Diorama Consulting Ltd

Privacy Policy

Last updated: 12 October 2025

This Privacy Policy explains how DIORAMA CONSULTING LTD (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit https://dioramaconsulting.co.uk (the “Site”) or interact with us.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Company details

Diorama Consulting Ltd (Company No. 16137029)
Registered in England & Wales
Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK
Contact Diorama Consulting.

1. What data we collect

We may collect and process:

  • Identity & contact data: name, email, phone, role, company, LinkedIn profile.
  • Communications: messages you send through contact forms or email.
  • Usage & technical data: IP address, device/browser info, pages viewed, referring site, timestamps, cookie identifiers.
  • Marketing preferences: newsletter subscriptions, event registrations, opt-in/opt-out choices.
  • Contractual & advisory data (clients only): engagement scope, proposals, statements of work, meeting notes, deliverables.

We do not intentionally collect special categories of data.

2. How we collect data

  • Directly from you: when you complete forms, email us, book a call, or subscribe.
  • Automatically: via cookies/analytics when you browse the Site.
  • Third parties (optional):
    • Scheduling (e.g., Calendly) if you book time with us.
    • Newsletter (e.g., Substack/Mailchimp) if you subscribe.
    • Analytics (e.g., Google Analytics 4) to understand site usage.

3. Why we use your data (lawful bases)

PurposeExamplesLawful basis
Respond to enquiriesReply to contact form or emailLegitimate interests (to respond to you)
Provide servicesProposals, onboarding, delivery, invoicingContract (or steps prior to a contract)
Improve Site & contentAnalytics, performance, securityLegitimate interests
Marketing communicationsNewsletter, event updates (only if you opt in)Consent (you can withdraw anytime)
Legal & complianceRecord-keeping, tax/audit, dispute handlingLegal obligation / Legitimate interests

Where we rely on consent, you can withdraw it at any time (see Section 9).

4. Cookies & analytics

We do not currently set non-essential cookies on this website and we do not use analytics or advertising cookies. Visitors are not tracked via cookies for marketing or profiling. Limited strictly necessary cookies may be used only for administrative purposes (e.g., when site administrators log in); these are not set for general visitors. If we introduce analytics, embedded media, or other non-essential cookies in future, we will update this policy and obtain consent where required.

5. Disclosures & service providers

We use reputable processors that help us operate the Site and deliver services. Depending on your interactions, these may include:

  • Hosting & security: WordPress hosting provider, CDN, DDoS protection.
  • Form & email services: Contact Form plugin, email service (e.g., Microsoft/Google Workspace).
  • Scheduling (optional): Calendly or equivalent.
  • Newsletter (optional): Substack/Mailchimp or equivalent.
  • Analytics (optional): Google Analytics 4.

Processors act on our instructions and are bound by data-processing terms. We do not sell your personal data.

6. International transfers

Some providers may process data outside the UK. Where that occurs, we rely on UK adequacy regulations (e.g., EU/EEA), or appropriate safeguards such as the UK IDTA / EU Standard Contractual Clauses.

7. Data retention

We keep data only as long as necessary for the purposes above:

  • Enquiries: typically 12–24 months after last contact.
  • Client/contractual records: typically 6–7 years for tax/audit.
  • Analytics data: per the analytics tool’s retention settings.
  • Marketing data: until you unsubscribe or request deletion.

We securely delete or anonymise data when no longer needed.

8. Security

We use technical and organisational measures appropriate to the risk, including HTTPS/TLS, access controls, and least-privilege principles. No method of transmission or storage is 100% secure, but we work to protect your data.

9. Your rights

Under UK GDPR you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data (where applicable).
  • Restrict or object to certain processing.
  • Data portability (receive your data in a usable format).
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the ICO (see below).

To exercise your rights, contact us here. We may need to verify your identity.

10. Children’s data

Our Site and services are not directed to children. We do not knowingly collect personal data from anyone under 16.

11. Third-party links

The Site may link to third-party sites (e.g., GitHub, LinkedIn, Substack). We are not responsible for their privacy practices. Review their policies before providing personal data.

12. Changes to this Policy

We may update this Policy periodically. Material changes will be highlighted at the top of this page with an updated “Last updated” date.

13. Contact & complaints

Data controller: Diorama Consulting Ltd
Contact us here.
Address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK

If you are not satisfied with our response, you can complain to the Information Commissioner’s Office (ICO):
www.ico.org.uk | Telephone: 0303 123 1113 | Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF