Privacy Policy

1. Data Controller and Compliance

Luke Swestun is the Data Controller. We are committed to protecting personal data in accordance with the UK GDPR and the Data Protection Act 2018. For all data inquiries, email legal@swestun.com.

2. Information We Process

We collect data through several channels:

• Direct Input: Information you provide via contact forms, such as your name, LinkedIn URL, and email address.
• Automated Collection: Technical data such as IP addresses and browser types collected via cookies.
• B2B Research: As part of our outbound services, we may process publicly available professional data under the lawful basis of Legitimate Interest.

3. Lawful Bases for Processing

• Legitimate Interests: To conduct B2B marketing and reach out to relevant business leads.
• Contractual: To fulfil requests for proposals or service delivery.
• Legal Obligation: To maintain records for UK tax (HMRC) purposes.

4. International Data Transfers

Swestun operates as a global consultancy. While your data is protected under UK law, it may be processed by our staff or third-party providers operating outside the UK and the European Economic Area (EEA). We ensure "adequate protection" by utilising UK-approved Standard Contractual Clauses (SCCs), ensuring your data rights remain protected regardless of geography.

5. Your Rights and Opt-Out

Under the UK GDPR, you have the right to access, rectify, or request the erasure of your personal data. You may object to the processing of your data for direct marketing at any time. To exercise these rights, please email legal@swestun.com.