Privacy Policy

Last updated: 31 May 2026

  1. Who we are

This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the data controller for the personal data we collect from you. If you have any questions about this policy or how we handle your data, please contact us at: info@tom-hurley.com

  1. What data we collect

We collect and process the following personal data:

Identity and contact data: your name, email address, phone number, and postal address

Payment data: billing address and payment card details (processed securely via our payment provider)

We do not collect sensitive (special category) data unless explicitly required and agreed with you in writing.

  1. How we collect your data

We collect personal data directly from you when you enquire about or purchase our services, enter into a contract with us, communicate with us by email, phone, or through our website, or make a payment for services.

  1. How we use your data

We use your personal data to provide and deliver our services (legal basis: performance of a contract), to process payments and send invoices (performance of a contract), to communicate with you about your enquiry or project (legitimate interests), to comply with legal and regulatory obligations (legal obligation), and to send service-related updates (legitimate interests). We will not use your data for marketing purposes without your explicit consent.

  1. How long we keep your data

We retain personal data only for as long as necessary. Client records (including contact and payment data) are kept for 6 years after the end of our business relationship, in line with UK tax and legal requirements. Enquiries that did not result in a contract are kept for 12 months. After these periods, your data will be securely deleted or anonymised.

  1. Who we share your data with

We may share your personal data with payment processors (to securely handle card transactions), professional advisers such as accountants or solicitors where required, and HM Revenue & Customs or other regulators where legally required. We do not sell your personal data to third parties. We do not transfer your data outside the UK without ensuring adequate protections are in place.

  1. Your rights

Under UK GDPR, you have the right to access the personal data we hold about you, correct any inaccurate or incomplete data, erase your data (the right to be forgotten) subject to legal retention requirements, restrict the processing of your data in certain circumstances, object to processing based on legitimate interests, and receive your data in a machine-readable format (data portability). To exercise any of these rights, please contact us at info@tom-hurley.com. We will respond within one calendar month.

  1. Cookies

Our website may use cookies to improve your browsing experience. Where we use non-essential cookies, we will ask for your consent. You can manage or disable cookies through your browser settings at any time.

  1. How we protect your data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Payment data is processed via encrypted, PCI-DSS-compliant providers and we do not store full card details ourselves.

  1. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would welcome the opportunity to address your concerns directly first — please contact us at info@tom-hurley.com.

  1. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the date of last update shown at the top of this page.