Legal

Privacy Policy

Last updated: 18 April 2026

Allied ESM is committed to protecting your personal data and being transparent about how we use it. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. If you have any questions, contact us at info@alliedesm.com.

1. Who We Are

Allied ESM Ltd is the data controller responsible for your personal data.

  • Registered address: 3rd Floor, 86–90 Paul Street, London, EC2A 4NE, United Kingdom
  • Email: info@alliedesm.com

As data controller, we determine the purposes and means of processing your personal data. If you have questions about this policy or wish to exercise your rights, please contact us using the details above.

2. Data We Collect

We may collect the following categories of personal data:

Information you give us directly

  • Name (first and last)
  • Business email address
  • Phone number
  • Company name
  • The content of any message or enquiry you send us
  • The type of service or enquiry you are interested in

This information is collected when you complete our Contact Us form or send us an email directly.

Information collected automatically

When you visit our website, we may automatically collect certain technical data including your IP address, browser type and version, operating system, referring URLs, and pages visited. This data is collected via cookies and analytics tools (see Section 9).

Information from third parties

We may receive information about you from publicly available professional sources such as LinkedIn where you have chosen to make your profile public, for the purposes of legitimate business development.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Responding to enquiries: to reply to messages submitted via our contact form or sent directly by email.
  • Providing our services: to deliver ITSM consulting, platform implementation, training, and related services where you or your organisation has engaged us.
  • Business development: to follow up on expressed interest in our services.
  • Marketing communications: to send you information about our services, updates, or events, where you have given consent or where we have a legitimate interest and you have not opted out.
  • Website analytics: to understand how visitors use our website so we can improve it.
  • Legal and compliance: to meet our legal obligations and resolve any disputes.

We will never use your personal data for purposes incompatible with those described here without giving you notice and, where required, obtaining your consent.

Under the UK GDPR, we rely on the following legal bases for processing your personal data:

  • Contractual necessity (Article 6(1)(b)): where processing is necessary to perform a contract with you or to take steps at your request prior to entering a contract.
  • Legitimate interests (Article 6(1)(f)): where we have a legitimate business interest in processing your data (such as responding to business enquiries, conducting business development, and improving our services), provided our interests are not overridden by your rights.
  • Consent (Article 6(1)(a)): where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing emails. You may withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): where processing is necessary to comply with a legal obligation we are subject to.

5. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

  • Enquiry and contact form data: up to 2 years from your last interaction with us, unless you become a client.
  • Client data: for the duration of our engagement and for up to 7 years afterwards, in line with standard business and legal retention requirements.
  • Marketing preferences: until you withdraw your consent or opt out.
  • Website analytics data: in accordance with the data retention settings of the analytics provider (typically 14–26 months).

When data is no longer required, we will securely delete or anonymise it.

6. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We may share it with:

  • Our team members who need it to respond to your enquiry or deliver our services.
  • Technology service providers who process data on our behalf — for example, our email and website hosting providers, CRM tools, and analytics platforms. These providers act as data processors and are contractually required to handle your data securely and only as instructed.
  • Professional advisors such as lawyers and accountants, where strictly necessary and subject to confidentiality obligations.
  • Regulatory bodies or law enforcement where we are required to do so by law.

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable data protection law.

7. International Data Transfers

Allied ESM is a UK-based company. Some of our third-party service providers may process data outside the UK or the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place — such as the UK International Data Transfer Agreement (IDTA), Standard Contractual Clauses (SCCs), or transfers to countries deemed adequate by the UK Secretary of State — to protect your data in accordance with UK GDPR.

8. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you (commonly known as a Subject Access Request).
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may ask us to delete your personal data in certain circumstances (the "right to be forgotten").
  • Right to restriction of processing: you may ask us to suspend the processing of your data in certain circumstances.
  • Right to data portability: in certain circumstances, you may ask us to provide your data in a structured, machine-readable format.
  • Right to object: you may object to processing based on our legitimate interests or for direct marketing purposes.
  • Rights in relation to automated decision-making: we do not currently make automated decisions that significantly affect you, but you have the right not to be subject to such decisions without human review.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@alliedesm.com. We will respond within one calendar month. There is no charge for exercising your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO):

9. Cookies & Analytics

Our website uses Vercel Analytics to understand how visitors use our site. Vercel Analytics is a privacy-friendly, cookieless analytics tool — it does not place tracking cookies on your device and does not collect personally identifiable information. Data is aggregated and anonymised, meaning individual visitors cannot be identified from the analytics data we receive.

What Vercel Analytics collects

Vercel Analytics collects anonymised, aggregated data such as page views, referral sources, device type, and general geographic region (country/region level). No IP addresses are stored in a personally identifiable form.

Other cookies

Our website may also use strictly necessary cookies that are essential for the site to function correctly. These do not require consent as they are technically essential.

You can control cookies through your browser settings, though disabling essential cookies may affect how the site works. If we introduce any additional non-essential cookies in the future, we will update this section and obtain consent where required by law.

For more information on how Vercel handles data, see Vercel's Privacy Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:

  • Email: info@alliedesm.com
  • Post: Allied ESM Ltd, 3rd Floor, 86–90 Paul Street, London, EC2A 4NE, United Kingdom

We take all data protection concerns seriously and will respond promptly.