IMS Consultancy (“IMS”, “we”, “us”) is a UK-based strategic consultancy. This policy explains how we collect, use, and protect personal data in the course of running the business and delivering client engagements.

For any privacy question, contact info@intelmadesimple.com.

• Contact data you give us through the contact form, email, or a scoping call. Name, email, company, and the description of your enquiry.
• Engagement data shared with us during a paid engagement. Whatever is necessary to do the work and no more.
• Newsletter data if you subscribe to the IMS letter. Only your email address.
• Site analytics. Privacy-respecting, cookie-free analytics covering aggregate page views, referrers, and Core Web Vitals. No fingerprinting and no third-party advertising trackers.
• Technical logs. IP address and request metadata retained briefly by our hosting provider for security and abuse prevention.

We process personal data under UK GDPR on these lawful bases:

• Legitimate interests for responding to enquiries, running the consultancy, and protecting the site against abuse.
• Contract for delivering paid engagements to clients.
• Consent for newsletter subscriptions and any optional marketing communication. Withdrawn in one click.
• Legal obligation for retaining records required by tax, accounting, or anti-money-laundering law.

• Contact enquiries that do not become engagements: deleted within twelve months.
• Engagement records: retained for seven years after the engagement ends, per UK accounting rules.
• Newsletter subscriptions: retained until you unsubscribe.
• Site analytics and access logs: retained for a maximum of twelve months in anonymised form.

We share personal data only with the small set of vendors that make the consultancy run. Each one is bound by a data processing agreement and is selected for UK or EU data residency where available.

• Hosting and content delivery.
• Transactional email and newsletter sending.
• Accounting, payments, and bookkeeping.
• Privacy-respecting site analytics.

We do not sell, rent, or trade personal data to anyone, for any reason.

Where a vendor processes data outside the UK or EEA, we rely on the UK Addendum to the EU Standard Contractual Clauses and we choose vendors that meet equivalent data-protection standards. We will tell you, on request, exactly which vendors hold what.

Under UK GDPR you have the right to:

• access the personal data we hold on you,
• request correction of inaccurate data,
• request deletion where lawful bases allow,
• restrict or object to processing for legitimate-interest use,
• withdraw consent for any consent-based processing,
• request your data in a portable, machine-readable format,
• lodge a complaint with the Information Commissioner’s Office at ico.org.uk.

Email info@intelmadesimple.com and we will respond within thirty days, usually within four hours.

We do not set marketing or tracking cookies. The only cookies on the site are essential to deliver the page you requested and to remember stated preferences for the duration of your visit.

The use of AI inside both our consultancy and the work we deliver is governed by a separate published policy. Read it at /ai-policy.

The way we hold and process personal data aligns with the following standards. Alignment, not certification, except where explicitly stated.

• ISO/IEC 27001 information security management.
• ISO/IEC 42001 AI management systems.
• NIST AI Risk Management Framework (AI RMF 1.0).
• OWASP Top 10 for Large Language Model Applications.
• UK Cyber Essentials baseline controls.
• UK GDPR and Data Protection Act 2018.

We may update this policy as the business or the law changes. Material changes will be flagged on the homepage and on the IMS letter for at least thirty days before they take effect.