Privacy Policy

Last updated: 1 January 2024

Data Controller: Movementgrownatu | 49 Lamb's Conduit Street, London WC1N 3NG, United Kingdom | Phone: +44 20 7404 6458 | Email: assist@movementgrownatu.world

1. About This Policy

This Privacy Policy explains how Movementgrownatu ("we", "us", "our") collects, uses, stores, and protects personal data when you visit our website at movementgrownatu.world or interact with us in any way, including through our contact form, telephone, or email correspondence.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This policy is written in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection legislation in force in the United Kingdom.

Please read this policy carefully. By using our website or submitting your data via our contact form, you acknowledge that you have read and understood this policy. If you do not agree with its terms, please refrain from using our website or submitting personal information to us.

This policy applies to all personal data we process about you, regardless of the channel through which it is collected. It does not apply to third-party websites that may be linked to from our site — those sites are governed by their own privacy policies.

2. Data We Collect

We collect only the personal data that is necessary for the stated purposes described in this policy. The categories of personal data we may collect include:

2.1 Data You Provide Directly

  • Contact information: Your full name, email address, and any other details you choose to include in a message submitted via our contact form.
  • Correspondence records: The content of messages you send to us by email, telephone, or post, along with any follow-up communications.
  • Consent records: A record of the consent you provided when ticking the GDPR consent checkbox on our contact form, including the timestamp and the version of the policy in force at the time.

2.2 Data Collected Automatically

  • Technical data: IP address (anonymised where possible), browser type and version, operating system, device type, and screen resolution.
  • Usage data: Pages visited, time spent on each page, referring URL, and click behaviour within the site.
  • Cookie data: Data stored in cookies placed on your device — see Section 11 and our separate Cookie Policy for full details.

We do not knowingly collect sensitive personal data (also known as special category data) such as data concerning health, race, religion, political opinions, or biometric information. If you inadvertently include such data in a message to us, we will handle it with additional care and not process it beyond what is necessary to respond to your enquiry.

3. How We Collect Data

We collect personal data through the following means:

  • Contact form submissions: When you complete and submit the form on our Contact page.
  • Direct communication: When you contact us by telephone, email, or post.
  • Automatic collection: Through cookies and similar tracking technologies placed on your device when you visit our website. You can manage your cookie preferences via the cookie consent banner displayed on your first visit.
  • Analytics tools: Aggregated and anonymised data about site usage, collected where you have consented to analytics cookies.

Under UK GDPR, we are required to identify a lawful basis for each category of personal data processing. We rely on the following bases:

  • Consent (Article 6(1)(a)): For analytics and marketing cookies, and for direct marketing communications, where you have provided clear, informed consent. You can withdraw your consent at any time.
  • Contract (Article 6(1)(b)): Where processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract.
  • Legitimate interests (Article 6(1)(f)): For the purposes of responding to enquiries submitted via our contact form, maintaining site security, and improving our services — where such interests are not overridden by your rights and interests.
  • Legal obligation (Article 6(1)(c)): Where we are required by law to process your data — for example, for accounting, tax, or regulatory purposes.

5. How We Use Your Data

We use your personal data only for the purposes for which it was collected. Specifically, we use it to:

  • Respond to enquiries submitted through our contact form or via direct communication.
  • Administer any agreement or engagement we enter into with you or your organisation.
  • Improve and maintain the functionality of our website, based on aggregated and anonymised analytics data.
  • Send you information about our services where you have requested it and provided appropriate consent.
  • Comply with our legal obligations, including maintaining records required under applicable law.
  • Protect the security of our website and prevent fraudulent activity.

We will not use your data for automated decision-making or profiling in a way that has a legal or similarly significant effect on you.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your data only in the following limited circumstances:

  • Service providers: Third-party companies that provide services on our behalf — such as web hosting, email delivery, and analytics — and who process data only on our documented instructions.
  • Legal requirements: Where disclosure is required by law, court order, or regulatory authority, we will comply with such requirements and, where permitted, notify you.
  • Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the relevant third party, who will be required to handle it in accordance with this policy.

Any third-party service providers we engage are contractually required to comply with UK GDPR and maintain appropriate security standards. We conduct due diligence on all processors before engaging them.

7. International Data Transfers

We aim to store and process all personal data within the UK or the European Economic Area (EEA). Where data is transferred outside these areas — for example, by a third-party service provider — we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions recognised by the UK Information Commissioner's Office (ICO).

You can request information about the specific safeguards applied to international transfers by contacting us at the details in Section 15.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention schedule is as follows:

  • Contact form enquiries: Up to 2 years from the date of last contact, unless an ongoing relationship requires longer retention.
  • Contractual records: Up to 6 years from the end of the contract, in line with UK limitation periods for legal claims.
  • Analytics data: Aggregated and anonymised data may be retained indefinitely, as it cannot be used to identify individuals. Cookie data follows the retention periods specified in our Cookie Policy.
  • Consent records: Retained for as long as the relevant consent remains valid, plus a reasonable period thereafter to demonstrate compliance.

When data is no longer required, we securely delete or anonymise it. Deletion schedules are reviewed annually.

9. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, alteration, or disclosure. These measures include:

  • HTTPS encryption across all pages of our website, with no mixed content.
  • Restricted access to personal data on a need-to-know basis within our organisation.
  • Regular security reviews and updates to our systems and software.
  • Use of reputable, security-certified hosting and infrastructure providers.
  • Staff training on data protection principles and obligations.

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of data transmitted to us. In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.

10. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You have the right to request a copy of the personal data we hold about you (a Subject Access Request).
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure: You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer needed for the purpose for which it was collected.
  • Right to restrict processing: You have the right to request that we limit the processing of your personal data in certain situations.
  • Right to data portability: Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.
  • Right to object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
  • Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at the details provided in Section 15. We will respond to your request within one month of receipt. In complex cases, we may extend this period by a further two months, in which case we will inform you within the initial one-month period.

We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.

11. Cookies

Our website uses cookies to improve your browsing experience and to understand how visitors use our site. For full details of the types of cookies we use, their purpose, duration, and how to manage them, please refer to our separate Cookie Policy.

You can manage your cookie preferences at any time by clicking the "Cookie Settings" option in the banner displayed at the bottom of our pages, or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of parts of the site.

Our website may contain links to third-party websites for your convenience. These links do not constitute an endorsement of those sites or their content. We are not responsible for the privacy practices, content, or accuracy of any third-party site. We encourage you to read the privacy policy of any site you visit via a link from our website.

13. Children's Privacy

Our website and services are directed at business professionals and organisations, not at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child, please contact us immediately and we will take prompt steps to delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acknowledgement of the updated policy.

Where changes are material, we will make reasonable efforts to notify you — for example, by displaying a notice on our website or contacting you directly if we hold your contact details.

15. Contact and Complaints

If you have any questions about this Privacy Policy, how we handle your data, or if you wish to exercise any of your rights, please contact us:

  • By post: Movementgrownatu, 49 Lamb's Conduit Street, London WC1N 3NG, United Kingdom
  • By telephone: +44 20 7404 6458
  • By email: assist@movementgrownatu.world

If you are not satisfied with our response to any data protection concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), which is the supervisory authority responsible for data protection in the United Kingdom:

  • ICO website: ico.org.uk
  • ICO helpline: 0303 123 1113
  • ICO postal address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO, and we invite you to contact us first.