PRIVACY POLICY

Last updated: 15 April 2026

This Privacy Policy explains how WHO2 Global Ltd ("we", "our", "us") collects, uses, stores and protects personal information that you provide when using our website, online forms, digital tools, prototype applications, assessment tools or when otherwise contacting us.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

1. Who We Are

WHO2 Global Ltd is a consultancy firm registered in England and Wales.

Our registered office is:

WHO2 Global Ltd
Suite G18, Genesis Centre
Innovation Way
Stoke-on-Trent
Staffordshire
ST6 4BF

For privacy related queries, you can contact us at:

Email: info@who2global.co.uk

2. What Information We Collect

We only collect personal data that you choose to provide to us, or that is necessary for us to operate our website, services and digital tools.

This may include:

your name;
your email address;
your phone number, where provided;
your company or organisation name;
information you submit through a contact form, enquiry form, assessment tool, calculator, prototype application or other digital service;
information you provide during meetings, correspondence or project discussions;
technical information such as submission dates, error logs, diagnostic logs, system activity and security records where needed to operate, secure or improve our services.

An email address may be personal data where it identifies, or can reasonably be linked to, a living individual.

We do not knowingly collect sensitive or special category personal data through our website, general enquiry forms or prototype tools unless we have specifically requested it for a defined purpose. You should not submit sensitive personal information, third-party personal data, policyholder data, client confidential information or commercially sensitive information unless we have confirmed that the relevant channel or tool is suitable for that purpose.

3. How We Use Your Information

We use the information you provide to:

respond to your enquiries;
provide the services, information or support you request;
operate, test, secure and improve our website, digital tools, prototype applications and online services;
manage client relationships and business communications;
prepare proposals, reports, assessments, recommendations or other consultancy outputs;
maintain internal records;
comply with legal, regulatory, accounting and administrative obligations;
protect our business, systems and users from misuse, fraud, cyber risk or unauthorised access.

We will not sell your personal information. We will not distribute or lease your personal information to third parties for their own marketing purposes unless we have your permission or are required by law to do so.

4. Lawful Basis for Processing

We process your personal data based on one or more of the following lawful bases:

Consent, for example where you submit information through a form or specifically ask us to contact you.
Legitimate interests, for example where we respond to business enquiries, manage client relationships, operate our services, improve our tools or protect our systems.
Contract, where processing is necessary to provide services to you or take steps before entering into a contract.
Legal obligation, where we need to retain or process information to comply with applicable laws, tax, accounting or regulatory requirements.

Where we rely on legitimate interests, we will consider whether our interests are overridden by your rights, freedoms or interests.

5. Use of AI, Automation and Digital Tools

We may use technology platforms, development tools, automation tools, cloud services and artificial intelligence tools to help us operate our business, provide services, develop systems, analyse information, draft documents, improve productivity, support software development or enhance our internal processes.

These tools may include, but are not limited to:

AI assistants and large language model services;
code generation and software development tools;
cloud hosting and infrastructure providers;
automation and workflow platforms;
productivity, document and collaboration tools;
email, CRM, analytics, monitoring and support systems.

Examples of the types of tools we may use include services such as Microsoft Copilot, OpenAI, Claude, Codex, Google, Microsoft, development platforms, cloud platforms and other similar services. The specific tools we use may change over time.

Where we use these tools, we will take reasonable steps to limit the personal data submitted to them and to configure them appropriately where controls are available. This may include restricting access, avoiding unnecessary personal data in prompts or uploads, disabling training on customer content where available, using business or enterprise settings, reviewing supplier terms, and applying appropriate security controls.

We do not intentionally use personal data submitted through our website or digital tools to train public AI models. However, where we use third-party AI or cloud services, those providers may process personal data on our behalf in accordance with their own contractual terms, data processing agreements, technical controls and infrastructure arrangements.

6. International Transfers and Third-Party Processing

WHO2 Global Ltd is based in the United Kingdom. However, some of the third-party technology platforms, AI services, cloud providers, software tools, development environments, email services, hosting providers and support services we use may process, store, support or access personal data from locations outside the United Kingdom.

This may include personal data submitted through our website, contact forms, prototype applications, assessment tools, digital products, email communications, file uploads, system logs, diagnostic records or business correspondence.

Where personal data is transferred outside the UK, we will take reasonable steps to ensure that appropriate safeguards are in place. These may include:

using providers located in countries covered by UK adequacy regulations;
using appropriate contractual safeguards, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses;
reviewing supplier terms, privacy documentation and data processing arrangements where appropriate;
limiting the personal data collected or submitted to third-party tools;
restricting access to personal data;
applying security controls such as access permissions, authentication, encryption where available, retention controls and audit records;
avoiding the submission of sensitive or special category data into general-purpose AI tools unless suitable safeguards have been confirmed.

Where a third-party platform acts as a processor on our behalf, we will take reasonable steps to ensure that appropriate contractual and data processing terms are in place.

The ICO’s guidance explains that international transfer rules may apply where personal information is sent, or made accessible, to a separate organisation outside the UK. The ICO also provides guidance on appropriate safeguards for restricted transfers, including the UK International Data Transfer Agreement and the UK Addendum to the EU Standard Contractual Clauses.

7. Data Minimisation and Responsible Use

We aim to collect and process only the personal data that is reasonably necessary for the relevant purpose.

When using our website, forms, digital tools or prototype applications, you should only provide information that is relevant to your enquiry or the service being requested.

Unless we specifically request it and confirm that the channel is suitable, you should not submit:

special category personal data, such as health information, ethnicity, religious beliefs or trade union membership;
criminal offence data;
personal data about third parties;
policyholder, customer or employee records;
confidential client information;
passwords, credentials or financial account details;
commercially sensitive documents or datasets.

8. How Long We Keep Your Data

We will retain personal data only for as long as necessary to fulfil the purpose for which it was collected, including for the purposes of responding to enquiries, managing business relationships, providing services, maintaining records, resolving disputes and complying with legal, regulatory, tax or accounting requirements.

Retention periods may vary depending on the nature of the information and the context in which it was provided.

Where data is submitted through a prototype application, assessment tool or digital service, we will aim to delete or anonymise it when it is no longer needed for the purpose for which it was collected, unless a longer retention period is required for legal, contractual, operational or legitimate business reasons.

9. Your Rights

Under UK GDPR, you have rights in relation to your personal data. These may include the right to:

access the personal data we hold about you;
request correction of inaccurate or incomplete personal data;
request deletion of your personal data;
object to our processing of your personal data;
request restriction of processing;
withdraw consent, where we rely on consent;
request transfer of your personal data, where applicable;
lodge a complaint with the Information Commissioner’s Office.

To exercise any of your rights, please contact:

info@who2global.co.uk

You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection matters.

10. Data Security

We take reasonable technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration or disclosure.

These measures may include:

access controls;
password protection;
secure email handling;
restricted user permissions;
authentication controls;
encryption where available;
supplier due diligence;
data minimisation;
retention controls;
periodic review of the systems and tools we use.

However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of personal data transmitted through our website, online forms, email, digital tools, prototype applications or third-party platforms.

You should avoid submitting sensitive personal information or confidential third-party information unless we have specifically requested it and confirmed that the relevant channel is suitable.

11. Sharing Your Information

We may share personal data with trusted third parties where necessary to operate our business, provide services or comply with legal obligations.

These third parties may include:

IT, hosting and cloud service providers;
AI, automation and software providers;
email and communication platforms;
professional advisers;
payment, accounting and administrative providers;
analytics, monitoring and security providers;
regulators, public authorities or law enforcement bodies where required by law.

We will only share personal data where there is a lawful basis to do so and, where appropriate, subject to confidentiality, contractual or data processing obligations.

12. Links to Other Websites

Our website may contain links to other websites of interest. We do not have control over those websites and are not responsible for the protection and privacy of any information you provide while visiting them.

You should review the privacy policy of any third-party website you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business, services, technology, legal obligations or data protection practices.

The latest version will be made available on our website. You should check this page periodically to ensure that you are happy with any changes.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, please contact:

WHO2 Global Ltd
Suite G18, Genesis Centre
Innovation Way
Stoke-on-Trent
Staffordshire
ST6 4BF

Email: info@who2global.co.uk