Who we are What we do Who we help Get in touch

Privacy Policy

Last Updated: March 3, 2025

Introduction

Chilled Advisory Group (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains who we are, what information we collect, how we use and safeguard it, and your rights. We provide professional advisory services in the temperature-controlled (“cold chain”) industry and primarily serve business clients in the UK. This policy applies to personal data of individuals who interact with our website or services (for example, when contacting us on behalf of a company). Please read this Privacy Policy carefully – by using our website or providing your information, you acknowledge that you have been informed about our data practices.

Who We Are (Data Controller Details)

Chilled Advisory Group is a UK-based consulting network specializing in cold chain infrastructure advice. For the purposes of data protection law (including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018), Chilled Advisory Group is the “data controller” of your personal data. This means we determine how and why your personal information is processed. If you have any questions about this policy or wish to exercise your rights, you can contact us using the details in the “Contact Us” section below.

Data We Collect

We only collect minimal personal data necessary to communicate with you and deliver our services. This typically includes:

  • Name (your first and last name)

  • Email Address (work or personal email you provide)

  • Company/Organization name (the business you represent, if applicable)

  • Phone Number (contact telephone number)

We collect this information directly from you, for example when you fill out our “Get in touch” form, email us, or speak with us by phone. We do not collect sensitive personal data or any information not needed for our stated purposes. We do not use cookies or third-party analytics on our website to track personal data, so we do not automatically gather information like IP addresses or browsing behavior for marketing purposes. (Our website might log basic technical data like IP address in server logs for security, but we do not use this data to identify or profile any visitor.)

How We Use Your Data (Purposes of Processing)

We will only use your personal information for legitimate business purposes and in ways you would expect, including:

  • Responding to Inquiries: If you contact us (via our website form, email, or phone), we use your name and contact details to respond to your request or question. For example, we may email or call you back to discuss your project needs or provide information about our services.

  • Providing Our Services: If you become a client, we will use the personal and company information you provided to carry out our consulting services and communicate with you throughout our engagement. This can include discussing project details, sending proposals, or invoicing (as appropriate).

  • Business Communication: We may occasionally use your contact information to send important updates related to our services or industry insights that could benefit your business. We will only send you marketing or newsletter emails if you have consented or if you would reasonably expect such communications as part of our business relationship. In any case, you are free to opt out of marketing messages at any time (see “Your Choices” below).

  • Record-Keeping and Legal Obligations: We retain minimal records of communications and transactions as necessary for our accounting, tax, or legal requirements. For instance, we may keep invoices or contract details that contain your name or company information to comply with UK financial regulations and audit standards.

We do not use your personal data for any kind of automated decision-making or profiling that has legal or significant effects on you. All uses of personal data are reviewed to ensure they are fair, lawful, and transparent. If we intend to use your data for a new purpose that is unrelated to the original reason you provided it, we will inform you and, if required, seek your consent.

Legal Basis for Processing

Under the GDPR, we must have a valid legal basis to process your personal data. Depending on the context, our processing of your information is justified on one or more of the following bases:

  • Legitimate Interests: In most cases, we rely on our legitimate business interests to process your data. When you voluntarily give us your contact details (for example, by reaching out to us), we have a legitimate interest in using that information to reply and conduct our business with you or the company you represent. We always consider your rights and expectations and will not use your data for unrelated purposes that you wouldn’t reasonably expect.

  • Contractual Necessity: If you become a client, processing your personal data can be necessary to perform the contract between us. For example, we need to use your contact information to provide consulting services, communicate about the project, and fulfill our obligations to you or your organization.

  • Consent: Where required by law (for example, sending certain marketing communications to individual contacts), we will ask for your consent before processing your data. If we ever ask for consent, you have the right to refuse or withdraw it, and we will honor that choice. For instance, if you subscribe to an optional newsletter, you can unsubscribe at any time, and we will not continue to send it to you.

Data Retention – How Long We Keep Your Information

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. In practice:

  • If you contact us with an inquiry but do not become a client, we may keep your contact details and our correspondence for a reasonable period (for example, up to 12 months) in case you have follow-up questions or to refer back to our discussion if you approach us again. If you prefer we delete your information sooner, just let us know and we will do so.

  • If you become a client, we will keep your data for the duration of our working relationship. After the project or contract ends, we may archive relevant information for the period required by law or our legitimate interests. For instance, we might retain invoicing records or basic contact details for 6 years to comply with UK tax law and professional record-keeping obligations.

  • We periodically review the personal data we hold and erase or anonymize information that is no longer needed. When we no longer have any legal or legitimate need to keep your personal data, we will securely delete it.

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information with any third parties for marketing or any other purposes. In fact, we generally avoid using external services that involve sharing your data. For example, we do not use third-party analytics, advertising networks, or cloud CRM platforms that would receive your personal details.

However, there are a few situations where your data might be shared, strictly as necessary:

  • Service Providers (Processors): We may use trusted third-party service providers to help us run our business. For example, our website is hosted by a UK-based hosting company, and we use standard email providers to send and receive communications. These providers might process your personal data on our behalf (for example, your email and name in a received message). We only engage providers that meet high data protection standards, and they are contractually bound to keep your information confidential and secure, and to use it only for the specific services they provide to us.

  • Legal Requirements: If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, we may do so. For instance, we might have to provide information if required by a court order or requested by regulators (such as the Information Commissioner’s Office) or law enforcement. We will only disclose what is necessary and will inform you of such requests when permissible.

  • Business Transfers: Although not anticipated, if our business structure changes (for example, through a merger, acquisition, or partnership reorganization), your personal data may be transferred to relevant parties as part of that process. If such a transfer materially affects how your personal data is used, we will notify you and ensure the transfer is handled in accordance with data protection laws.

Aside from the above, no third parties will receive or process your personal data. In plain terms: your information stays with us and our essential service providers. We will never sell your data or use it for purposes you haven’t been informed about.

International Data Transfers

Chilled Advisory Group is based in the United Kingdom, and we aim to store and process personal data within the UK or the European Economic Area (EEA). This means that if you are in the UK or EU, your personal data remains protected under UK/EU data protection rules. We do not transfer your personal data to countries outside the UK/EEA in the normal course of business.

In the event we ever need to transfer personal data internationally (for example, using an IT provider or consultant in another country), we will ensure that adequate safeguards are in place as required by the GDPR. This could include using a country approved by the UK as having adequate data protection laws, or implementing standard contractual data protection clauses. We will let you know if any such transfer is necessary and ensure it is lawful and secure. As of now, all your data is handled within jurisdictions with strong privacy laws (UK and/or EU).

Your Rights Under GDPR

As an individual whose personal data we hold, you have certain important rights under the GDPR/UK GDPR. We are committed to respecting these rights, which include:

  • Right to Be Informed: You have the right to clear and transparent information about how we use your data. This Privacy Policy is part of fulfilling that right. If anything is unclear, please ask us.

  • Right of Access: You can request a copy of the personal data we hold about you, and we will provide this along with details on how it’s used, subject to some legal exceptions. This is commonly known as a “Subject Access Request.”

  • Right to Rectification: If any personal data we have is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay.

  • Right to Erasure: You have the right to request that we delete your personal data. This is also called the “right to be forgotten.” We will honor such requests where we no longer have a lawful reason to keep your data. (For example, we might not erase data we are required to keep by law, but we’ll let you know if that’s the case.)

  • Right to Restrict Processing: You can ask us to limit how we use your data in certain circumstances – for instance, if you contest the data’s accuracy or have objected to our processing. Restricting means we’ll store your data but not actively use it until the issue is resolved.

  • Right to Data Portability: For data you provided to us, you have the right (if it’s processed on the basis of consent or contract and by automated means) to request that we provide it in a commonly used, machine-readable format so you can transfer it to another controller if you wish.

  • Right to Object: You may object to our processing of your personal data if you feel it impacts your rights. This includes the right to object to direct marketing. If you object, we will review your request and stop processing your data in the way you objected to unless we have compelling legitimate grounds or a legal reason to continue.

  • Rights related to Automated Decision-Making: This is not applicable here, as we do not use automated decision-making or profiling on your personal data. If that ever changes, you would have rights to ensure any purely automated decisions that significantly affect you are fair and can be reviewed by a human.

To exercise any of these rights, please contact us (see the “Contact Us” section below). We will respond promptly – generally within one month – and will help you with your request in accordance with the law. There is no fee for making a request unless it is unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse the request (we will explain why if that happens).

Finally, if you believe we have not handled your personal data properly or have infringed your rights, you also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO). We encourage you to contact us first to resolve any concern, but if you wish to contact the ICO, you can find more information on their website (ico.org.uk).

Your Choices (Opt-Out and Consent Preferences)

We strive to only send communications that are useful and expected. However, you have full control over how we use your data beyond the core business communications. If at any point you prefer not to receive optional communications from us (such as a newsletter or occasional updates), you can opt out by:

  • Clicking the “unsubscribe” link in any marketing or newsletter email we send.

  • Emailing or calling us directly to let us know you do not want further communications of a certain type.

Once you opt out, we will promptly stop using your data for that purpose. Please note, this will not affect necessary correspondence (we may still email or call you about ongoing projects or in response to an inquiry you sent, as those are not promotional messages but part of our service). If you have given consent for something, you can also withdraw consent at any time, and we will cease the related processing.

Data Security

We take appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include technical safeguards (such as secure servers, encryption, and firewalls) and organizational policies (ensuring only necessary staff have access to your information and that they are bound by confidentiality). While no method of transmission or storage is 100% secure, we continuously evaluate our security practices to reduce risks and protect your privacy. If, in the unlikely event, we experience a data breach that poses a high risk to your rights and freedoms, we will inform you and the relevant authorities as required by law.

Links to Other Websites

Our website may contain links to the websites of our partners or other third-party resources. Please note that this Privacy Policy applies only to Chilled Advisory Group’s data practices. If you follow a link to any external websites, they will have their own privacy policies which may differ from ours. We do not accept responsibility or liability for the privacy practices of other sites. We recommend you review the privacy policy of any website you visit if you have concerns about how they handle your data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will post the updated policy on our website and update the “Last Updated” date at the top. In case of major changes affecting your rights or the way we use personal data, we may also notify you directly (for example, via email, if appropriate). We encourage you to review this page periodically to stay informed about how we are protecting your information.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us. We are here to help and will respond as quickly as we can.

  • Email:hello@chilledadvisorygroup.co.uk

  • Postal Address: Chilled Advisory Group, [Address Line], [City], [Postal Code], United Kingdom (Note: use our office or registered address here)

  • Phone: [Business Phone Number] (if applicable)

Please include your name and the context of your request or question. For example, if you are making a data access or deletion request, let us know what data you’re referring to. We may need to verify your identity for security before fulfilling certain requests, but we will only use the provided information for verification and to fulfill your request.

Thank you for reading our Privacy Policy. We value your trust and will continue working hard to keep your personal information safe and secure.