  • Website analytics data, typically 26 months
  • Marketing contact details, until you opt out or for 24 months after your last meaningful interaction
  • Client matter files, typically 5 years after engagement ends, unless a longer period is required
  • Recruitment records, typically 24 months from the end of the process unless you ask us to keep your details longer

15. Your legal rights

Under UK GDPR and applicable data protection laws, you will have rights which will include the right to:

  • Request access to your personal information and obtain a copy
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data where there is no good reason for us to continue processing it
  • Object to processing where we rely on legitimate interests and your situation will justify an objection
  • Object to direct marketing at any time
  • Request restriction of processing in certain circumstances
  • Request the transfer of your data to you or to a third party in a usable format where processing is based on consent or contract and is carried out by automated means
  • Withdraw consent at any time where we rely on consent

To exercise any of these rights, please contact admin@meritosconsulting.com

We may need to verify your identity before responding. You will not usually have to pay a fee. We will try to respond within one month, or inform you if more time is needed.

16. Third‑party links

Our website may include links to third‑party websites, plug‑ins and applications. Following those links or enabling those connections may allow third parties to collect or share information about you. We will not control those third‑party websites and will not be responsible for their privacy statements. We encourage you to read the privacy policy of every site you visit.

17. Children

Our website and services will not be directed at children and we will not knowingly collect data relating to children.

18. Changes to this policy

We will keep this policy under regular review. We will post any updates on this page and will indicate the effective date at the top. If the changes are material, we will take reasonable steps to let you know.

19. Contact us

Questions, comments or requests about this policy or our privacy practices will be welcomed and should be addressed to admin@meritosconsulting.com

We are a boutique consultancy founded in the UK, supporting clients worldwide

Contact Us

Meritos Perspectives, straight to your inbox

Thank you for subscribing!
Oops! Something went wrong while submitting the form.
Company
About UsServices
Life at Meritos
Our CultureCareers
Resources
PerspectivesClient Stories
Contact
Contact usLinkedIn
© 2025 Meritos Ltd. All rights reserved