Privacy Notice

Harbour Governance | CKSCC Ltd

Version 1.0 | Effective date: 18 June 2026

 1. Who We Are

This Privacy Notice explains how CKSCC Ltd, trading as Harbour Governance, collects, uses, and protects your personal data when you visit our website or engage with our services.

CKSCC Ltd is the data controller for the purposes of UK GDPR and the Data Protection Act 2018.

If you have any questions about this notice or how we handle your data, please contact us:

•       Email: hello@harbourgovernance.com

•       ICO Registration Number: [INSERT ONCE REGISTERED]

2. What Personal Data We Collect

Depending on how you interact with our website and services, we may collect the following categories of personal data:

2.1 Contact and Enquiry Information

When you complete our contact or enquiry form, we collect:

•       Your name

•       Your email address

•       Your telephone number (if provided)

•       Any information you include in your message

2.2 Business and Organisation Details

Where you contact us in a professional capacity, we may also collect:

•       Your job title and organisation name

•       Your organisation's sector and size

•       Details about your governance or compliance requirements

2.3 Newsletter and Marketing Preferences

If you subscribe to our newsletter or marketing updates, we collect:

•       Your name and email address

•       Your marketing preferences and consent records

2.4 Payment Information

If you purchase services or products from us, we collect payment details necessary to process your transaction. We do not store full card details — payment processing is handled securely by our payment provider.

2.5 Technical Data

When you visit our website, we may automatically collect limited technical information, including your IP address, browser type, pages visited, and time of access. This is used solely for website security and performance purposes.

3. How We Use Your Personal Data

We use your personal data only for legitimate purposes and only where we have a valid lawful basis to do so under UK GDPR.

3.1 Responding to Enquiries

Lawful basis: Legitimate interests (Article 6(1)(f) UK GDPR).

We use the information you submit via our contact form to respond to your enquiry and to discuss potential services with you.

3.2 Delivering Our Services

Lawful basis: Performance of a contract (Article 6(1)(b) UK GDPR).

Where you engage Harbour Governance to deliver consultancy services, we process your data as necessary to fulfil our contractual obligations.

3.3 Processing Payments

Lawful basis: Performance of a contract (Article 6(1)(b) UK GDPR).

We process payment information as necessary to complete transactions for our services and products.

3.4 Marketing and Newsletter Communications

Lawful basis: Consent (Article 6(1)(a) UK GDPR).

We will only send you newsletters, updates, or marketing communications where you have explicitly consented to receive them. You may withdraw your consent at any time by using the unsubscribe link in any marketing email or by contacting us directly.

3.5 Legal and Regulatory Compliance

Lawful basis: Legal obligation (Article 6(1)(c) UK GDPR).

We may process your data where required to comply with our legal obligations, including financial record-keeping requirements.

4. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.

•       Enquiry and contact data: up to 12 months from last contact, unless a contract follows

•       Client and contractual data: 6 years from the end of the contract, in line with the Limitation Act 1980

•       Financial and payment records: 6 years, as required by HMRC

•       Marketing consent records: retained until consent is withdrawn, plus a further 12 months for audit purposes

5. Who We Share Your Data With

We do not, and will never, sell, rent, or trade your personal data. We may share your data with trusted third parties only where necessary:

•       Our payment processor, for the purpose of processing transactions securely

•       Our IT and hosting providers, who process data only on our instructions

•       Professional advisors (accountants, legal advisors) where necessary

•       Regulatory bodies or law enforcement, where we are legally required to disclose

All third parties with whom we share data are required to handle it in accordance with UK GDPR. We do not transfer personal data outside the UK or EEA unless appropriate safeguards are in place.

6. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

•       Right of access — to request a copy of the personal data we hold about you

•       Right to rectification — to ask us to correct inaccurate or incomplete data

•       Right to erasure — to ask us to delete your data in certain circumstances

•       Right to restriction of processing — to ask us to limit how we use your data

•       Right to data portability — to receive your data in a structured, machine-readable format

•       Right to object — to object to processing based on legitimate interests or for direct marketing

•       Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one calendar month. We may need to verify your identity before processing your request.

7. Cookies

Our website may use cookies and similar technologies. For full details of the cookies we use and how to manage your preferences, please refer to our Cookie Policy, which is available on our website.

8. How to Make a Complaint

If you are unhappy with how we have handled your personal data, you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

•       Website: www.ico.org.uk

•       Helpline: 0303 123 1113

We would, however, welcome the opportunity to address your concerns before you contact the ICO. Please contact us in the first instance using the details in Section 1.

9. Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. The current version will always be available on our website. We will notify you of material changes where we are able to do so.

This notice was last reviewed: 18 June 2026. Next Review – 17 June 2027.