Privacy Policy
Effective Date: 1st November 2024
Last Updated: 10th June 2025
Scope of this Notice. This Privacy Policy explains how we handle personal data collected via (a) our website and (b) our consultancy engagements. It does not apply to data processed within the individual software products or applications we create or maintain for clients or end users. Each product we own, operate or build for clients will display its own privacy notice.
Further Forward Innovation Ltd ("Further Forward", "we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard personal data when you visit our website (www.furtherforward.co.uk), engage with our marketing, or contract with us for consultancy or software-development services. It also sets out your rights under the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations ("PECR").
1. Who We Are
- Legal entity: Further Forward Innovation Ltd, a company registered in England and Wales (Company No. 14146615).
- Registered office: 28 Maple Way, Dunmow, Essex, United Kingdom, CM6 1WZ.
- Data Controller: For data collected via our website, sales enquiries and marketing lists, we act as Data Controller.
- Data Processor: When our clients provide us with personal data (e.g. end-user data) for project delivery, we act as Data Processor under their instructions, governed by a separate Data Processing Agreement ("DPA").
2. Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identity Data | First name, last name, job title | Provided by you (forms, contracts) |
| Contact Data | Email address, telephone number, billing address | Provided by you |
| Technical Data | IP address, browser type, operating system, device identifiers | Collected automatically via cookies and similar technologies |
| Usage Data | Page views, time spent, clicks, referring URLs | Analytics cookies, tracking pixels |
| Marketing Data | Marketing preferences, newsletters opened | Provided by you / collected via email pixels |
| Project Data | Repositories, application logs, end-user information supplied by clients | Provided by clients (processor role) |
We do not intentionally collect special-category data unless explicitly required for a project and agreed in writing.
3. How We Use Personal Data and Legal Bases
| Purpose | Data Types | Legal Basis |
|---|---|---|
| Responding to enquiries, preparing proposals | Identity, Contact | Contractual necessity (Art. 6(1)(b)) |
| Performing consultancy or development services | Identity, Contact, Project | Contractual necessity (Art. 6(1)(b)) |
| Invoicing and accounting | Identity, Contact | Legal obligation (Art. 6(1)(c)) |
| Improving our website and services | Technical, Usage | Legitimate interests (Art. 6(1)(f)) — to keep services functional and secure |
| Sending newsletters or event invites | Identity, Contact, Marketing | Consent (Art. 6(1)(a)) or soft opt-in under PECR |
| Security monitoring and fraud prevention | Technical | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms.
4. Cookies and Similar Technologies
We use first-party and third-party cookies, pixels and local storage to:
- Operate the site (essential cookies).
- Analyse traffic & performance (analytic cookies, e.g. Google Analytics set to IP-anonymisation).
- Remember preferences (functional cookies).
- Deliver targeted marketing (only if you have consented).
When you first visit, you will see a cookie banner allowing you to accept or reject non-essential cookies. You can update preferences at any time via the "Cookie Settings" link in the footer. Browser settings can also delete or block cookies.
5. Data Retention
| Data Category | Typical Retention |
|---|---|
| Enquiry emails | 24 months after last contact |
| Client project data | Duration of the contract + 12 months (unless otherwise agreed) |
| Invoices & tax records | 7 years (legal obligation) |
| Marketing lists | Until you unsubscribe or 24 months after inactivity |
| Analytics logs | 26 months (Google default) |
We securely erase or anonymise data once retention periods lapse, unless legal obligations require longer storage.
6. Sharing and International Transfers
We disclose personal data only when necessary:
- Service Providers/Sub-Processors (e.g. cloud hosting, CRM, email delivery, analytics). These providers are bound by confidentiality and data-processing terms equivalent to ours.
- Professional Advisers (lawyers, accountants) under confidential duties.
- Authorities if required to comply with law or protect rights, property or safety.
Some providers operate outside the UK or European Economic Area. Where transfers occur, we rely on:
- UK Adequacy Regulations (if the destination country is deemed adequate), or
- UK International Data Transfer Agreement (IDTA) or UK-approved Standard Contractual Clauses (SCCs), plus supplementary measures where necessary.
A list of current sub-processors and transfer safeguards is available on request.
7. Security Measures
We follow industry best practice, including but not limited to:
- Encryption in transit (TLS 1.2+) and at rest for cloud storage.
- Principle of least privilege and role-based access controls.
- Multi-factor authentication for privileged accounts.
In the unlikely event of a personal-data breach, we will notify the Information Commissioner's Office ("ICO") and affected individuals where required, within 72 hours of becoming aware.
8. Your Data-Subject Rights
You have rights under UK GDPR to:
- Access — request a copy of data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion where data is no longer needed ("right to be forgotten").
- Restriction — pause processing in certain circumstances.
- Portability — obtain data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests or direct marketing.
- Withdraw consent at any time (without affecting prior processing).
- Not be subject to automated decision-making producing legal effects (we do not conduct such profiling).
Requests are free of charge (unless manifestly unfounded or excessive). We respond within one month. To exercise your rights, see Section 9.
9. Contact Details
Data Protection Contact
info@furtherforward.co.ukPostal Address
Further Forward Innovation Ltd, Office One, 1 Coldbath Square, London, EC1R 5HL.
We do not currently fall within the mandatory criteria to appoint a DPO, but privacy queries are handled by our senior leadership.
10. Complaints
If you are unhappy with how we have handled your data, please contact us first so we can resolve your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:
ICO Website
https://ico.org.ukHelpline
+44 (0)303 123 1113Address
ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.
11. Changes to This Policy
We review this Privacy Policy periodically and will post any updates on this page. Significant changes will be signposted via the website or email. Please review this page regularly. Continued use of our services after changes are posted constitutes your acceptance.
Version History
| Version | Date | Notes |
|---|---|---|
| 1.0 | 10/06/2025 | Initial issue |
Email info@furtherforward.co.uk or use the contact form on our website. We are happy to clarify any part of this notice.