1. Who We Are

Outrider Advisory Ltd is the data controller responsible for the personal data collected through this website and in the course of providing our services.

Outrider Advisory Ltd October House, Westminster Road, Wrexham Company registration number: 17165057 Email: Hello@outrideradvisory.co.uk

2. What Personal Data We Collect

We may collect and process the following personal data:

(a) Information you provide through our contact form: your name, email address, phone number (if provided), organisation name (if provided), and the content of your message.

(b) Information you provide during an engagement: this may include names, contact details, job titles, and other personal data relevant to the services being provided, as agreed in the applicable Engagement Letter.

(c) Technical data collected automatically when you visit this website: your IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of your visit.

(d) Cookie data: see our Cookie Policy section below.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

(a) To respond to enquiries submitted through the contact form.

(b) To provide the services agreed with you or your organisation under an Engagement Letter.

(c) To manage our business relationship with you, including invoicing and administration.

(d) To comply with legal and regulatory obligations.

(e) To monitor and improve the performance and security of this website.

4. Lawful Basis for Processing

We process your personal data on the following lawful bases under the UK GDPR:

(a) Legitimate interests (Article 6(1)(f)): to respond to enquiries, to manage our client relationships, and to ensure the security of our website. Our legitimate interests do not override your rights and freedoms.

(b) Performance of a contract (Article 6(1)(b)): where processing is necessary for the performance of a contract between us or to take steps at your request before entering into a contract.

(c) Legal obligation (Article 6(1)(c)): where we are required to process personal data to comply with a legal or regulatory obligation, including but not limited to safeguarding duties, mandatory notifications to regulators, and tax and accounting requirements.

(d) Consent (Article 6(1)(a)): where you have given clear consent for us to process your personal data for a specific purpose. You may withdraw consent at any time by contacting us.

5. Special Category Data

In the course of providing our services, we may process special category data (for example, health data or data relating to clinical performance). Where this occurs, processing will be carried out under one or more of the following conditions:

(a) Explicit consent of the data subject.

(b) Processing is necessary for reasons of substantial public interest under Schedule 1 of the Data Protection Act 2018.

(c) Processing is necessary for the provision of health or social care or treatment, or the management of health or social care systems (Article 9(2)(h) UK GDPR).

All special category data will be handled in accordance with the Caldicott Principles and the common law duty of confidence.

6. Who We Share Your Data With

We do not sell your personal data to any third party.

We may share your personal data with:

(a) Our professional advisors (for example, accountants or legal advisors) where necessary for the operation of our business, on a confidential basis.

(b) Regulatory bodies, including the Care Quality Commission, NHS England, the General Medical Council, and the Nursing and Midwifery Council, where disclosure is required by law or necessary in connection with a safeguarding concern or patient safety risk.

(c) Law enforcement agencies or courts where disclosure is required by law or court order.

(d) Our website hosting provider (Framer) and any analytics services we use, which may process technical data on our behalf. These providers act as data processors and are bound by contractual obligations to process personal data only on our instructions and in compliance with UK data protection legislation.

7. International Transfers

Our website is hosted by Framer, which may process data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including UK International Data Transfer Agreements or transfers to countries that have been assessed as providing an adequate level of data protection.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purpose for which it was collected:

(a) Contact form enquiries: retained for 12 months from your last communication with us, unless the enquiry leads to an engagement.

(b) Client engagement data: retained for six years from the completion or termination of the engagement, in line with professional indemnity insurance requirements and the Limitation Act 1980.

(c) Financial records: retained for six years in accordance with HMRC requirements.

(d) Website analytics data: retained for a maximum of 26 months.

After the applicable retention period, personal data will be securely deleted or anonymised.

9. Your Rights

Under UK data protection legislation, you have the following rights:

(a) Right of access: to request a copy of the personal data we hold about you.

(b) Right to rectification: to request correction of inaccurate or incomplete personal data.

(c) Right to erasure: to request deletion of your personal data where there is no compelling reason for its continued processing.

(d) Right to restrict processing: to request that we limit how we use your personal data.

(e) Right to data portability: to request a copy of your personal data in a structured, commonly used, machine readable format.

(f) Right to object: to object to the processing of your personal data where we are relying on legitimate interests as the lawful basis.

(g) Rights in relation to automated decision making: we do not carry out any automated decision making or profiling using your personal data.

To exercise any of these rights, please contact us at Hello@outrideradvisory.co.uk. We will respond within one month of receiving your request. There is no charge for exercising your rights unless a request is manifestly unfounded or excessive.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Website: ico.org.uk Telephone: 0303 123 1113

10. Cookies

This website uses cookies. Cookies are small text files placed on your device when you visit a website.

We use the following types of cookies:

(a) Strictly necessary cookies: required for the website to function. These cannot be switched off.

(b) Analytics cookies: help us understand how visitors use the website by collecting information anonymously. We use [insert provider, for example Google Analytics or Framer Analytics] for this purpose.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

For more information about cookies, visit allaboutcookies.org.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with the updated effective date. We will not reduce your rights under this policy without your explicit consent.

12. Contact

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us:

Outrider Advisory Ltd October House, Westminster Road, Wrexham Email: Hello@outrideradvisory.co.uk

Last updated: April 2026