Legal Documentation

Privacy Policy.

Last updated: 25 April 2026  ·  Crane Consultancy Limited

01Who We Are

The Crane Consultancy is a trading name of Crane Consultancy Limited, a company registered in England and Wales (Company No. 15526285), with its registered office at 45 Albemarle Street, Floor 3, Mayfair, London, W1S 4JL.

We are the data controller for personal information collected through this website and through our commercial engagements. This policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Questions? If you have any questions about this policy or how we handle your data, please contact us at privacy@thecraneconsultancy.com before proceeding.

02Data We Collect

We collect personal data in the following ways:

  • Contact enquiries. When you submit our contact form, we collect your full name, professional email address, and the content of your message.
  • Direct communications. When you contact us via WhatsApp, email, or telephone, we retain records of that correspondence.
  • Analytics data. We collect anonymised usage data including pages visited, time on site, and device type via Google Analytics (configured with IP anonymisation and no cross-site tracking).
  • Technical data. Server logs may record your IP address, browser type, and referring URL for security and diagnostic purposes. These logs are not used for profiling.
  • Commercial mandates. When we enter into a commercial engagement, we may collect additional business contact information as part of our client onboarding process.

We do not knowingly collect data from individuals under the age of 18. This website and our services are directed exclusively at business professionals.

03How We Use It

We use your personal data only for the purposes for which it was collected:

  • To respond to your enquiry and assess whether we can assist you
  • To communicate with you regarding a potential or active commercial engagement
  • To fulfil our contractual obligations as your retained consultancy
  • To improve the performance and user experience of this website
  • To comply with legal and regulatory obligations applicable to our business
  • To detect, investigate, and prevent fraudulent or unlawful activity

We do not use your personal data for automated decision-making or profiling. We do not sell, rent, or trade your personal data to third parties for marketing purposes.

05Data Sharing

We do not sell your data. We share personal data only in limited, necessary circumstances:

  • Service providers. We use trusted third-party processors to operate our business, including Netlify (website hosting), Google (analytics and advertising infrastructure), and Stape (server-side tracking). Each operates under a data processing agreement.
  • Legal compliance. We may disclose data to law enforcement, regulatory authorities, or courts where legally required or where necessary to protect our rights or the rights of others.
  • Business transfers. In the event of a merger, acquisition, or sale of the business, your data may be transferred to the acquiring party, subject to equivalent privacy protections.

Where we transfer data outside the United Kingdom, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions as applicable.

06Retention

We retain personal data only for as long as necessary for the purposes set out in this policy:

  • Enquiry data from the contact form is retained for up to 24 months, after which it is securely deleted unless a commercial engagement has commenced
  • Client engagement data is retained for 7 years following the end of an engagement, in accordance with UK financial record-keeping requirements
  • Anonymised analytics data is retained in accordance with Google Analytics default retention settings (26 months)
  • Server security logs are retained for 90 days

At the end of the applicable retention period, data is securely deleted or anonymised.

07Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Access. You may request a copy of the personal data we hold about you.
  • Rectification. You may request correction of inaccurate or incomplete data.
  • Erasure. You may request deletion of your personal data where there is no compelling reason for us to continue processing it.
  • Restriction. You may request that we restrict processing of your data in certain circumstances.
  • Portability. You may request that we provide your data in a structured, machine-readable format.
  • Objection. You may object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@thecraneconsultancy.com. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

08Cookies

This website uses cookies and similar tracking technologies. We operate a server-side tracking infrastructure through Stape to minimise client-side data exposure.

  • Essential cookies. Required for the site to function correctly. No consent required.
  • Analytics cookies. We use Google Analytics with IP anonymisation enabled and client storage disabled. These cookies collect anonymised data about how visitors use our site. You may opt out via your browser settings or the Google Analytics opt-out browser add-on.
  • Advertising cookies. We may use Google Ads conversion tracking. Ad storage is disabled by default on our analytics configuration.

You can control cookies through your browser settings at any time. Disabling certain cookies may affect site functionality.

09Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include:

  • HTTPS encryption across all pages and data transmissions
  • Content Security Policy headers restricting resource loading to trusted origins
  • Server-side tracking to reduce client-side data exposure
  • Honeypot and time-gating mechanisms on contact forms to prevent automated abuse
  • Access controls limiting data access to authorised personnel only

No method of transmission over the internet is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

10Third Parties

Our website contains links to third-party websites, including our verified infrastructure partners. This policy does not apply to those websites. We encourage you to review their respective privacy policies before providing any personal data.

Our key infrastructure providers and their privacy documentation:

11Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised.

Material changes will be communicated to active clients directly. Continued use of our website following an update constitutes acceptance of the revised policy.

12Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us through any of the following:

Data Controller

Crane Consultancy Limited

45 Albemarle Street, Floor 3

Mayfair, London, W1S 4JL

privacy@thecraneconsultancy.com

WhatsApp: +44 7771 007209

If you are unsatisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.