1. Who we are
Fitoearthur ("we", "us", or "our") is a workplace culture consultancy based in London. We provide general, educational, non-medical guidance to organisations. For the purposes of the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we act as the data controller for personal data processed through this website.
You can reach our team using the details listed in the contact section at the end of this policy. If you have a question about how we handle your information, we would rather you asked than wondered.
2. Scope of this policy
This policy applies to personal data we process when you browse this website, complete the contact form, or communicate with us by email or telephone. It does not apply to third-party websites that may be linked from our pages; those services operate under their own privacy notices, which we encourage you to read.
Our website offers general informational content only. It is not a place where you are asked to create an account, make a purchase, or submit sensitive details, and we have designed our data practices to reflect that limited purpose.
3. Data we collect
We keep data collection to the minimum needed to operate the site and respond to enquiries. Depending on how you interact with us, this may include:
3.1 Information you give us
- Your name, when you complete the contact form or write to us.
- Your email address, so that we can reply to your enquiry.
- The content of your message, including any details you choose to include.
- Records of correspondence if you continue a conversation with our team.
3.2 Information collected automatically
- Limited technical data such as browser type and general device information.
- Cookie preferences that you set through our consent banner.
- Aggregated, non-identifying usage information, only where you have allowed analytics cookies.
Please do not send us special category data (such as health information) through the contact form. Our services are general and non-medical, and the form is not intended for sensitive personal details.
4. How we use your data
We use the personal data described above for clearly defined purposes:
- To respond to your enquiry and provide the information you have requested.
- To arrange and follow up on discovery conversations where you have asked for one.
- To maintain a basic record of our correspondence for continuity.
- To keep the website secure and functioning as intended.
- To understand, in aggregate, which pages visitors find useful, where analytics consent has been given.
We do not sell personal data, and we do not use your details to make automated decisions that produce legal or similarly significant effects.
5. Legal basis for processing
Under the UK GDPR, we rely on the following lawful bases:
5.1 Consent
When you submit the contact form, you provide consent for us to use your details to reply. You can withdraw this consent at any time by asking us to delete your enquiry.
5.2 Legitimate interests
We rely on our legitimate interest in operating a secure, functional website and in responding to genuine enquiries, balanced against your rights and expectations.
5.3 Legal obligation
In limited circumstances we may process data to comply with a legal or regulatory obligation that applies to us.
6. Sharing and service providers
We share personal data only where it is necessary and appropriate. This may include trusted service providers who help us operate the website, deliver email, or host our content. These providers act as processors on our behalf and are bound by contractual obligations to protect your data and use it only as instructed.
We may also disclose information where we are required to do so by law, or to protect our rights, property, or safety, or those of others. We do not share your details with advertisers for their own independent use.
7. How long we keep your data
We retain personal data only for as long as it is needed for the purpose it was collected, after which it is securely deleted or anonymised. As a general guide:
- Enquiry messages and related correspondence are kept for up to 24 months from our last contact, unless an ongoing relationship requires us to keep them longer.
- Cookie preference records are kept for up to 12 months, after which we will ask for your choices again.
- Aggregated analytics information, where collected, is retained in a non-identifying form.
If you ask us to delete your data sooner, we will do so unless we have a clear legal reason to retain it.
8. Security measures
We take reasonable and appropriate technical and organisational measures to protect personal data against loss, misuse, and unauthorised access. These measures include encrypted connections over HTTPS, access controls that limit who can view enquiry data, and regular reviews of the small number of tools we use.
No method of transmission over the internet is completely secure, so while we work hard to protect your information, we cannot promise absolute security. We encourage you to share only what is necessary when contacting any organisation online.
9. Your rights
Under data protection law, you have a number of rights in relation to your personal data. These include:
- Access — to request a copy of the personal data we hold about you.
- Rectification — to ask us to correct information that is inaccurate or incomplete.
- Erasure — to ask us to delete your personal data in certain circumstances.
- Restriction — to ask us to limit how we use your data.
- Objection — to object to processing based on our legitimate interests.
- Portability — to receive certain data in a portable format.
- Withdrawal of consent — to withdraw consent at any time, without affecting earlier lawful processing.
To exercise any of these rights, please contact us using the details below. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, although we hope you would speak with us first.
10. Cookies
We use a small set of cookies to keep the site working and, with your permission, to understand how it is used. You can review and change your choices at any time through the cookie settings link in the footer. For full detail, please see our Cookie Policy.
11. International transfers
Where a service provider processes data outside the United Kingdom, we take steps to ensure an appropriate level of protection, such as reliance on adequacy decisions or standard contractual clauses. We will always seek to ensure your data remains protected to a standard consistent with UK law.
12. Children's privacy
Our website and services are intended for organisations and working professionals. They are not directed at children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us so we can remove it.
13. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or in the law. When we do, we will revise the date shown at the top of this page. We encourage you to review this policy periodically so that you stay informed about how we handle personal data.
14. How to contact us
If you have any questions about this Privacy Policy or wish to exercise your rights, please reach out:
We will respond to genuine requests within the timeframes set out in applicable data protection law.