Privacy Policy

Change-Change is a sole-trader consultancy providing service design and change management services. The data controller responsible for your personal information is:

• Trading name: Change-Change
• Contact: change@change-change.com

If you have any questions about how your data is handled, please contact us at the address above.

We only collect information you actively choose to give us. This happens when you:

• Complete the contact form on this website (name, email address, organisation, topic, and message)
• Send us an email directly
• Connect with us on LinkedIn or other professional platforms

We do not collect any sensitive personal data (health, ethnicity, political views, etc.) and we do not collect data from children under 16.

This website does not currently use analytics tracking or advertising pixels. If that changes, this policy will be updated and a cookie notice will be displayed.

We use your information only for the purpose for which it was provided:

• Responding to enquiries — to reply to messages sent via the contact form or email
• Providing services — to carry out consulting work you have engaged us for
• Staying in touch — occasional follow-up on past work or relevant updates, only where you have expressed interest

We will never use your data for unsolicited marketing, sell it to third parties, or use it for automated decision-making.

Under UK GDPR, we rely on the following legal bases:

• Legitimate interests — responding to your enquiry and managing a business relationship
• Contract performance — processing necessary to deliver agreed consulting services
• Consent — where you have explicitly opted in to receive updates or communications

Where we rely on consent, you can withdraw it at any time by contacting us at change@change-change.com.

We keep your data only for as long as necessary:

• Enquiries that do not lead to work: deleted within 12 months
• Active client correspondence: retained for the duration of the engagement plus 3 years
• Financial records (invoices, contracts): retained for 7 years in line with HMRC requirements

Once data is no longer needed, it is securely deleted.

We do not sell, rent, or trade your personal data. We may share it with:

• Email providers — your message travels through standard email infrastructure (e.g. Google Workspace or similar)
• Professional advisors — accountants or legal advisors, under confidentiality obligations, where strictly necessary
• Legal requirements — if required to do so by law or a regulatory authority

We do not transfer your data outside the UK or EEA without appropriate safeguards in place.

This website does not currently set any tracking or analytics cookies. The only cookies that may be set are strictly necessary functional cookies from the hosting infrastructure.

If we introduce analytics or third-party tools in the future, we will update this policy and obtain your consent where required.

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — ask us to delete your data, where no legal obligation requires us to keep it
• Restriction — ask us to limit how we use your data while a concern is resolved
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests
• Withdraw consent — at any time, where consent is the legal basis

To exercise any of these rights, email change@change-change.com. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We take reasonable technical and organisational steps to protect your personal data from unauthorised access, loss, or disclosure. These include:

• Encrypted email and file storage
• Access controls on devices and accounts used for client work
• Regular review of what data is held and whether it is still needed

No method of transmission over the internet is completely secure. If you have concerns about sending sensitive information, please contact us to discuss alternatives.

We may update this privacy policy from time to time. When we do, the "last updated" date at the top of this page will change. If changes are material, we will make reasonable efforts to notify affected individuals directly.

We encourage you to check this page periodically.

If you have any questions about this policy or how your data is handled, we're happy to talk.