top of page

Privacy Policy

Last updated: June 2026

1. Introduction
Lloyd Marshall ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and your rights in relation to it.
We are established in the European Union and are subject to the General Data Protection Regulation (GDPR) (EU) 2016/679. We work with clients worldwide and apply GDPR standards as our baseline for all data processing activities, regardless of where you are located.

2. Data Controller
Lloyd Marshall acts as the data controller for the personal information described in this policy. If you have any questions or wish to exercise your rights, please contact us at:
Email: info@lloydmarshall.com

3. Personal Data We Collect
We collect only the minimum personal data necessary to provide our services. Specifically, we collect:

  • Data about business representatives:

    • Full name and surname of the representative

    • Business email address

  • Data about businesses:

    • Business name (trading name and/or legal entity name)

    • Business address (registered or operational)

We do not collect sensitive personal data and do not collect information from individuals acting outside a business capacity.

4. Legal Basis for Processing
We process your personal data on the following legal grounds under the GDPR:

  • Contract performance (Article 6(1)(b)): Processing is necessary to enter into or perform a contract with you or your organisation.

  • Legitimate interests (Article 6(1)(f)): Processing supports our legitimate business interests, such as maintaining client records and communications, where these do not override your rights.

  • Legal obligation (Article 6(1)(c)): Where we are required to retain records by law.


5. How We Use Your Personal Data
We use the data we collect to:

  • Establish and manage our business relationship with your organisation

  • Communicate regarding services, contracts, and enquiries

  • Send invoices, proposals, and business correspondence

  • Comply with legal and regulatory obligations

  • Maintain accurate business records

  • We will not use your personal data for marketing purposes without your prior consent.

6. Disclosure of Personal Data
We do not sell, rent, or trade your personal data. We may share it only in limited circumstances:

  • Service providers: Trusted third parties (IT, hosting, accounting tools) bound by data processing agreements and acting only on our instructions.

  • Legal requirements: Where required by law, court order, or regulatory authority.

  • Business transfers: In the event of a merger or acquisition, with appropriate notice to you.


7. International Data Transfers
As we serve clients worldwide, your data may be transferred outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission

  • Standard Contractual Clauses (SCCs)

  • Other legally recognised transfer mechanisms under the GDPR

You may request details of the safeguards applied to any transfer by contacting us.

8. Data Retention
We retain personal data only as long as necessary for the purposes set out in this policy or as required by law:

  • Client and business records are kept for the duration of the relationship and up to 7 years thereafter.

  • Data no longer needed is securely deleted or anonymised.


9. Data Security
We implement appropriate technical and organisational measures to protect your data, including:

  • Access controls limiting data to authorised personnel

  • Encrypted communications and storage where appropriate

  • Regular review of data handling practices

In the event of a breach posing risk to your rights, we will notify the relevant supervisory authority within 72 hours and inform affected individuals where required.

10. Your Rights
Depending on your location, you may have the right to:

  • Access - request a copy of your personal data

  • Rectification - correct inaccurate or incomplete data

  • Erasure - request deletion, subject to legal obligations

  • Restriction - limit how we process your data in certain circumstances

  • Portability - receive your data in a structured, machine-readable format

  • Object - object to processing based on legitimate interests

  • Withdr-aw consent - where processing is consent-based, withdraw at any time

To exercise any right, contact us as detailed in Section 2. We will respond within 30 days. EEA-based individuals also have the right to lodge a complaint with their national data protection authority.

11. Cookies and Online Tracking
This policy covers personal data collected through our business operations. If we operate a website, a separate Cookie Policy will describe our use of cookies and similar technologies.

 

12. Changes to This Policy
We may update this policy from time to time. Material changes will be reflected in an updated "Last Updated" date, and we will notify you directly where appropriate. We encourage you to review this policy periodically.

13. Contact Us
Lloyd Marshall
Email: info@lloydmarshall.com

bottom of page