Privacy & GDPR Statement
At Tortuga Consulting Ltd, we are committed to protecting and respecting your privacy. This privacy statement explains how we collect, use, and safeguard your personal information in accordance with the General Data Protection Regulation (GDPR) and UK data protection laws.
Who We Are
Tortuga Consulting Ltd is a boutique management consultancy registered in the United Kingdom, specializing in business development, business assurance, and risk management services. We are the data controller responsible for your personal information and are members of the Chartered Institute of Information Security (CIISec).
Information We Collect
We collect and process the following information:
Name and job title
Contact information including email address and phone number
Company name and business address
Business requirements and project specifications
Risk management and assurance documentation
Information provided in correspondence
Website usage data through Google Analytics and Squarespace analytics
How We Use Your Information
We process your personal data to:
Deliver our consultancy services
Respond to business inquiries
Manage client projects and relationships
Maintain business records
Ensure compliance with professional standards
Improve our services
Meet legal obligations
Legal Basis for Processing
We process your data based on:
Contractual necessity (for client services)
Legitimate business interests
Your consent (for marketing communications)
Legal obligations
Data Retention
We maintain the following retention periods:
Client project documentation, 6 years
Financial records, 7 years
Contract documentation, 7 years
Marketing communications, 2 years
Website enquiries, 12 months
Risk assessments, 6 years
Systems and Security
We use the following systems to process and store data:
Microsoft 365 with daily cloud backup
Xero accounting package
Squarespace website platform
All systems are protected by appropriate technical measures including encryption and access controls
Payment Processing
We primarily operate on B2B invoicing through secure banking channels. If online payments are implemented in the future, these will be processed securely through Squarespace's payment infrastructure.
Professional Standards
We adhere to the professional codes of conduct of:
Chartered Institute of Information Security (CIISec)
International Register of Certificated Auditors (IRCA)
Professional Evaluation and Certification Board (PECB)
Communication Preferences
We communicate with clients via:
Email
Phone
To opt out of communications, please email daniel@tortuga.consulting with your request. We will process opt-out requests within 5 working days.
Data Sharing
We do not use subcontractors or share your data with third parties except:
Microsoft 365 for business operations
Xero for accounting purposes
Squarespace for website hosting
Google Analytics for website statistics
Professional advisers (e.g., legal counsel) when required
Regulatory authorities when legally obligated
Your Rights
Under GDPR and UK data protection laws, you have the right to:
Access your personal data
Correct inaccurate data
Request erasure of your data
Object to processing
Request data portability
Withdraw consent
International Transfers
If we transfer your data outside the UK/EEA, we ensure appropriate safeguards are in place to protect your information.
Cookies
Our website uses cookies to enhance your browsing experience. You can manage cookie preferences through your browser settings.
Changes to This Statement
We may update this privacy statement periodically. Any changes will be posted on this page with an updated revision date.
Contact Us
For privacy-related queries or to exercise your rights, contact:
Tortuga Consulting Ltd
128 City Road, London, United Kingdom, EC1V 2NX
Email: daniel@tortuga.consulting
Phone: 07572 970092
If you are unsatisfied with our response, you can complain to:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Tel: 0303 123 1113
Last updated: 5th January 2025