CENDORY DIGITAL
Privacy Policy
Version 1.0 | May 2026
Cendory Digital Ltd | London, United Kingdom
Cendory Digital Ltd (“Cendory Digital”, “we”, “us”, “our”) is committed to protecting your personal information and being transparent about how we use it. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have.
This policy applies to all personal data we process in connection with our website (cendorydigital.com), our services, courses, workshops, publications, tools, and any communications you have with us.
We are the data controller for personal data processed in accordance with this policy and are registered with the Information Commissioner’s Office (ICO) in the United Kingdom.
1. Who We Are
Cendory Digital Ltd is a technology and digital innovation company specialising in responsible AI consultancy, data analytics, and digital systems. We are based in London, United Kingdom.
Data Controller:
Cendory Digital Ltd, London, United Kingdom
Email: hello@cendory.co.uk
Website: www.cendory.co.uk
2. Personal Data We Collect
2.1 Website Visitors
- IP address and approximate location (country/region).
- Browser type, device type, and operating system.
- Pages visited, time on site, and referring URLs.
- Cookie and tracking data (see Section 8).
2.2 Enquiries and Contact Form
- Full name and email address.
- Organisation name (if provided).
- Any information you include in your message.
- The service or topic you are enquiring about.
2.3 Clients and Prospective Clients
- Full name, job title, and contact details.
- Organisation name and address.
- Payment and billing information (via third-party payment providers).
- Communications during the engagement.
- Project-related information you share with us.
2.4 Course, Workshop, and Publication Purchasers
- Full name and email address.
- Billing address (payment details handled by our payment provider — we do not store card details).
- Course or workshop progress and completion data.
- Feedback and ratings provided voluntarily.
2.5 Newsletter and Marketing Subscribers
- Email address.
- First name (if provided).
- Email engagement data (opens, clicks) to help us improve our communications.
2.6 Job Applicants
- CV, covering letter, and other information you provide.
- Contact details and employment history.
- References and background check information (where applicable and with consent).
2.7 Data We Do Not Collect
We do not intentionally collect special category data (such as health data, political opinions, or biometric data) unless strictly necessary and you have given explicit consent. We do not knowingly collect personal data from individuals under 18 years of age.
3. How We Collect Personal Data
- Directly from you via contact forms, purchases, course registrations, newsletter sign-ups, or correspondence.
- Automatically via cookies and tracking technologies when you visit our website.
- From third-party platforms such as LinkedIn when you engage with our content there.
- From payment processors when you make a purchase (transaction data only, not full card details).
- From referrals where a contact has passed on your details with your knowledge.
4. Why We Use Your Personal Data
We use personal data only where we have a lawful basis under the UK GDPR. The table below sets out our main processing activities:
| Purpose | Lawful Basis | Data Categories |
| Responding to enquiries | Legitimate interests / Pre-contractual steps | Contact details, message content |
| Delivering consulting services | Contract performance | Client and project data |
| Invoicing and payment processing | Contract performance / Legal obligation | Billing and financial data |
| Delivering courses and publications | Contract performance | Purchase and access data |
| Service-related communications | Contract performance / Legitimate interests | Email address, name |
| Marketing emails and newsletters | Consent | Email, name, engagement data |
| Improving our website | Legitimate interests | Usage and analytics data |
| Legal and regulatory compliance | Legal obligation | Various as required by law |
| Protecting our legal interests | Legitimate interests | Relevant correspondence |
| Recruitment | Pre-contractual steps / Legitimate interests | CV, contact details, employment history |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object — see Section 7.
Where we rely on consent (e.g. marketing emails), you can withdraw consent at any time by clicking “unsubscribe” or contacting us at hello@cendorydigital.com.
5. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share it only in the circumstances below:
5.1 Service Providers
Trusted third-party providers who act as data processors on our behalf, including:
- Website hosting and infrastructure providers.
- Email delivery and marketing platforms.
- Payment processors (e.g. Stripe). We do not store card details.
- Online course and learning management platforms.
- Scheduling and booking tools.
- CRM and cloud storage services.
- Analytics providers.
5.2 Professional Advisers
Legal advisers, accountants, auditors, or insurers where necessary for professional advice or legal proceedings.
5.3 Legal Requirements
Law enforcement, regulators, or other authorities where required by law, court order, or to protect rights and safety.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred. We will notify affected individuals of any material change.
5.5 International Transfers
Some providers process data outside the UK. We ensure appropriate safeguards are in place, including UK-approved Standard Contractual Clauses or adequacy decisions. Contact us for details of specific safeguards.
6. How Long We Keep Your Data
| Data Type | Retention Period | Reason |
| Client engagement records | 7 years after engagement ends | Legal and tax obligations |
| Financial and invoicing records | 7 years | HMRC requirements |
| Contact enquiries (not converted) | 12 months | Reasonable follow-up period |
| Marketing subscribers | Until unsubscribe or consent withdrawn | Consent-based processing |
| Website analytics data | 26 months (anonymised) | Analytics and improvement |
| Course and workshop records | 3 years after purchase | Support and certification |
| Unsuccessful job applications | 6 months after decision | Potential future roles |
| Successful job applications | Employment + 7 years | Employment records |
Where data is no longer required, we delete or anonymise it securely.
7. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
Right of Access
Request a copy of the personal data we hold about you. We will respond within one month.
Right to Rectification
Ask us to correct inaccurate or incomplete personal data.
Right to Erasure
Ask us to delete your personal data in certain circumstances, for example where it is no longer needed or you withdraw consent.
Right to Restrict Processing
Ask us to restrict how we process your data, for example while a complaint is being investigated.
Right to Data Portability
Receive your data in a structured, machine-readable format and have it transferred to another controller where technically feasible (applies to consent and contract-based processing).
Right to Object
Object to processing based on legitimate interests or for direct marketing. We will stop direct marketing immediately on request.
Automated Decision-Making
You have the right not to be subject to decisions made solely by automated processing. We do not currently make any such decisions about individuals.
How to Exercise Your Rights
Email hello@cendorydigital.com. We may verify your identity before processing your request. We will respond within one month (up to three months for complex requests).
Right to Complain
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk | Helpline: 0303 123 1113
ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address concerns before you contact the ICO.
8. Cookies and Tracking Technologies
8.1 What Are Cookies
Cookies are small text files placed on your device when you visit a website, used to make sites work and to provide analytics information.
8.2 Cookies We Use
| Category | Purpose | Duration | Consent? |
| Strictly necessary | Essential for the site to function (e.g. session management) | Session | No |
| Functional | Remember your preferences and settings | Up to 12 months | Yes |
| Analytics | Understand how visitors use our site. Data anonymised where possible. | Up to 26 months | Yes |
| Marketing | Track effectiveness of campaigns. Only if consent given. | Up to 12 months | Yes |
8.3 Managing Cookies
A cookie consent banner will appear on your first visit. You can accept all, reject non-essential, or manage by category. You can also control cookies through your browser settings — note this may affect site functionality.
To opt out of Google Analytics: tools.google.com/dlpage/gaoptout
9. How We Protect Your Data
We implement appropriate technical and organisational measures including:
- Encrypted data transmission using HTTPS/TLS.
- Access controls limiting data to authorised personnel only.
- Secure password policies and multi-factor authentication on key systems.
- Regular review of third-party providers for adequate security standards.
- Staff awareness of data protection obligations.
- Secure deletion of data no longer required.
In the event of a personal data breach likely to risk your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.
10. Third-Party Links and Services
Our website may contain links to third-party sites not operated by us. This Privacy Policy does not apply to those sites. We recommend reviewing their privacy policies.
We may embed third-party content (e.g. video, scheduling tools) which may set their own cookies. Please refer to the relevant platform privacy policy.
11. Children’s Privacy
Our website and services are not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have done so, please contact us at hello@cendorydigital.com and we will delete it promptly.
12. Changes to This Policy
We review this policy periodically. When we make material changes we will update the date below and, where appropriate, notify you by email or a notice on our website.
Your continued use of our website or services after changes are made constitutes acceptance of the updated policy. Previous versions are available on request.
13. Contact Us
For any questions, concerns, or requests about this Privacy Policy or our data practices:
Data Protection Enquiries
Cendory Digital Ltd
Email: hello@cendory.co.uk
Website: www.cendory.co.uk
London, United Kingdom
We aim to respond to all data protection enquiries within 10 business days.
Last updated: May 2026 | Version 1.0