Privacy Policy
Last updated: 10th August 2025
Business Information
Use the details below to contact us;
Contact Name: Michelle Molyneux
Registered Business Name: Michelle Molyneux Business Consulting Ltd
Company number: 14727948
Registered Address: Suite 1, Central House, Central Way, Winwick Street, Warrington, WA2 7TT
Website: michelle-molyneux.co.uk
Email Address: enquiries@michelle-molyneux.co.uk
About this Privacy Policy
We are committed to protecting your privacy and complying with our data protection obligations under the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), and any other applicable UK legislation (together, “Data Protection Law”).
When you interact with us or use our website, we act as the data controller of your personal data. This means we are responsible for deciding how and why your personal data is used.
Our Data Protection Officer is Michelle Molyneux.
Contact details:
- Email: enquiries@michelle-molyneux.co.uk
- Website: www.michelle-molyneux.co.uk
We may update this policy from time to time. The latest version will always be on our website.
Who This Policy Applies To
This policy applies to:
- Website visitors
- Prospects
- Clients
- Newsletter subscribers
- Suppliers, affiliates, and partners
It does not apply to staff, employees, contractors, or job applicants.
Data Protection Principles
We process your personal data in accordance with the following principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
Data We Collect and Why
| Category of Personal Data | Purpose of Processing | Lawful Basis | Retention Period |
|---|---|---|---|
| Name & Contact Details | Deliver services, send updates, marketing | Contract, Consent | 6 years after end of contract / until withdrawal of consent |
| Payment Information | Take payment, refunds, fraud prevention | Contract, Legal Obligation | 3 years since last transaction |
| Contact History | Customer service, support, complaint handling | Contract, Legitimate Interests | 6 years |
| Browser/Device/Site Usage Data | Improve website, security, set defaults | Contract, Legitimate Interests | 3 years |
| Survey/Competition Responses | Administer initiatives, improve services | Contract, Legitimate Interests | 6 years |
| Customer Feedback & Reviews | Improve services, defend legal claims | Contract, Legitimate Interests | 6 years |
| Service Usage Data | Research, development, feature testing | Contract, Legitimate Interests | 4 years |
| Cookies & Similar Tech | Analytics, market research, profiling | Consent | 3 years or until wit |
How We Collect Data
We collect personal data via:
- Website forms
- Networking events and referrals
- Third-party integrations including Microsoft Bookings, YouTube, Birdseed chatbot, Google Analytics, Google reCAPTCHA
- Directly from our clients when we work with them
- Through collaboration calls and prospect calls
Legal Grounds for Processing
We rely on:
- Consent – e.g., for marketing communications
- Contract – e.g., to deliver services
- Legitimate Interests – e.g., to improve services, respond to enquiries
- Legal Obligation – e.g., for tax and accounting compliance
Sharing Your Data
When we share personal data, we do so under Data Protection Law. We may share specific personal data, where necessary, with employees, contractors, consultants or advisers to facilitate sales and for general commercial purposes.
We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before doing so, we will ensure that it does not identify you.
In some cases, when we share personal data, it will involve the transfer of that personal data to countries outside the UK which have different data protection standards to those which apply in the UK.
Where we transfer personal data outside the UK, we will ensure that there are adequate safeguards to protect your privacy rights under Data Protection Law. You can request a copy of the safeguards we have put in place by contacting us using the details above.
We share data the software we use like:
- Zoho CRM
- MailerLite
- Microsoft Bookings
- Google Workspace
- Birdseed chatbot
- IT, legal, and accountancy support where necessary
All third parties are bound by data protection agreements.
Third-party Links
This Site may contain links to other websites over which we have no control. We are not responsible for and do not review or endorse the privacy policies or practices of other websites you choose to access from this Site. We encourage you to review the privacy policies of those other websites to understand how they collect, use and share your personal information.
Security Measures
We use SSL encryption, MFA where possible, role-based access controls, and secure storage. Subcontractors are under contract with confidentiality clauses. Data Processing Agreements, NDAs, and internal access controls are in place.
Special Category Data
We may process special category data on behalf of clients as a processor, but do not collect it as a controller.
Children’s Data
We do not process children’s data as a controller.
Your Rights
We respect your rights to privacy and will respond to requests for access or control over information about you under Data Protection Law. We may require you to verify your identity before we take any action.
Depending on the reason we have your personal data, you have a right to:
- access the personal information we hold about you (commonly known as subject access);
- request that we correct or complete personal information we hold about you that is inaccurate or incomplete;
- request that we erase your personal information in some circumstances or object to our processing it;
- restrict how we use your personal information, in certain circumstances;
- request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services; and
- where we have asked for your consent to process your data, to withdraw this consent.
These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.
To exercise your rights, contact us at enquiries@michelle-molyneux.co.uk.
Your right to object
You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.
If our processing of your personal data is in the public interest or pursuant to our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests, or our use of your personal data is for the establishment, exercise or defence of legal claims.
We hope that we can satisfy any queries you may have about the way we process your data. However, if you have unresolved concerns you also have the right to complain to data protection authorities (in the UK, the Information Commissioner’s Office). You can call the ICO on 0303 123 1113 or go to their website: https://ico.org.uk/make-a-complaint/)
Use of Automation and AI
We use automation and AI to improve efficiency and client service, including:
- Content creation for marketing and educational materials
- Research support from trusted sources
- Assistance in report writing and document structuring
- Website chat support via Birdseed chatbot
Safeguards:
- DPIAs for all AI tools
- Settings configured to ensure learning is internal and no confidential data leaves the organisation
- Maintained software and AI inventory
- No AI tools make decisions with legal or significant effects without human review
Data Retention
Your personal data will only be kept for as long as necessary for our purposes. Specific retention periods are set out in the table at the end of this policy.
At the end of the specified retention periods, your personal data will either be securely destroyed or anonymised, unless we are required to keep it to comply with our legal obligations.
Data Protection Principles
We process your personal data in accordance with the following principles:
- we process your personal data lawfully, fairly and in a transparent way;
- we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which we collected it;
- we only process personal data that is adequate, relevant and limited to what is necessary to achieve the purpose for which it is processed;
- we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
- we do not store personal data in a form that identifies you for any longer than is necessary for the purposes of our processing; and
- we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.
When we ask for your personal data we will tell you whether you are required by law or contract to provide it, and what will happen if you do not provide the data.
Any request for consent to the processing of your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.
Complaints
If you have concerns, contact us at enquiries@michelle-molyneux.co.uk. You can also contact the ICO: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, www.ico.org.uk
Updates
We may update this policy and will publish the latest version on our website.