Privacy Policy

Last updated: 16 June 2025

1. Introduction

ConsultClick ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our time tracking and client management platform.

Data Controller: ConsultClick operates as the data controller for all personal data processed through our platform.

2. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: To provide our services as outlined in our Terms of Service
  • Legitimate Interest: To improve our services, prevent fraud, and ensure platform security
  • Consent: For marketing communications and optional features (where explicitly requested)
  • Legal Obligation: To comply with accounting, tax, and other legal requirements

3. Data We Collect

3.1 Personal Information

  • Name and contact details (email, phone, address)
  • Company information
  • Account credentials (encrypted passwords)
  • Billing and payment information (processed securely via Stripe)

3.2 Usage Data

  • Time tracking entries and project data
  • Client information you enter
  • Email communications (if using email integration)
  • Platform usage analytics (anonymized where possible)
  • Technical data (IP address, browser type, device information)

3.3 Cookies and Tracking

We use strictly necessary cookies for authentication and platform functionality. Optional analytics cookies are only used with your explicit consent via our cookie banner.

4. How We Use Your Data

  • Service Delivery: Providing time tracking, client management, and invoicing features
  • Account Management: User authentication, billing, and customer support
  • Security: Fraud prevention, security monitoring, and data protection
  • Legal Compliance: Meeting our obligations under UK/EU law
  • Service Improvement: Anonymous analytics to enhance platform functionality

5. Data Sharing and Third Parties

We do not sell your personal data. We only share data with:

  • Stripe: For secure payment processing (covered by their privacy policy)
  • Email Providers: Only if you enable email integration features
  • Legal Authorities: When required by law or to protect our rights
  • Service Providers: Technical partners bound by strict data processing agreements

6. Data Retention

  • Active Accounts: Data retained while your account is active
  • Closed Accounts: Personal data deleted within 30 days of account closure
  • Billing Records: Retained for 7 years as required by UK accounting law
  • Anonymized Analytics: May be retained indefinitely for service improvement

7. Your GDPR Rights

As a data subject, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct any inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data (subject to legal obligations)

Right to Portability

Receive your data in a structured, machine-readable format

Right to Restrict Processing

Limit how we process your personal data

Right to Object

Object to processing based on legitimate interests or direct marketing

To exercise these rights, contact us at: [email protected]

8. Data Security

We implement industry-standard security measures:

  • End-to-end encryption for data transmission
  • Encrypted storage of sensitive information
  • Regular security audits and penetration testing
  • Access controls and employee training
  • Secure hosting with reputable providers

9. International Data Transfers

Your data is primarily processed within the UK/EU. Any transfers to third countries are protected by:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules where applicable

10. Children's Privacy

Our services are not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected users without undue delay
  • Provide clear information about the breach and mitigation steps

12. Contact Information

For any privacy-related questions or to exercise your rights:

Data Protection Officer

Email: [email protected]

Post: ConsultClick Data Protection, [Address to be added]

13. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately.

ICO Contact:
Website: ico.org.uk
Phone: 0303 123 1113

14. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify users of significant changes via email or platform notification.

GDPR Compliance Statement

This Privacy Policy has been designed to comply with the EU General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. We are committed to the principles of data protection by design and by default.