Privacy Policy

For any questions, please contact us at hello@fcmconsultancy.uk

FCM Consultancy — Privacy Policy

Last updated: 27/11/2025

FCM Consultancy ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, protect, and share your information when you use our website or engage our services.
‍
1. Who We Are
FCM Consultancy
Email: Karen@fcmconsultancy.com
Mobile: 07872185790
ICO Registration Number: [Insert ICO number - apply at ico.org.uk]
We act as a Data Controller under the UK GDPR, EU GDPR (where applicable), and the Data Protection Act 2018.

2. What Personal Data We Collect
We collect and process the following categories of personal data:
‍
2.1 Information You Provide Directly
Name, email address, phone number
Business name and job title
Company information
Enquiry or service request details
Documents you upload (CVs, policies, contracts, etc.)
Payment and billing information
Communications with us (emails, phone calls, meeting notes)

2.2 Automatically Collected Data
IP address
Browser type and version
Device information
Pages visited and time spent on our website
Referring website addresses
Cookie data (see Section 10)

2.3 Client Service Data
When providing HR consultancy and recruitment services, we may process:
Employee personal data (names, contact details, employment records)
HR documentation (contracts, policies, handbooks)
Recruitment information (candidate CVs, application forms, interview notes)
Special category data including health information, diversity data, criminal convictions data (with explicit consent or legal basis)
Performance and disciplinary records
Payroll and benefits information

2.4 Third-Party Data
References and background check information
Data provided by recruitment candidates
Information from professional networks (LinkedIn, etc.)

3. How We Use Your Data
We use your personal data for the following purposes:
Service delivery
Communication
Contract performance
Payment processing
Website improvement
Marketing (with your consent)
Legal compliance
Business operations

4. Legal Basis for Processing‍
We process your personal data based on:
Contract
Legitimate interests
Legal obligation
Consent
Vital interests
Public interest/official authority
‍
For special category data (health, diversity information), we rely on:
Explicit consent
Employment law compliance
Legal claims defense
Substantial public interest

5. Who We Share Your Data With
We may share your personal data with:
‍
5.1 Service Providers
IT and cloud services (e.g., Microsoft 365, Google Workspace)
Website hosting provider
Analytics providers (Google Analytics)
Payment processors (e.g., Stripe, PayPal)
Accounting software (e.g., Xero, QuickBooks)

5.2 Professional Advisors
Solicitors, accountants, insurers, and business consultants

5.3 Legal Requirements
HMRC, ICO, or other regulatory bodies when legally required
Law enforcement or courts when compelled by law

5.4 Third Parties with Your Consent
Recruitment clients (when placing candidates)
Referees and background check providers
Training providers or partner consultancies

We ensure all third parties,
Are contractually bound to protect your data.
Process data only as instructed
Maintain appropriate security measures

6. International Transfers
‍
‍Some of our service providers may process data outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place:
‍Standard Contractual Clauses (SCCs) approved by the UK ICO/EU Commission
‍Adequacy decisions for countries deemed to have adequate data protection
‍UK/EU-US Data Privacy Framework for US-based providers (where certified)We will provide specific information about international transfers upon request.

7. How Long We Retain Your Data

We retain personal data only as long as necessary for the purposes outlined above:

Client service records

6 years after contract end

Legal claims, tax compliance

Financial records

6 years

HMRC requirements

Recruitment candidate data

6 months (unsuccessful) / 6 years (successful)

Employment law

Website enquiries

12 months if no engagement

Business needs

Marketing consent

Until consent withdrawn

Legal requirement

Employee records (client companies)

As per client instructions + 6 months

Contract compliance

Special category data

Minimum necessary, reviewed annually

GDPR compliance

8. Your Rights
Under data protection law, you have the following rights:
Right of access: Request a copy of your personal data
Right to rectification: Correct inaccurate or incomplete data
Right to erasure ('right to be forgotten'): Request deletion in certain circumstances
Right to restriction: Limit how we use your data
Right to data portability: Receive your data in a portable format
Right to object: Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent: Withdraw consent at any time (where consent is the legal basis)
Right not to be subject to automated decision-making: Including profiling (where applicable)

To exercise your rights, contact us at: karen@fcmconsultancy.com
We will respond within one month (extendable by two months for complex requests).

9. Right to Complain
‍If you believe we have not handled your data correctly, you have the right to lodge a complaint with:
‍Information Commissioner's Office (ICO)
Website: www.ico.org.ukTelephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

10. Cookies and Tracking Technologies
‍Our website uses cookies to improve your experience and analyze usage.
‍What Are Cookies?
‍Cookies are small text files stored on your device when you visit our website.
‍Cookies We Use:
Essential Cookies (always active):Session cookies for website functionality
Security cookies
‍Analytics Cookies (with consent):
Google Analytics: Tracks visitor behavior, page views, and traffic sourcesCookie names: _ga, _gid, _gatDuration: Up to 2 yearsOpt-out: [Google Analytics opt-out link]
‍Preference Cookies (with consent):Remember your cookie preferences
Duration: 12 months
‍Managing Cookies:You can control cookies through:Our cookie consent banner (first visit)Your browser settings
Disabling cookies may affect website functionality.

11. Data Security
‍We implement appropriate technical and organizational measures to protect your personal data:
‍Technical Measures: Encryption (SSL/TLS) for data transmissionSecure password policiesRegular software updates and security patchesFirewall and antivirus protectionSecure cloud storage with access controls

‍Organizational Measures: Staff training on data protection
Confidentiality agreements
Access controls (need-to-know basis)Regular security audits
Incident response procedures
Data Protection Impact Assessments for high-risk processing
While we take security seriously, no internet transmission is completely secure. We cannot guarantee absolute security.

12. Third-Party Websites
‍Our website may contain links to external websites. We are not responsible for the privacy practices or content of third-party sites. Please review their privacy policies before providing personal data.

‍13. Children's Privacy
‍Our services are not directed at children under 16. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, please contact us immediately.

‍14. Changes to This Privacy Policy
‍We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
Posting the updated policy on our website
Updating the "Last updated" date
Emailing registered users (for material changes)Please review this policy regularly.

‍15. Contact Us
‍For questions, concerns, or to exercise your rights regarding your personal data:
‍Email: Karen@fcmconsultancy.com
‍Phone: 07872185790We aim to respond to all enquiries within 5 working days.

‍Your privacy matters to us. Thank you for trusting FCM Consultancy.