Safe by Choice not by Chance Dot Com Ltd
Company number 14184708 · Registered in England & Wales
Registered office: 86–90 Paul Street, London, England, EC2A 4NE
Lead for data-protection enquiries: admin@safebychoicenotbychance.com
Version 1.0 · Last updated June 2026
In plain English first
We are a small UK consultancy. We hold a small amount of information about people who get in touch with us — your name, your email, what you wrote to us, and sometimes a phone number if you choose to share one. We hold it because you sent it to us, and because we need it to reply to you properly.
We do not sell it. We do not share it with advertisers. We do not pretend the small print is the substance. The rest of this page is the law-shaped version of the same thing.
If you want a copy of what we hold on you, want it corrected, or want it deleted — email admin@safebychoicenotbychance.com and we will respond within one calendar month.
1. Who we are (the data controller)
The data controller for this website and any data you share with us is:
Safe by Choice not by Chance Dot Com Ltd
Companies House registration: 14184708
Registered office: 86–90 Paul Street, London, England, EC2A 4NE
Contact for data-protection matters: admin@safebychoicenotbychance.com
We are registered in England and Wales. The sole director and only person handling personal data is the company’s founder. We are required to be registered with the UK Information Commissioner’s Office (ICO) under the Data Protection (Charges and Information) Regulations 2018.
2. What information we collect, and how
2.1 Information you give us directly
When you fill in a form on this website, send us an email, message us on WhatsApp, or call us, you may share with us your name, email address, phone number (if you choose to give it), the organisation you work for (if you choose to share it), the content of the message you send us, and any other detail you choose to volunteer.
2.2 Information collected automatically when you visit
When you visit this website, our hosting provider (Heart Internet) logs basic technical information for security and operational reasons: your IP address, the pages you visited, the browser and operating system you used, and the date and time of your visit. Logs are typically retained for around 30 days.
2.3 Information collected via cookies
We use only strictly necessary cookies: the WordPress login session cookie and the cookie that remembers your cookie-banner choice. We do not currently use Google Analytics, Meta Pixel, or any other tracking or advertising cookies. If we add anything that needs consent later, the cookie banner will ask you first.
3. The lawful basis for everything we do with your data
Under UK GDPR Article 6 we must have a lawful basis for processing any personal data:
- Replying to your enquiry — Legitimate interests (Art. 6(1)(f)). You contacted us; replying is the obvious next step.
- Sending a resource you requested via a lead-magnet form — Consent (Art. 6(1)(a)). You asked for it.
- Sending our occasional briefing emails after you subscribe — Consent (Art. 6(1)(a)) plus PECR Reg 22. You ticked the marketing-consent box; you can unsubscribe in every email.
- Keeping records of work for a current or past client — Contract (Art. 6(1)(b)).
- Keeping basic records for tax / accounts — Legal obligation (Art. 6(1)(c)). UK tax law requires 6 years.
- Securing the website — Legitimate interests (Art. 6(1)(f)).
- Defending or bringing a legal claim — Legitimate interests (Art. 6(1)(f)).
For each legitimate-interests basis we have carried out and documented a Legitimate Interests Assessment. A copy is available on written request to admin@safebychoicenotbychance.com.
4. Who we share your data with
- Brevo — sends and receives email on our behalf; stores newsletter subscribers. Processes in EU (France). Covered by Brevo’s Data Processing Agreement and the UK GDPR adequacy decision for the EU.
- Heart Internet — web hosting. UK. Standard hosting agreement.
- Wordfence — website security and malware detection. Limited security data may be processed in the US under Standard Contractual Clauses.
- Fluent Forms — stores form submissions inside our own WordPress database. UK (our hosting). No external data export.
We do not sell personal data, and we do not pass it to advertisers, data brokers, or third parties for marketing purposes.
5. How long we keep your data
- Enquiries that did not become work — 12 months after last contact, then deleted.
- Enquiries that did become work — duration of the engagement plus 6 years (Limitation Act 1980).
- Newsletter subscribers — until you unsubscribe; deleted within 30 days.
- Financial / accounting records — 6 years from the end of the relevant tax year (HMRC requirement).
- Website security logs — approximately 30 days.
- Form submissions inside WordPress — 12 months, then anonymised.
6. International transfers
Where any third party listed above is based outside the UK, transfers are protected by the UK adequacy decision for EEA transfers (including Brevo in France), the UK International Data Transfer Agreement (IDTA), or EU Standard Contractual Clauses (SCCs) as appropriate.
7. Your rights under UK GDPR
You have eight rights. We will respond to any request within one calendar month.
- To be informed — this page.
- Of access — ask us for a copy of what we hold about you.
- To rectification — ask us to correct anything inaccurate.
- To erasure — ask us to delete what we hold, where the law allows.
- To restrict processing — ask us to pause use while a dispute is resolved.
- To data portability — ask us to send the data you gave us to another organisation.
- To object — to our use of your data where we rely on legitimate interests.
- To withdraw consent at any time, where consent is what we rely on.
To exercise any of these rights, email admin@safebychoicenotbychance.com. We may need to verify your identity. We do not charge a fee for a reasonable request.
8. The right to complain to the regulator
If you are not satisfied with how we have handled your data or your rights request, you have the right to complain to the UK supervisory authority:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk/make-a-complaint
We would always prefer the chance to put things right first — please get in touch with us before going to the ICO. But it is your right and you do not need our permission to exercise it.
9. Children
This website and our services are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18.
10. Security
We take reasonable, proportionate technical and organisational measures to protect personal data: HTTPS across the site, strong passwords and two-factor authentication on administrative accounts, limited administrative access, a web application firewall (Wordfence), daily off-site backups, and patched core/plugins. If we ever became aware of a personal-data breach likely to affect your rights, we would notify the ICO within 72 hours as required by Article 33 of UK GDPR.
11. Automated decision-making and profiling
We do not make any decisions about you based solely on automated processing, and we do not carry out profiling.
12. Changes to this policy
We will update this policy from time to time. The version and date at the top of this page indicates when it was last changed. Material changes will be highlighted on the homepage for at least 14 days after publication.
13. Questions
For anything not covered above, or any data-protection question at all: admin@safebychoicenotbychance.com. We will reply.