Privacy Notice
Next Phase Consultancy ("we") are committed to protecting the privacy of your personal data.
​
This notice aims to give you information on how we collect and processes your personal data through your use of this website, including any data you may provide through this website, for example when you sign up to our checklist.
​
Next Phase Consultancy is committed to protecting the privacy needs of children and encourages parents and guardians to take an active role in their children’s online activities and interests. We do not intentionally collect information from children and we do not target our website to children.
​
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information. This privacy notice supplements the other notices and is not intended to override them.
Controller
Next Phase Consultancy is a “data controller”. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Laws to notify you of the information contained in this privacy notice.
​
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
Contact Details
Lucille Tut
lucille@nextphaseconsultancy.com
Company registration number: 16303792
ICO registration number: ZC056053
Changes to this privacy notice and your duty to inform us of changes
This notice may be updated from time to time. We encourage you to review this notice regularly when you visit our website to learn more about how we are using your personal data and safeguarding your privacy.
​
This version is dated 19 December 2025 and historic versions can be obtained by contacting us as above.
​
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third party links
Our website may, from time to time, contain links to and from third-party websites, plug-ins and applications, including without limitation websites of our partner networks and affiliates. Clicking on those links may allow third parties to collect or share data about you. Please note that these third-party websites have their own privacy notices and we do not control those websites or accept any responsibility or liability for these privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit. This notice is specific to our website.​​
1. The personal data we may collect about you
We collect personal data based on the relationship you have with us:
​
Client services: Please refer to our Data Processing Agreement as part of our client engagement pack.
Receiving our newsletter or checklists: Your name, email address and organisation details to allow us to communicate with you when you subscribe to our publications, or attend our events.
2. Where we collect your personal data from
We collect your personal data from:
​
-
you (for example by filling in forms or by corresponding with us by post, phone, email or otherwise). This includes personal data you provide when you:
-
make enquiries about or request our services.
-
subscribe to receive our newsletters and/or publications.
-
request marketing to be sent to you.
-
give us some feedback.
-
3. The purposes, categories, legal basis and recipients of your personal data
We set out below the purposes for use of your personal data:
​
-
Relationship Management: To provide you with information (for example in respect of products and services) that you request from us and taking steps at your request.
-
To make suggestions and recommendations to you about products or services that may be of interest to you, to provide industry insight or to invite you to events.
The category of personal data collected is contact details:
​
-
name,
-
email address and
-
business name.
We process your personal data under the legal basis of consent.
We only share your personal data with third parties who provide IT services to us and third parties whom we may choose to sell, transfer, or merge our business. If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy notice.
4. Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing. We have established the following personal data control mechanisms:
​
Marketing communications from us
We may use your individual details to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, events and industry insight may be relevant for you.
You will receive marketing communications from us if you have requested information from us and you have provided your explicit consent by way of opting-in to receiving our marketing communications in accordance with applicable law. Such marketing communications may include the launch of new services, details of services, products, or events, which we think, may be of interest to you.
Legal basis of processing
We process your personal data under the legal basis of consent.
Managing your Marketing Preference (Opting out)
You can manage your marketing preferences or ask us to stop sending you marketing messages at any time by following the opt-out links in any marketing message sent to you or by contacting contact@nextphaseconsultancy.com at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of any client engagement and will not affect communications relating to any such matters on which we are advising you.
5. Profiling and automated decision making
There is no profiling or automated decision making used in our services.
6. Data Security
We have put in place appropriate physical, electronic and procedural security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Retention of your personal data
We will retain your personal data for as long as is necessary for the purpose it was collected, typically for marketing activity we would continue to contact you unless you withdrew your consent by contacting us at contact@nextphaseconsultancy.com or unsubscribed by selecting this option in our communications.
​
For client services please refer to your client engagement pack.
8. International transfers
We do not transfer your personal data outside of the UK, if we were to do so those transfers would always be made in compliance with the UK GDPR.
9. Your rights and the contact details of the ICO
If you have any questions about this privacy notice or in relation to our use of your personal data, you should first contact us at contact@nextphaseconsultancy.com. Under certain conditions, you may have the right to require us to:
​
-
provide you with further details on the use we make of your personal data/special category of data.
-
provide you with a copy of the personal data that you have provided to us.
-
update any inaccuracies in the personal data we hold.
-
delete any personal data that we no longer have a lawful ground to use.
-
where processing is based on consent, to withdraw your consent so that we stop that processing e.g. marketing.
-
restrict how we use your personal data.
If you wish to exercise any of the rights, please contact us as set out above.
​
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
​
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
​
Your right to complain to the ICO
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think that we have breached the UK GDPR, then you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Please see below for contact details of the ICO.
​
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
​
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Tel No.: 0303 123 1113
Email: casework@ico.org.uk