This Privacy Policy outlines how H27 Consulting Ltd ("we", "us", or "our"), based in the United Kingdom, collects, uses, and protects your personal data.

 We operate in strict accordance with the Data Protection Act 2018 (DPA 2018), the UK GDPR, and, for residents within the European Economic Area (EEA), the General Data Protection Regulation (EU) 2016/679 (GDPR).

The data controller is registered with the Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights. In compliance with English law, we commit to processing data lawfully, fairly, and transparently.

We process personal data only where a legal basis exists:• Contractual Necessity: To deliver our strategic blueprints and frameworks.• Legal Obligation: For tax compliance with HMRC (HM Revenue and Customs).

• Legitimate Interest: For website security and fraud prevention via Stripe.

• For the use of non-essential cookies and analytical tools.

• Stripe (Payment Processing & Analytics): Payments are handled securely by Stripe. We utilise Stripe Analytics to monitor transaction health and prevent fraudulent activities. Stripe collects device identifiers and IP addresses necessary for payment security. [Refer to Stripe’s Privacy Policy].

• Google Fonts & Assets: To ensure the graphical integrity of our logos and interface, the website utilises Google Fonts. This integration requires the user's browser to communicate the IP address to Google LLC servers to download the necessary assets. [Refer to Google’s Privacy Policy].• Billing Data: Name, email address, and physical address are retained for 6 years as mandated by UK tax law (HMRC).

We adhere to a strict "Zero-Data" policy. We do not request, store, or have access to private keys, passwords, or clients' operational systems.

We actively encourage the use of pseudonyms for all strategic consultancy sessions.

In accordance with the principle of data self-determination:
The user has the right to declare: "I DENY CONSENT" regarding the processing of data that is not strictly necessary for the technical operation of the site or legal obligations (e.g., optional marketing or non-essential analytics).

If you have previously provided consent, you may withdraw it at any time by emailing support@passkeystrategy.com with the subject "WITHDRAWAL OF CONSENT"

. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Under the DPA 2018 and GDPR, you have the right to:

1. Access: Request a copy of the data we hold.

2. Rectification: Correct inaccurate data.

3. Erasure (Right to be Forgotten): Subject to HMRC retention requirements.

4. Portability: Receive your data in a structured, machine-readable format.

5. Complain: You have the right to lodge a complaint with the ICO (www.ico.org.uk) if you believe our processing violates the law.

As we utilise services such as Stripe and Google, data may be transferred outside the UK/EEA.
Such transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions to ensure an equivalent level of protection.

9. CONTACT INFORMATION
For any privacy-related matters, please contact:

H27 Consulting Ltd hello@h27consulting.com Registered Office: Brentford, UK.

Client support: support@passkeystrategy.com