Q: What personal data does seo-consultant.co collect?

Name, email address, and optional phone number / WhatsApp when submitted via contact form. Plus standard server logs (IP, user agent, timestamp) for security and analytics.

Q: What is the lawful basis for processing my contact data?

Legitimate interest under UK GDPR Article 6(1)(f) for replying to enquiries; consent under 6(1)(a) for any marketing communications.

Q: How long do you retain personal data?

Contact enquiries: 3 years from last meaningful contact. Active client data: duration of engagement + 6 years for accounting. Server logs: 90 days.

Q: Do you share data with third parties?

Only with named processors under Data Processing Agreements: Google Analytics 4, Google Search Console, CRM (HubSpot or Salesforce where the client uses one), and transactional email providers.

Q: How do I exercise my data subject rights?

Email sales@seo-consultant.co with your request (access, rectification, erasure, restriction, portability, objection). We reply within one calendar month as required by UK GDPR.

1. Who is responsible for your data

seo-consultant.co is an independent consultancy operated by Syed, based in London, United Kingdom. For the purposes of UK GDPR, I am the “data controller”, the person who decides how and why your personal data is processed.

You can contact me about anything on this page by email at sales@seo-consultant.co. I read every message personally and reply within one working day.

2. What data I collect and why

I try to collect as little personal data as possible. What I do collect falls into three categories:

2.1 Contact data you give me directly

When you email me at sales@seo-consultant.co or message the WhatsApp number listed on this site, I collect and retain the contents of your message along with your name, email address, and any other personal information you choose to include. I use this data to reply to your enquiry, to prepare a scope of work if the engagement proceeds, and to maintain a commercial relationship if we start working together.

The legal basis for this processing is UK GDPR Article 6(1)(b), performance of a contract (or steps at your request before entering into a contract). If we do not end up working together, I retain your initial enquiry for 12 months on the basis of legitimate interest (Article 6(1)(f)), primarily so that if you come back 9 months later I have context on the previous conversation. You can ask me to delete the record at any point.

2.2 Analytics data collected automatically

This website uses Google Analytics 4 (GA4) to measure aggregate traffic. GA4 is configured with IP anonymisation enabled, ads personalisation disabled, and Google signals turned off. The data it collects is pseudonymised, it cannot identify you personally unless you voluntarily submit identifiable information via the contact channels above.

GA4 uses cookies and similar technologies. Under the Privacy and Electronic Communications Regulations (PECR), non-essential cookies require your consent. A cookie banner appears on your first visit to this site asking for that consent, GA4 does not load until consent is given. You can withdraw consent at any time by clearing your browser cookies for this domain or using the “Cookie preferences” link in the footer.

The legal basis for analytics processing is UK GDPR Article 6(1)(a), your consent.

2.3 Server logs

This site is hosted on Vercel. The hosting infrastructure maintains access logs containing IP addresses, user agents, and request timestamps for up to 30 days, solely for security and operational purposes. Legal basis: Article 6(1)(f), legitimate interest in maintaining the security and integrity of the service.

3. Who I share your data with

I do not sell your personal data. I do not share it with advertising networks, lead-generation aggregators, or anyone else who would use it for their own marketing. The only third parties who have access to any of your data are:

Email hosting, Google Workspace. Your emails to sales@seo-consultant.co are stored in Google's servers under standard contractual clauses.
WhatsApp (Meta), if you contact me via WhatsApp, Meta processes the message metadata on its platform under its own privacy policy.
Vercel, hosts this website and processes request logs as described above.
Google Analytics 4, only if you consent. Data is held by Google under EU-US Data Privacy Framework arrangements and UK international data transfer addenda.
Accounting software, if we enter a commercial engagement, your invoicing details are held in UK-based accounting software for the period required by HMRC (currently 6 years from the end of the relevant tax year).

4. International data transfers

Some of the third parties above are based in the United States. Where your data is transferred outside the UK, the transfer is covered by Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the EU-US Data Privacy Framework as applicable. If you want copies of the specific transfer mechanisms in place, email me and I will share them.

5. How long I keep your data

I keep personal data only as long as I need it. In practice:

Enquiries that did not proceed, 12 months from last contact, then deleted.
Active client records, for the duration of the engagement, plus 6 years afterwards to meet UK accounting and tax obligations.
Marketing emails, if you subscribe to any mailing list I run, until you unsubscribe.
Server logs, 30 days.
Analytics data, 14 months (GA4 default for the EU region).

6. Your rights under UK GDPR

You have the following rights in respect of your personal data:

The right to be informed, this policy is part of how I meet that duty.
The right of access, you can ask for a copy of the personal data I hold about you.
The right to rectification, you can ask me to correct inaccurate data.
The right to erasure, in most circumstances you can ask me to delete your data.
The right to restrict processing, you can ask me to stop using your data in certain ways.
The right to data portability, you can ask for your data in a portable, machine-readable format.
The right to object, you can object to processing based on legitimate interest.
Rights around automated decisions, I do not make automated decisions about individuals, so this is academic.

To exercise any of these rights, email sales@seo-consultant.co. I will respond within one calendar month. There is no fee for a reasonable request.

7. How I keep your data secure

Reasonable technical and organisational measures are in place to protect your data, encryption in transit (HTTPS/TLS), encryption at rest on all primary systems, access controls on my working devices, two-factor authentication on all service logins, and reasonable diligence about phishing and social-engineering. No system is perfectly secure and I will not pretend otherwise, but I take this seriously. If there is a personal data breach that is likely to result in risk to you, I will notify the ICO within 72 hours and tell you directly as soon as practical.

8. Cookies and similar technologies

This site uses a small number of cookies:

Strictly necessary cookies, used for cookie-consent preferences and basic site functionality. These do not require consent under PECR.
Analytics cookies (GA4), only set if you consent via the cookie banner.

You can manage cookies in your browser settings at any time. Blocking all cookies may affect site functionality but will not prevent you contacting me via email or WhatsApp.

9. AI tools and your data

I sometimes use AI tools (such as large language models) to assist with drafting, outlining, and analysis in the course of client work. I do not paste client personal data, proprietary commercial data, or confidential strategy information into third-party AI services unless the client has agreed in writing. When client data needs to be processed by an AI system as part of a deliverable (for instance, an AI agent build), that processing is governed by a specific written agreement covering scope, retention, and Data Protection Impact Assessment where required.

10. Children

This site and the services offered through it are not directed at children. I do not knowingly collect personal data from anyone under the age of 16. If you believe a child has submitted data to me, please contact me and I will delete it.

11. Changes to this policy

I review this policy at least annually and update it when the underlying practices or the law changes. The “last updated” date at the top of the page reflects the most recent substantive change. For material changes, I will notify existing clients directly by email.

12. How to complain

If you believe I have not handled your data properly, please raise it with me first, email sales@seo-consultant.co. If you are not satisfied with the response, you have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

Last reviewed: 1 April 2026. Next scheduled review: 1 April 2027.