Last updated 20 May 2025
1. Introduction
This Privacy & Cookie Policy explains how Fisk Consulting Ltd (“we”, “us”, “our”) processes personal data and uses cookies when you visit andrewfisk.com (“Site”) or contact us through the Site’s enquiry form.
We collect only the information required to run the Site and answer your enquiry—nothing more, nothing hidden.
2. Who is the data controller?
Fisk Consulting Ltd
Registered in England & Wales, company no. 07965114
Registered office in Northumberland, United Kingdom.
Email: contact@andrewfisk.com
3. What personal data do we collect?
| Category | Data collected | Source |
|---|---|---|
| Enquiry details | Name, email address, message content | Submitted by you via the enquiry form |
| Technical data | IP address, browser type, device data, pages visited, time on page | Through cookies and similar tracking technologies |
We do not knowingly collect “special category” data (e.g. health, ethnicity) or data on children under 13.
4. Why we use your data
| Purpose | Lawful basis (UK GDPR, Art 6) | Details |
|---|---|---|
| Responding to your enquiry | Legitimate interests – running our business and answering potential customers | We use your name/email solely to reply to you. |
| Operating and securing the Site | Legitimate interests – ensuring the Site works, detecting abuse | Server logs and security monitoring. |
| Analytics & performance tracking | Consent (via cookie banner) | Understanding how visitors use the Site to improve content and marketing. |
We do not send direct marketing messages unless you actively opt-in.
5. Who gets to see the data?
-
Hosting & IT providers acting as processors under contract.
-
Analytics vendors (e.g. Google Analytics) if you consent to non-essential cookies.
-
Competent authorities or regulators if required by law.
We never sell or rent your personal data.
6. International transfers
Where service providers process data outside the UK, we rely on an adequacy decision or enter into the UK International Data Transfer Addendum (IDTA) with appropriate safeguards.
7. Data retention
| Data | Retention period |
|---|---|
| Enquiry emails | 12 months after the thread closes, then securely deleted |
| Cookie & analytics data | Set by each cookie (see table below) or 26 months, whichever is sooner |
Server backups containing your data are automatically deleted on a rolling 30-day cycle.
8. Security measures
-
TLS encryption for data in transit.
-
ISO 27001-aligned access controls.
-
Regular vulnerability scanning and patch management.
If we suffer a breach that risks your rights and freedoms, we will notify you and the ICO in line with Articles 33–34 UK GDPR.
9. Your data protection rights
Under UK GDPR you can: access, correct, erase, restrict, or object to processing of your data; and obtain a copy for portability. Send requests to contact@andrewfisk.com. You also have the right to complain to the Information Commissioner’s Office (ico.org.uk).
Cookie Policy
A. What are cookies?
Cookies are small text files placed on your device to store information. The UK Privacy and Electronic Communications Regulations (PECR) require consent for non-essential cookies.
B. How we use cookies
| Cookie type | Purpose | Example provider | Typical expiry | Consent needed? |
|---|---|---|---|---|
| Strictly necessary | Security, load-balancing, form functionality | Cloudflare, our CMS | Session | No |
| Analytics / performance | Understand traffic patterns, improve UX | Google Analytics (_ga, _gid) |
1 day – 26 months | Yes |
| Marketing | Measure campaign effectiveness, retarget ads | Google Ads (_gcl_au) |
90 days | Yes |
A detailed, auto-generated cookie table appears in our cookie banner.
C. Managing cookies
-
Consent banner: On your first visit we display a banner allowing you to accept or reject non-essential cookies.
-
Browser settings: You can delete or block cookies in your browser at any time.
-
Opt-out links: Google provides an opt-out add-on for Analytics (tools.google.com/dlpage/gaoptout).
Rejecting cookies will not break the Site, but some analytics-driven improvements may be less accurate.
10. Automated decision-making
We do not use your data for automated decisions or profiling that produce legal or similarly significant effects.
11. Updates to this policy
We may revise this Policy to reflect legal or operational changes. The latest version will always be posted here with the “last updated” date. Significant changes will be highlighted via the cookie banner or email where practicable.
12. Contact
For questions, exercise of rights or complaints, contact us at contact@andrewfisk.com or write to our registered office. We aim to reply within 30 days.
We are committed to transparent, minimal-footprint data practices. If you spot something that needs fixing, tell us—no bureaucracy, just action.