Skip to main content
Haima Consulting Ltd
Haima Consulting Ltd

contact@haimaconsulting.com

Book a Discovery Call

Legal

Privacy Policy

Last updated: 10 July 2026

This Privacy Policy explains how Haima Consulting Ltd ("we", "us", "our") collects and uses personal data when you visit haimaconsulting.com or contact us. We are the data controller for the processing described below.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Haima Consulting Ltd is an independent finance transformation consultancy based in the United Kingdom. For data protection enquiries, contact us at contact@haimaconsulting.com.

Data we collect

We may collect the following categories of personal data:

  • Contact form: name, email address, company, job title, telephone number, subject and message content.
  • Booking interactions: when you schedule a discovery call via our embedded Google Calendar booking page, Google processes your name, email address and chosen appointment details on our behalf.
  • Technical logs: IP address, browser type, device information, referring page and timestamps. These are collected by our hosting provider and may be recorded when you submit the contact form for security and abuse prevention.

We do not intentionally collect special category data (such as health or financial information) through this website. Please avoid including sensitive information in free-text fields unless it is necessary for your enquiry.

How we use your data

We use personal data to:

  • Respond to enquiries submitted through our contact form.
  • Send a confirmation email when you contact us.
  • Manage discovery call bookings made through Google Calendar.
  • Protect the website from spam, abuse and security threats.
  • Maintain and improve the reliability of the site.

We do not sell your personal data. We do not use your data for automated decision-making or profiling.

Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Consent: when you submit the contact form, you confirm that we may use your information to respond to your enquiry. You may withdraw consent at any time by contacting us, though this will not affect processing already carried out.
  • Legitimate interests: to operate and secure the website, prevent misuse of the contact form, and maintain appropriate business records of enquiries. We balance these interests against your rights and only process what is necessary.
  • Contract: where processing is necessary to take steps at your request before entering into a consultancy engagement, or to perform an agreed contract.

Third-party processors

We use trusted service providers who process personal data on our behalf. They are contractually required to protect your data and only process it according to our instructions:

  • Google Workspace and Google Calendar for business email and appointment scheduling.
  • Resend for transactional email delivery (contact form notifications and confirmations).
  • Vercel for website hosting, content delivery and technical logging.
  • Analytics providers (if enabled in future): we do not currently use analytics or advertising cookies. If we introduce analytics in future, those tools will only be activated after you have given explicit consent via our cookie banner. See our Cookie Policy.

Some providers may process data outside the UK. Where this applies, we ensure appropriate safeguards are in place, such as UK adequacy regulations or standard contractual clauses.

Data retention

We keep personal data only for as long as necessary:

  • Contact form enquiries: up to 24 months from our last meaningful correspondence, unless a longer period is needed for a live engagement or legal obligation.
  • Booking records: retained in Google Calendar in line with our calendar retention settings, typically up to 24 months after the appointment unless a business relationship continues.
  • Technical and security logs: typically up to 90 days, unless required for incident investigation.

When data is no longer needed, we delete or anonymise it securely.

Security

We take reasonable technical and organisational measures to protect personal data. In production, this website is served over HTTPS, and form submissions are transmitted securely. Access to enquiry data is limited to those who need it for legitimate business purposes.

No method of transmission over the internet is completely secure. While we work to protect your data, we cannot guarantee absolute security.

Your rights

Under UK GDPR, you have the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request erasure of your data in certain circumstances.
  • Request restriction of processing in certain circumstances.
  • Request a portable copy of data you have provided to us.
  • Object to processing based on legitimate interests.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, email contact@haimaconsulting.com. We will respond within one month, subject to any permitted extension for complex requests.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: ico.org.uk.

Cookies

We use essential cookies only at present. For full details, see our Cookie Policy.

Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any material changes. We encourage you to review this page periodically.

Contact

For questions about this Privacy Policy or how we handle your personal data, contact us at contact@haimaconsulting.com.