Privacy Policy

Information We Collect

We may collect and process a range of personal and business information in the course of providing our consultancy services and operating our Website. The information we collect depends on how you interact with us and may include:

Information you provide to us directly

• Identification and contact details – such as your name, job title, company name, business address, email address, and telephone number.
• Business and organisational information – including details about your organisation, sector, structure, operating model, strategic priorities, and other information shared for the purposes of our consultancy engagement.
• Consultancy engagement data – information shared during workshops, meetings, interviews, surveys, and other project-related activities that may contain personal data relating to your employees, contractors, or stakeholders.
• Enquiry and communication data – information you provide when you contact us via our Website forms, email, telephone, or other channels, including the content of your message and any preferences you communicate.
• Marketing preferences – your choices about receiving insights, updates, or other marketing communications from us.

Information we collect automatically

When you visit our Website, we may automatically collect certain information about your device and usage through cookies and similar technologies (see the "Cookies and Tracking Technologies" section below), such as:

• IP address, browser type and version, time zone setting, and device identifiers;
• Information about how you use the Website, including pages visited, links clicked, and time spent on pages;
• Technical information about your interaction with our Website to help us diagnose issues and improve performance.

Information from third parties

We may receive personal information about you from third parties where permitted by law, for example:

• From business partners or referrers who introduce you to us;
• From publicly available sources, such as Companies House, professional networking sites, or your organisation's own website;
• From service providers assisting us in delivering our services or operating our Website.

How We Use Your Information

We use the personal and business information we collect for the following purposes:

• Service delivery and relationship management – to provide and manage our management consultancy services, respond to enquiries, prepare proposals, enter into and perform contracts, manage projects, and maintain ongoing client relationships.
• Communication – to communicate with you regarding your enquiries, projects, proposals, changes to our services or policies, and to provide administrative information such as confirmations, updates, and support.
• Improvement and development of our services – to analyse how our services are used, evaluate effectiveness, understand client needs, and improve or develop our offerings, methodologies, Website, and client experience.
• Marketing and insights – to send you relevant insights, thought leadership, event invitations, or information about services that may be of interest to you or your organisation, in line with your marketing preferences and applicable laws.
• Compliance and risk management – to comply with legal and regulatory obligations, maintain appropriate records, prevent and detect fraud or misuse of our services, and manage risks and disputes.
• Business operations – to operate, manage, and protect our business, including financial management, audits, internal reporting, and corporate governance.

We will only process personal data in a manner that is compatible with the purposes for which it was originally collected, unless we have a lawful basis for doing otherwise.

Legal Basis for Processing

NUPARADIGM LTD processes personal data in accordance with the lawful bases set out in the UK GDPR. Depending on the context, we may rely on one or more of the following legal grounds:

• Performance of a contract – where processing is necessary to enter into, or perform, a contract with you or your organisation, or to take steps at your request before entering into such a contract.
• Legitimate interests – where processing is necessary for our legitimate business interests or those of a third party, and these interests are not overridden by your interests or fundamental rights and freedoms. Legitimate interests may include delivering and improving our services, developing client relationships, ensuring network and information security, and conducting business operations.
• Consent – where you have given us clear consent to process your personal data for a specific purpose, such as receiving certain types of marketing communications. You may withdraw your consent at any time, although this will not affect the lawfulness of processing prior to withdrawal.
• Compliance with legal obligations – where processing is necessary for us to comply with applicable laws, regulations, or regulatory guidance, including record-keeping, tax, and reporting requirements.

Where we rely on legitimate interests, we assess and balance any potential impact on you and your rights before processing your personal data.

Sharing and Disclosure

We do not sell your personal data. We may share your information with carefully selected third parties where necessary and lawful, including:

• Service providers and professional advisers – such as IT and hosting providers, analytics providers, communications platforms, legal advisers, accountants, auditors, and other professional service firms engaged to support our business operations or deliver services to you.
• Client and project stakeholders – where appropriate within the context of a consultancy engagement (for example, sharing insights or outputs with agreed project stakeholders within your organisation).
• Corporate transactions – in connection with any merger, acquisition, restructuring, or sale of all or part of our business, in which case personal data may be transferred to the relevant third parties subject to appropriate confidentiality protections.
• Legal and regulatory disclosures – where we are required or permitted to do so by law, regulation, court order, or regulatory authority, or to protect our rights, property, or the safety of our employees, clients, or others.

Whenever we share personal data with third parties, we require them to respect the security and confidentiality of the data and to process it only in accordance with our instructions and applicable law.

Data Retention

We retain personal and business data only for as long as is reasonably necessary to fulfil the purposes described in this Privacy Policy, including for the purposes of satisfying legal, regulatory, tax, accounting, or reporting requirements.

In determining appropriate retention periods, we consider factors such as:

• The nature and sensitivity of the personal data;
• The potential risk of harm from unauthorised use or disclosure;
• The purposes for which we process the data and whether we can achieve those purposes through other means;
• Applicable legal and regulatory requirements, including statutory limitation periods for claims.

At the end of the relevant retention period, we will either securely delete or anonymise your personal data. In some circumstances, we may anonymise data so that it can no longer be associated with an identified or identifiable individual, in which case we may use such information without further notice.

Your Data Rights

Under UK data protection law, you may have the following rights in relation to your personal data, subject to certain conditions and exemptions:

• Right of access – to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data and certain other information.
• Right to rectification – to request the correction of inaccurate or incomplete personal data we hold about you.
• Right to erasure – to request the deletion of your personal data in certain circumstances, for example where the data is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent and there is no other lawful basis for processing.
• Right to restrict processing – to request that we suspend the processing of your personal data in certain situations, such as while we verify the accuracy of the data or our grounds for processing.
• Right to data portability – to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to request that we transmit that data to another controller where technically feasible and lawful to do so.
• Right to object – to object to processing based on our legitimate interests, including profiling, and to object at any time to the processing of your personal data for direct marketing purposes.
• Rights in relation to automated decision-making – to not be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects on you, where applicable.

To exercise any of these rights, please contact us using the details in the "Contact Information" section below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or exercise other rights.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), if you are concerned about how we handle your personal data. Further information is available at https://ico.org.uk/.

Security Measures

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures may include, as appropriate:

• Use of secure networks, encryption, and access controls to protect data in transit and at rest;
• Role-based access and least-privilege principles for staff and contractors who handle personal data;
• Policies, procedures, and training to promote data protection awareness and good information security practices;
• Processes for assessing and testing the effectiveness of our security arrangements and responding to potential incidents.

While we strive to protect your personal data, no system or transmission of data over the internet can be guaranteed to be completely secure. You are responsible for taking reasonable steps to protect your own information, such as using secure devices and notifying us promptly of any suspected unauthorised access to your data in connection with our services.

International Data Transfers

NUPARADIGM LTD is based in the United Kingdom. In some cases, personal data we process may be accessed from or transferred to countries outside the UK, for example where our service providers, professional advisers, or technology vendors operate internationally.

Where we transfer personal data outside the UK, we will ensure that such transfers comply with UK data protection law and that appropriate safeguards are in place. These safeguards may include:

• Ensuring that the destination country has been deemed to provide an adequate level of data protection by the UK government; or
• Entering into contracts with the recipient that incorporate the UK-approved international data transfer mechanisms or standard contractual clauses; or
• Relying on other permitted transfer mechanisms under the UK GDPR, where applicable.

If you would like more information about the mechanisms we use when transferring personal data outside the UK, please contact us using the details below.

Cookies and Tracking Technologies

Our Website, https://nuparadigm.site/, may use cookies and similar tracking technologies to enhance your browsing experience, understand how the Website is used, and support our analytics and performance monitoring.

Cookies are small text files stored on your device when you visit a website. They may be categorised, for example, as:

• Strictly necessary cookies – required for the Website to function properly and to provide core features you request, such as page navigation and access to secure areas.
• Performance and analytics cookies – help us understand how visitors use our Website, which pages are most frequently visited, and how we can improve our content and user experience.
• Functionality cookies – allow the Website to remember choices you make (such as preferences) and provide enhanced, more personalised features.

You can manage your cookie preferences through your browser settings, including blocking or deleting cookies. Please note that if you disable certain cookies, parts of the Website may not function as intended.

For more detail about the specific cookies we use and how you can manage your preferences, please refer to our Cookie Policy.

Contact Information

NUPARADIGM LTD is the controller responsible for the processing of personal data described in this Privacy Policy.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do so, we will revise the "last updated" date below. We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.

Last updated: 4 June 2026