Privacy Policy

Introduction

Neurocognitus ("Neurocognitus", "we", or "us") is committed to protecting your personal data and respecting your privacy in all our dealings. We are a UK-based consultancy, and we handle personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, and share your personal data when you interact with us – for example, by visiting our website or using our consulting services – and outlines your rights under data protection law. We adhere to the core data protection principles, ensuring that personal data is used lawfully, fairly and transparently, is collected for specific legitimate purposes, is limited to what is necessary, is kept accurate and up-to-date, is not retained longer than needed, and is secured against unauthorized use.

By engaging with Ahonsi & Co (e.g. submitting your information via our website or signing a contract with us), you acknowledge this Privacy Policy. We may provide additional notices highlighting certain uses of your data when you sign up for particular services, but this document contains the comprehensive policy. Please note: Our services are intended for adults and businesses; we do not knowingly collect personal data from children under 16, and if you are under 16 you should seek consent from a parent or guardian before providing any personal information.

Personal Data We Collect

We collect different types of personal data about you depending on how you interact with us. This includes information you provide directly, information collected automatically (e.g. via cookies), and information obtained through transactions or third-party services. The types of personal data we process include:

Information You Provide Directly:

When you fill out forms on our website (such as our contact or enquiry forms, newsletter sign-up forms, or event registration forms) or communicate with us by email, phone, or in person, you may give us personal data. This includes identifiers and contact details such as your name, email address, telephone number, postal address, job title, and company/organisation name. It also includes the content of any messages or inquiries you send us and other information you choose to provide.

Information We Collect Automatically:

When you visit our website, we automatically collect certain technical and usage information about your device and browsing actions by using cookies and similar technologies. This may include your IP address, browser type and version, device identifiers, pages you visit, the date/time of your visit, and referring URLs. For example, our site uses Google Analytics (a web analytics service provided by Google) to gather data about how users interact with our website.

Information from Transactions and Services:

If you engage our consulting services or make a purchase/payment, we will collect information needed to process that transaction and maintain our business records. This includes financial and transaction data such as your billing address, the services or products you purchased, dates of transactions, and payment details.

Information from Third Parties:

We may receive personal data about you from third-party sources in certain situations. For example, if you are working for one of our client companies, your employer or colleague might provide us with your contact details as a point of contact. We might also collect personal data from publicly available sources – for instance, we might obtain your business contact information from your company's website or a professional networking site like LinkedIn.

How We Use Personal Data (Purposes and Legal Bases)

We only use your personal information for specific, explicit, and legitimate purposes, and we ensure we have a valid legal basis for each use. Under the UK GDPR, the main legal grounds we rely on are: (a) your consent, (b) necessity for performing a contract with you, (c) compliance with a legal obligation, and (f) our legitimate interests (balanced with your rights).

To provide our consulting services and fulfill contracts:

We process personal data to deliver the services you have requested from us. Legal basis: This is necessary for the performance of a contract with you (UK GDPR Article 6(1)(b)).

To respond to enquiries and provide information:

If you contact us with a question, request a quote, or seek information about our services, we will use your provided information to respond to you. Legal basis: It is in our legitimate interest to respond to prospective clients or inquiries (Article 6(1)(f)).

For marketing and newsletters (with consent):

With your permission, we may use your contact information to send you marketing communications. Legal basis: Consent (Article 6(1)(a)). We will only send you email marketing if you have actively opted in to receive it.

To improve our website and services (analytics):

We may process data about how users interact with our website or services to identify trends, troubleshoot issues, and make enhancements. Legal basis: We will only use non-essential analytical data with your consent (Article 6(1)(a)).

Cookies and Similar Technologies

Cookies are small text files placed on your device when you visit websites, and similar technologies include scripts, beacons, and local storage. Ahonsi and Co's website uses cookies and similar technologies to ensure the site functions correctly and to help us understand how you use our site.

Essential Cookies:

These cookies are necessary for the basic operation of our website. For example, they may remember your preferences (like language or cookie consent choices) or keep you logged in to a secure area of the site. Consent is not required for essential cookies, as they are needed to provide the service you requested.

Analytics and Performance Cookies:

We would like to use analytics cookies (such as those from Google Analytics) to collect information about how visitors use our website. We do not set analytics or other non-essential cookies without your prior consent. When you first visit our site, you will see a cookie consent banner explaining the types of cookies we use.

Managing Cookies:

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. However, please be aware that if you disable or delete cookies, some parts of our site might not function properly.

Data Sharing and Third-Party Service Providers

We treat your personal data with care and do not sell it to third parties for their own marketing or other independent use. However, in the course of running our business, we share personal data with certain trusted third parties. These third parties perform services on our behalf or in collaboration with us, and they only process your data for the purposes described in this Privacy Policy.

Analytics Providers:

We use Google Analytics, which is a service provided by Google LLC (headquartered in the United States). When you consent to analytics cookies, usage data (like your IP address and website activities) is collected by Google Analytics and shared with Google.

Customer Relationship Management (CRM) Platforms:

We may use a CRM system to manage our contacts, client relationships, and communications. For example, we might use a cloud-based CRM like HubSpot or Salesforce to store your name, contact details, company info, and a log of our interactions.

Cloud Storage and IT Infrastructure:

Neurocognitus uses reliable cloud-based services for data storage, email, and IT infrastructure. For instance, we may use Microsoft 365 (OneDrive/SharePoint/Exchange) or Google Workspace for business email and document management.

Payment Processors:

If you make a payment to us by credit card or online payment, that payment will be processed by third-party payment processors such as Stripe, PayPal, or our banking institutions. We do not see or store your full financial account numbers.

International Data Transfers

Ahonsi & Co Consulting is based in the United Kingdom. However, some of the third-party service providers we use and some internal operations may involve transferring your personal data across national borders. In particular, data may be transferred to or accessed in countries outside the UK (and potentially outside the European Economic Area - EEA).

When we transfer personal data internationally, we ensure that an appropriate level of protection is applied to your information, as required by the UK GDPR. The safeguards we rely on may include:

  • Adequacy Decisions: In some cases, data may be sent to countries that have been officially designated by the UK government as providing an "adequate" level of data protection.
  • Standard Contractual Clauses (SCCs) / International Data Transfer Agreements: For transfers to countries without an adequacy decision – such as the United States – we implement standard data protection clauses approved by the UK.
  • Additional Technical and Organisational Measures: We may use measures like encryption and pseudonymisation for data in transit and at rest, to mitigate the risk when data is stored overseas.

Data Retention and Storage

We will not keep your personal data for longer than necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law. Below are some typical retention practices:

  • Client and Contract Data: We generally retain relevant data for up to six (6) years from the end of the contract or last interaction.
  • Enquiry and Prospective Client Data: We may retain your contact information and communications for no more than 12 to 18 months after our last interaction.
  • Marketing Data: We will retain your contact details on our mailing list until you unsubscribe or opt out.
  • Website Analytics Data: Data collected via Google Analytics is retained for 14 months from your last visit.

Data Security

We have implemented a range of technical and organisational security measures to ensure that your personal data is kept secure and confidential. Protecting your information is a top priority for Ahonsi and Co, and we take into account industry best practices and legal requirements.

  • Access Control: Personal data is only accessible to those in our team who need access to perform their job duties.
  • Encryption: We use encryption to protect personal data in transit and at rest wherever feasible. Our website is secured via HTTPS (SSL/TLS encryption).
  • Secure Infrastructure: Our website and IT systems are protected by firewalls, anti-malware defenses, and network security monitoring.
  • Physical Security: For any physical records or on-site servers, we maintain appropriate physical controls.
  • Monitoring and Testing: We monitor our systems for potential breaches or attacks and periodically review our security measures.

Your Rights under GDPR

As an individual ("data subject") whose personal data we hold, you have certain rights under the UK GDPR and other data protection laws. We respect these rights and have processes to enable you to exercise them. Below is a summary of your key rights:

  • Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy is part of fulfilling that right.
  • Right of Access: You have the right to access the personal data we hold about you and request a copy of that data (commonly known as a "Data Subject Access Request").
  • Right to Rectification: You have the right to have inaccurate personal data corrected or completed if it is incomplete. If you become aware that the information we hold about you is wrong or outdated (for example, you change your email address or notice we misspelled your name), please let us know. We will rectify the data promptly. We may need to verify the new information you provide, to ensure the accuracy of the correction. If we have shared incorrect data with others, we will (where possible) inform them of the correction as well.
  • Right to Erasure ('Right to be Forgotten'): You have the right to request deletion of your personal data in certain circumstances. This is often called the "right to be forgotten." You can ask that we erase your personal data, for example, if: (a) it's no longer necessary for the purpose we collected it; (b) you initially consented to processing and have now withdrawn that consent; (c) you have objected to processing (see the right to object below) and we have no overriding legitimate grounds to continue; or (d) we processed your data unlawfully or must erase it to comply with a legal obligation. Where one of these grounds applies, we will honor your request and delete (or irreversibly anonymize) your data, and also inform any third parties who received it to do the same, where feasible. Do note that the right to erasure is not absolute – there are exceptions. For instance, we might retain some minimal information if needed for defending legal claims, exercising freedom of expression, or fulfilling a legal requirement. If an exception applies, we will inform you of it. In any case, we will respond to your erasure request and let you know what action we've taken.
  • Right to Restrict Processing: You have the right to ask us to limit or "freeze" the processing of your personal data in certain situations. This means that while we will store your data, we will temporarily suspend actively using it. You can request restriction if: you contest the accuracy of the data (for a period allowing us to verify it); or you believe the processing is unlawful but you prefer restriction to erasure; or we no longer need the data but you want us to keep it for establishment or defense of legal claims; or you have objected to processing (see below) and are awaiting verification of overriding grounds. When processing is restricted, we will flag the data and ensure it's only processed for legitimate, limited purposes (such as storing it, or processing with your consent, or for legal claims, or to protect others' rights). We will inform you before lifting any restriction.
  • Right to Data Portability: You have the right, in certain circumstances, to receive your personal data in a structured, commonly used, machine-readable format and to have that data transmitted to another controller. This right only applies to information you have provided to us, and which we process by automated means on the legal basis of your consent or for performance of a contract. For example, if you provided us with a set of data and we process it with your consent, you could request that we export that data in a CSV or JSON file so that you can transfer it to another service provider. You can also ask, where technically feasible, that we transfer the data directly to the other provider if, say, you want to switch to a different service. Note that data portability does not apply to most of our processing (since much of what we do is based on legitimate interests or legal obligations), but if you have questions or think it might apply, we will certainly consider portability requests.
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances. The two main scenarios for this are: (a) Direct Marketing: You can object at any time to the processing of your personal data for direct marketing purposes. If you do so, we will immediately stop using your data for marketing. (This is an absolute right – no exceptions – which is why we always honor unsubscribe requests.) (b) Legitimate Interests: If we are processing your data on the basis of a legitimate interest (or performing a task in the public interest/exercise of official authority, though we don't typically do the latter), you can object to that processing if you have grounds relating to your particular situation. For example, if you feel our legitimate interest is not compelling enough and it impacts your rights, you may object. Upon objection, we must stop processing the data unless we can demonstrate compelling legitimate grounds that override your rights and interests, or the processing is needed for legal claims. We believe the instances where we rely on legitimate interests (as described in the "How We Use Data" section) are not intrusive or unexpected; however, we will assess any objection carefully. Generally, if someone objects to, say, being in our CRM database as a prospect, we would likely honor it (delete or anonymize their data) unless we have a strong justification to retain it. We will inform you of the outcome of an objection request.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing we did while your consent was in effect, but it means we will stop the consent-based processing going forward. For example, if you signed up for our newsletter (consent) and later change your mind, you can withdraw consent and we will stop sending the newsletter. Withdrawing consent is as easy as giving it – you can usually do this by clicking "unsubscribe" in an email, unchecking options on our website, or contacting us. There is no penalty or detriment to withdrawing consent. Note that if there are other legal grounds for processing the data (e.g., we also need the data for a contract), we might continue using it under those grounds, but we will make that clear. We will also cease processing any special category data if you withdraw consent, since explicit consent is often required to process such data.
  • Rights related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you, unless certain exceptions apply. In plain terms, this means if we ever were to use algorithms or AI to make important decisions about you without human involvement, you'd be protected. Ahonsi & Co does not currently make any automated decisions about individuals with legal or significant effects (such as credit profiling, etc.). Any important decision regarding our clients or website users involves human consideration. If this changes in the future, we will update this policy and ensure appropriate safeguards (including giving you the right to obtain human intervention, express your point of view, and contest the decision).
  • Right to Lodge a Complaint: If you believe that we have not complied with data protection laws in the way we have processed your personal data, you have the right to file a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner's Office (ICO). You can contact the ICO for advice or to submit a complaint about our data handling practices. The ICO's website is www.ico.org.uk and they can be reached by telephone at +44 303 123 1113. Their postal address is Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK. We encourage you to contact us first with any concerns (we genuinely want to resolve any issue if possible), but you are not obligated to do so – you can go directly to the ICO. If you live or work in another country (within the EEA, if applicable), you may instead complain to your local data protection authority.

How to Exercise Your Rights:

You can exercise any of your rights by contacting us using the contact information in the next section. Typically, we will need to verify your identity before acting on a request (to ensure we don't disclose data to the wrong person). This might involve asking for additional information or identification. We will respond to requests as soon as we can, generally within one month. If your request is complex or you have made multiple requests, we may extend the response time by a further two months, but we will inform you and explain why. There is no fee for exercising your rights, with the exception mentioned (manifestly unfounded/excessive requests).

Some rights (like rectification, objection, withdrawal of consent) can be handled quickly and informally – for instance, if you just wish to update your contact info or unsubscribe from emails, you can do so through our self-service options or by a quick email to us, and we'll take care of it. For more formal requests (like a full data access or deletion request), it helps if you can be as specific as possible about what data or processing your request concerns, so we can address it efficiently.

We will communicate to you in writing (usually electronic) about actions taken on your request, or explain if any action is not taken with the reasons (for instance, if an exemption applies). Rest assured, your rights are very important to us, and our policy is to make it easy for you to exercise them and to honor your requests promptly and fully, in line with the law.

Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make any significant changes, we will notify you by appropriate means. For example, we might post a prominent notice on our website or send you an email notification if we have your email address (especially for changes relating to how we use your data). We will also update the "Last updated" date at the top of this Policy to indicate when the latest changes were made.

Any changes will become effective when the revised Policy is posted on our website, unless stated otherwise. In some cases (if required by law and in relation to material changes in how we process data), we may seek your explicit consent to new processing terms. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued relationship with us – for example, use of our website or services – after any updates to this Policy will constitute acknowledgment of the changes.

If we were ever to make changes that significantly affect your rights, we would take additional steps to inform you (beyond just updating the Policy), because your privacy is paramount. However, minor changes (like clarifications or typographical corrections) may occur without a specific notice. The version of the Policy posted on our website is the one currently in effect.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please do not hesitate to contact us. We are here to help and will respond as promptly as possible.

Contact details for data protection queries:

  • Email: info@neurocognitus.com (Please include "Privacy Inquiry" in the subject line for quicker routing.)
  • Phone: +44 (0)208 1028 800 (Available during normal business hours, UK time.)
  • Postal Address: 86-90 Paul Street, London, England, EC2A 4NE

The data controller for the purposes of UK data protection law is Neurocognitus (registered in the UK). If you contact us about your rights or any privacy matter, we may ask to verify your identity (to protect your data from unauthorised access) and then will promptly assist you.

Data Protection Officer: At this time, Neurocognitus has not appointed a formal Data Protection Officer (DPO), as we are not legally required to do so given the nature and scale of our data processing. However, we have a dedicated privacy team (led by our managing director) that oversees data protection compliance. If you have any privacy-related questions or issues, you can reach out via the contact details above and our team will address your query.

Alternatively, for general enquiries, you can also reach us through the contact form on our website, and your message will be directed to the appropriate person. We value your feedback and are committed to resolving any issues related to personal data to your satisfaction.

Thank you for taking the time to read our Privacy Policy. We hope it has clearly explained how we handle your personal information. We take our obligations seriously and strive to protect your privacy at every step. If there's anything you're unsure about, feel free to get in touch – we'll be happy to assist.

Additional Information:

If you are not satisfied with our response or believe we are processing your personal data in a way that is not lawful, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by calling 0303 123 1113.

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.