Privacy Policy

1. Introduction

Hattan Consultancy is committed to protecting and respecting your privacy.

This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It explains how we collect, use, store, and protect personal data in connection with our website, enquiries, and business activities.

We process personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and, where relevant, applicable United States data protection and privacy laws.

We take a structured and proportionate approach to data protection, ensuring that personal data is handled lawfully, transparently, and securely at all times.

2. Who We Are

Hattan Consultancy is a consultancy business registered in the United Kingdom, providing advisory and operational support to organisations expanding into the United States.

While we are a UK-registered entity, our activities and client engagements may involve individuals and organisations based in both the United Kingdom and the United States.

For the purposes of applicable data protection legislation, Hattan Consultancy acts as a data controller in respect of personal data collected through this website and through direct interactions with us.

If you have any questions about this policy or how your personal data is handled, you can contact us at: privacy@hattanconsultancy.com

3. What Data We Collect

We may collect and process personal data about you in the following circumstances:

This information may be collected through cookies and similar technologies, including the use of analytics tools such as Google Analytics, which help us understand how visitors interact with our website and improve its performance.

Further details are set out in our Cookie Policy.

4. How We Use Your Data

We use personal data for the following purposes:

• To respond to enquiries and communicate with you, including follow-up communications where appropriate
• To provide information about our services where relevant to your enquiry
• To manage and maintain our business relationships
• To operate, maintain, and improve our website, including analysing user behaviour and site performance
• To ensure the security and integrity of our systems and website
• To comply with legal and regulatory obligations

5. Legal Basis for Processing

We process personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR).

Where required, we rely on one or more of the following lawful bases for processing:

• Consent
• Legitimate interests
• Legal obligations

Where relevant, and in the context of individuals located in the United States, we also take into account applicable U.S. state privacy frameworks, including the California Consumer Privacy Act (CCPA), and apply appropriate principles to ensure transparency and fair handling of personal data.

6. Data Sharing

We do not sell your personal data.

We may share personal data with trusted third parties where necessary to operate our business and provide our services. This may include:

• Providers of website hosting, analytics, and IT infrastructure
• Customer relationship management systems and communication platforms used to manage enquiries and business relationships
• Professional advisers, where required in connection with our business operations

For example, we use tools such as Google Analytics to analyse how our website is used.

All third parties are required to process personal data only on our instructions and in accordance with applicable data protection laws.

We may also disclose personal data where required to do so by law or in response to valid legal requests.

7. International Data Transfers

Due to the nature of our business, personal data may be transferred to, stored, or accessed in countries outside the United Kingdom, including the United States.

This may occur, for example, where we use third-party service providers that operate internationally, including analytics providers such as Google Analytics and systems used to manage communications and business relationships.

Where personal data is transferred internationally, we take appropriate steps to ensure that it is protected in accordance with applicable data protection laws. This includes implementing appropriate safeguards, such as contractual protections, to ensure that personal data is handled securely and in a manner consistent with UK data protection standards.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.

In particular:

• Enquiry data and email correspondence is typically retained for a period of up to one year from the date of last contact
• Personal data may be retained for longer where required to comply with legal or regulatory obligations, or where necessary to establish, exercise, or defend legal claims

When personal data is no longer required, we take reasonable steps to securely delete or anonymise it.

9. Your Rights

UK and EEA Individuals

If you are located in the United Kingdom or the European Economic Area, you have certain rights under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR).

These include the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data, where applicable
• Object to or request restriction of certain types of processing
• Request the transfer of your personal data to another party

You also have the right to withdraw consent at any time where processing is based on consent.

If you wish to exercise any of these rights, please contact us at privacy@hattanconsultancy.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled improperly.

United States Individuals

If you are located in the United States, you may have rights under applicable state privacy laws, depending on your location.

These may include the right to:

• Request access to personal data we hold about you
• Request deletion of your personal data
• Request information about how your data is used

Where applicable, we will respond to such requests in accordance with relevant U.S. state privacy frameworks, including the California Consumer Privacy Act (CCPA).

To make a request, please contact us at privacy@hattanconsultancy.com

10. Third-Party Links

Our website may contain links to external websites or services that are not operated or controlled by us.

We do not accept responsibility or liability for the content, policies, or practices of any third-party websites. In particular, we are not responsible for how such third parties collect, use, or process personal data.

We recommend that you review the privacy policies of any external websites you visit.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or how we process personal data.

Any updates will be published on this page, and the revised version will take effect from the date of publication.

We encourage you to review this policy periodically to remain informed about how we handle your personal data.

12. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration.

Access to personal data is limited to those who have a legitimate need to access it for business purposes. Any such access is subject to appropriate confidentiality obligations.

We implement safeguards designed to ensure that personal data is processed securely and in accordance with this Privacy Policy and applicable data protection laws.