Privacy Policy

This policy explains who we are, the information we collect, how and why we use it, how we store it, the partners we work with, and your rights regarding any information you share with us.

Last updated 14 August 2025.

Our Commitment to Data Privacy

Kate Fitzgerald Consulting Limited (“we”, “us”, “our”) is committed to protecting the privacy of our clients, suppliers, associates, and sector contacts. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data (Use and Access) Act 2025, and the Privacy and Electronic Communications Regulations.

We work exclusively as a business-to-business consultancy supporting arts, cultural, and heritage organisations. We do not have direct relationships with individual consumers.

Who We Are

Kate Fitzgerald Consulting Limited is a private limited company (CRN 13195832) registered at The Copper Room, Deva Centre, Trinity Way, Manchester, M3 7BG.

Kate Fitzgerald Consulting Limited (ICO ZB370708) is the registered Data Controller.

Contact Us

Please contact us if you have any questions about how your data is used, data retention periods, or wish to be removed from any communications or data processing activities.

Our Privacy Principles

We believe in clear, responsible, and proportionate data use. Our approach is guided by the following principles:

  • Transparency: We provide honest, accessible information about how and why we use personal data. 
  • Purposeful Use: We only process personal data when necessary to deliver our services or when explicitly requested by a client. 
  • Data Minimisation: We avoid collecting or retaining unnecessary personal data. 
  • Security and Accountability: We take active steps to protect data and ensure it is deleted when no longer needed. 
  • Shared Responsibility: We work with clients, suppliers, and associates to uphold these principles collaboratively.

We only collect the information that is necessary to carry out normal business operations, to provide goods or services you have asked for, and to keep you updated about our current and future work. Below, we list the types of personal information we collect.

What Data We Collect And Why

Type of DataPurposeLawful Basis
Contact details of client staffProject delivery, invoicing, updatesPerformance of a contract
Email correspondenceProject tracking, record-keepingLegitimate interests
Website usage data (via cookies)Site improvement and analyticsConsent
Social media engagementSector updates and communicationLegitimate interests
Survey responses (via SurveyMonkey)Audience research and evaluationLegitimate interests
Prize draw entries (via SurveyMonkey)Administer prize drawConsent
Third-party data (e.g., donors, visitors, staff)Client-requested processingPerformance of a contract

Surveys and Audience Research

We conduct surveys on behalf of clients using SurveyMonkey. Our approach prioritises anonymity and minimisation:

  • We aim to collect non-personal data wherever possible. 
  • When we run a prize draw, we only collect the personal data we need to administer it. We always share clear information about how we handle that data – typically via our privacy policy – and we delete it once the draw has ended.
  • Where we do collect personal data, we ensure clear notification, set deletion deadlines, and remove data promptly after use.

Sensitive Data 

We recognise that certain types of personal data require additional care and protection. This includes information relating to children, disability or medical need, religion, political affiliation, sexuality, or ethnicity – collectively referred to as sensitive or special category data under UK GDPR.

We only collect such data when it is strictly necessary for the purpose of our work, and always in line with the following safeguards:

  • Sensitive data is collected only with a clear and lawful basis, and where the purpose has been explicitly agreed with the client.
  • Enhanced security measures are applied to protect this data from unauthorised access or misuse.
  • Data is used solely for the agreed purpose and is securely deleted once no longer required.
  • We will never associate sensitive survey responses with identifiable contact information unless the respondent has given explicit, informed consent to do so.

How We Keep Data Safe

  • Data is stored on secure systems with up-to-date technology and access controls
  • We regularly review and delete data that is no longer needed.
  • We do not share personal data with third parties unless legally required.

How Long We Keep Your Data

  • We keep invoices, remittance advices, and other financial information for 7 years.
  • After completing a project, we archive the project contract, letter of agreement, final files, and client testimonial and logo indefinitely.
  • We retain all project-related emails for up to two years after the completion of a project, after which point they are deleted.

Your Individual Rights

Under data protection law, you have the following rights:

  • Your right of access: you have the right to ask us for copies of your personal information.
  • Your right to rectification: you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure: you have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing: you have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing: you have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Your right related to automated decision-making including profiling: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

If you are unhappy with how we are processing your personal data and take the view that we are not complying with UK GDPR, you have the right to complaint to the Information Commissioner’s Office (ICO). You can contact them at ico.org.uk