top of page

Privacy Policy

Updated: May 2026

Introduction​

Island23 Limited is committed to protecting the privacy of clients, prospective clients, and website visitors. For the purposes of UK data protection law, including the UK GDPR and the Data Protection Act 2018, Island23 Limited is the data controller for the personal data described in this policy.

 

Contact details

If there are any questions about this Privacy Policy or requests relating to personal data, contact:

 

  • Email: darren@island23.co.uk

  • Company: Island23 Limited (11101236)

  • Registered in England and Wales

  • Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ

 

Personal data collected

Depending on how the website or services are used, Island23 Limited may collect and process the following categories of personal data:

 

  • Identity and contact data, such as name, email address, telephone number, company name, and job title.

  • Enquiry and correspondence data, such as information submitted through contact forms, booking requests, or direct email communications.

  • Client engagement data, such as project details, statements of work, billing contacts, and service-related communications.

  • Technical and usage data, such as IP address, browser type, device information, referring pages, and website interaction data.

  • Marketing preference data, such as whether consent has been given to receive updates or insights.

 

How personal data is used

Personal data may be used for the following purposes:
 

  • To respond to enquiries and arrange introductory calls.

  • To prepare proposals, statements of work, and deliver consultancy services.

  • To manage client relationships, administration, invoicing, and record keeping.

  • To improve website performance, security, and user experience.

  • To send professional updates or insights where there is consent or another valid lawful basis.

  • To comply with legal, regulatory, accounting, or reporting obligations.

 

Lawful bases for processing

Island23 Limited relies on one or more of the following lawful bases under UK GDPR, depending on the purpose of processing:

 

  • Contract: where processing is necessary to take steps before entering into a contract or to perform a contract for consultancy services.

  • Legitimate interests: where processing is necessary for running and improving the business, responding to enquiries, securing the website, maintaining records, and developing professional services, provided those interests are not overridden by individual rights and freedoms.

  • Consent: where consent is requested for non-essential cookies, optional mailing activity, or similar communications.

  • Legal obligation: where processing is required to meet legal, tax, regulatory, or accounting duties.

 

Sharing personal data

Island23 Limited does not sell personal data. Personal data may be shared with trusted third-party service providers where reasonably necessary to run the business, for example, website hosting, analytics, scheduling, email, invoicing, or IT support providers. Personal data may also be disclosed where required by law or where necessary to establish, exercise, or defend legal claims.

International transfers

If any service provider used by Island23 Limited processes personal data outside the UK, appropriate safeguards should be in place as required under UK data protection law. These may include adequacy regulations or approved contractual safeguards, depending on the provider and destination.

 

Data retention

Personal data is retained only for as long as reasonably necessary for the relevant purpose, including to meet legal, accounting, regulatory, or reporting requirements. In practice, this may include:

 

  • Enquiry data: typically up to 12 months after the last substantive contact unless a client relationship follows.

  • Client contract and project records: typically up to 6 years after the end of the engagement, or longer where required for legal or tax reasons.

  • Marketing consent records: until consent is withdrawn or the activity is discontinued.

  • Technical and analytics data: according to the settings of the relevant analytics or website tools.

 

Data security

Appropriate technical and organisational measures are used to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. No internet-based system can be guaranteed fully secure, but reasonable safeguards are applied in line with the nature of the business and the data involved.

 

Individual rights

Subject to applicable law, individuals may have the right to:

 

  • request access to their personal data;

  • request correction of inaccurate or incomplete data;

  • request erasure of personal data in certain circumstances;

  • request restriction of processing in certain circumstances;

  • object to processing based on legitimate interests;

  • request transfer of certain data where the right to data portability applies; and

  • withdraw consent at any time where processing is based on consent.

 

Requests can be made by emailing darren@island23.co.uk.

 

Complaints

If there are concerns about how personal data is handled, there is also a right to complain to the UK Information Commissioner’s Office (ICO). Information about complaints is available on the ICO website.

Changes to this policy

This Privacy Policy may be updated from time to time to reflect changes to the website, services, or legal obligations. The latest version should always be the one published on the website.

bottom of page