top of page

Privacy Notice

​1. What is the purpose of this Privacy Notice?


Hanbury Strategy and Communications Limited (collectively “Hanbury”, “we”, “us” or “our”) is committed to protecting your personal data and processing it only in a way that is lawful, fair, and transparent. We comply in all respects with the General Data Protection Regulation (Regulation EU 2016/679) (the “GDPR”). As the GDPR has also been retained in UK law following Brexit (in accordance with the European Union (Withdrawal) Act 2018) references in this Privacy Policy to the GDPR include the GDPR as it applies in the UK.

This privacy notice (“Privacy Notice”) explains our policies and procedures in relation to our collection and use of your personal data when you sign up to receive newsletter or other information, when using of our services, or in connection with the use of our websites or applications including (but not limited to) (“Websites”).


It is important that you read and understand this Privacy Notice before providing us with your personal information. We may also provide you with supplemental notices or statements in particular circumstances and you should carefully read these to ensure you understand them. This Privacy Notice should be read in conjunction with such supplemental documents and is not intended to override them.


Please also note that the Websites may, from time to time, contain links to and from other websites, such as those of our partner networks, advertisers, affiliates or other third parties. If you follow a link to any of these websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to such websites.

If you have any questions or comments about anything that is contained in this Privacy Notice, or in relation to our collection and use of your personal data, please contact us using the following details:




Phone: (+44) 020 3870 1117


Post: 2 London Bridge, London SE1 9RA


2. Who is the data controller of your personal data?


In many cases, we will be a “data controller” (that is, the party that determines the purpose and means of processing of your personal data) for the purposes of the GDPR. For example, we will be the data controller of any personal information collected or processed in relation to your use of the Websites. 


Where we process personal data on behalf of customers as a “processor”, we do not own such information and we will only use it to provide our services in compliance with this Privacy Notice and our contractual obligations.


  1. What counts as “personal data” and what personal data do we collect?


“Personal data” means any information that enables us to identify you, directly or indirectly, including by reference to an identifier such as your name, any reference or candidate number, any online identifiers, location data, or one or more factors that are specific to you. Some examples of personal data might be obvious (your name or email address), while some might be less obvious (for example your Internet Protocol (IP) address). 


“Personal data” also includes data that has been processed in such a way that it can no longer be attributed to you without the use of additional information that is kept separate (“pseudonymised data”). Personal data does not, however, include anonymous information or information which can no longer be used to identify you.


We may collect and process personal data in the following ways:


Visitors to our Websites provide personal data to us in a number of formats, for example when filling in forms, requesting newsletters and corresponding with us (whether by post, phone, email or some other method). Such personal data provided may include (but is not limited to):


  • Basic information such as your first name and surname;

  • Contact information such as your telephone number, email address, or home and/or work address;

  • Information about yourself such as date of birth, gender, annual income (including household annual income), professional history, academic/education history; and

  • Communication preferences such as whether you would like to hear from us with opportunities to take part in further surveys, or about our other products and services.


3. Why do we process your personal data?


We only process your personal data when we have a legal justification for doing so (also known as a “legal basis” under the GDPR). The most common legal bases we rely upon are that:


  • The processing is necessary for the performance of a contract between you and us or to answer questions or take steps at your request prior to entering into a contact;

  • The processing is necessary for our legitimate business interests, (provided such interests are not overridden by your interests or fundamental rights);

  • You have provided your consent to the processing (which may be withdrawn at any time); or

  • We are required to process your personal data under law.


4. Marketing communications


We will only send you direct marketing communications (including newsletters) related to our products and services if you have first given your consent to receiving that marketing. We will ask for your consent when you first provide your personal data. You can choose to stop receiving direct marketing communications from us at any time simply by following the “Unsubscribe” or “Manage Email Preferences” link at the bottom of any promotional email you receive from us. Please note that you may not opt out of receiving non-promotional emails regarding your account or your transactions with us unless you cease to subscribe to our services.


We use the third-party service provider Mailchimp (The Rocket Science Group, LLC) to process and store your data. We use Mailchimp to manage email marketing subscriber lists and send emails to our subscribers. Read their privacy policy.


5. Who might we share your personal data with?


We will only share your personal data with third parties in limited situations or where you have given your prior consent. We may share your personal data with:


  • Our group companies, branches, and associated offices or other legal entities for the purposes of a joint venture, collaboration, merger, reorgansiation, or other similar event (where applicable);

  • Third party service providers that we outsource certain business functions to (including for example our data centre and web hosting providers). This shall include Hanbury Strategy and Communications (see above);

  • Our advertising and marketing partners who enable us to deliver personalised ads to your devices or similar advertising and who may contact you by post, email, telephone, SMS or by other means (provided you have given your consent, where necessary). If you do not wish to be contacted, you may unsubscribe by notifying us at [insert] or by clicking the "Unsubscribe" link at the bottom of any of our messages;


  • Analytics and search engine providers that assist us in the improvement and optimisation of our Websites. Your personal data is generally shared in a form that does not directly identify you;

  • Public authorities where we are required by law to do so;

  • Our advisors, if required, in order to receive legal or other relevant advice; and

  • Any other third party provided you have given your consent for us to share such data.


We will only ever share your personal data with third parties who can provide sufficient guarantees of their security measures (technical and organisation) in place to protect your personal data and who have demonstrated a commitment to compliance with such measures. 


Where we use third parties to process personal data on our behalf, we first make sure that they have agreed to process personal data in accordance with applicable law (either in a contract or through some other means). Contracts we enter into with our third-party service providers stipulate, among other things, that the relevant third-party (and its representative) only act on our instructions, or as otherwise permitted by law. We never allow our third-party service providers to use your personal data for their own purposes and they must only process your personal data for specified purposes in accordance with our instructions.


7. Will we transfer your personal data abroad?


We may transfer your personal data to countries outside of the UK or the European Economic Area (EEA) in accordance with the purposes set out above, for example when a third party service provider is located in such countries. Before transferring your personal data we will, as required by the GDPR, ensure that your privacy rights are adequately protected. Where we are transferring your personal data to a third country that has not been deemed to provide a commensurate level of protection, we will instead protect your personal data by appropriate technical, organisation, contractual or other lawful means. For more information about how we protect your personal data in relation to such a transfer, or to obtain a copy of the relevant safeguards, please contact


8. How long will we keep your personal data for?


We store personal data for no longer than is necessary for the purpose for which the personal data was originally collected. We store your personal data for as long as is necessary to comply with our legal obligations, resolve disputes and enforce our rights. 


We may keep anonymised data, which can no longer be used to identify any individuals (and therefore is not classed as personal data), for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.


Please contact us at for further details about the period for which we keep your personal data.


9. What rights do you have in relation to your personal data?


You have specific rights in relation to your personal data under the GDPR. In particular, you have the right to: 


  • request access to your personal data and request a copy of personal data we hold about you;


  • request that inaccurate personal data is corrected;

  • request that we delete the personal data we hold about you;

  • object to the processing of your personal data;

  • request that we restrict the processing of your personal data;

  • request that your data is transferred a third party; and 

  • complain to a supervisory authority (which would be the Information Commissioner’s Office in the UK). 


The above rights are not absolute and there may be exceptions that apply in certain circumstances. To ask questions, or exercise any of the above rights, please contact us using the contact details provided in section 1) above. Please note, if you make a request by post, please provide sufficient details to enable us to reply. 


We aim to respond to requests made by you within one month, but we may extend that period by two further months where necessary. We will not ordinarily charge a fee for you to exercise any of your above rights, but we may in certain circumstances charge a reasonable fee, or to refuse to act on requests where they are manifestly unfounded or excessive.


10. Changes to this Privacy Notice 


We may update or otherwise change this Privacy Notice from time to time. Any changes to this notice will be implemented by posting an updated version on the Website. We recommend that you check this page regularly to make sure that you have reviewed the most up to date version.


This Privacy Notice was last updated: 18 August 2023

bottom of page