Privacy Policy
Last updated 18/11/2025
Ludlow Art Consultancy Limited (“LAC”, “we”, “our”, or “us”) is committed to protecting your personal data. We understand the responsibility that comes with handling personal information and take seriously the trust you place in us when you share your data.
This Privacy Notice explains how we collect, use, and protect personal information while operating our business and delivering our services. By providing your personal data (whether through our website, via email, in person, or otherwise), you acknowledge the practices described in this notice.
Please note that this notice does not apply to any third-party websites you may access through links on our site. Those websites will have their own privacy policies, which you should review.
​
1. Purpose of this Privacy Notice
This notice sets out how we manage your personal data, including:
​
-
Who we are and what we do
-
The types of personal data we collect
-
How we obtain and use your data
-
Who we share it with
-
Where we transfer your data
-
How long we retain your information
-
Security measures we use to protect your data
-
Your data protection rights
-
Our use of cookies
-
How you can contact us
-
Updates to this notice
​
2. Who We Are
LAC is an art consultancy based in the United Kingdom. We offer art consultancy and related services to a range of clients. The data controller responsible for your personal data is Ludlow Art Consultancy Limited.
​
3. The Personal Data We Collect
We may collect and process various types of personal information, such as:
-
Name, job title, and contact information
-
Financial details for invoicing or payments
-
Technical data such as website usage, cookies, and IP addresses
-
Information shared during the provision of services
-
Identification and verification documents for legal or regulatory compliance
-
Event and communication preferences
​
4. How We Collect Personal Data
We obtain personal data through:
-
Direct interactions with you (for example, via email, website forms, telephone,
or in person)
-
Automated interactions with our website and emails (e.g., through cookies or
analytics)
-
Third-party sources such as client referrals
-
Public records and platforms such as LinkedIn
​
5. How We Use Personal Data
We process personal data only where permitted by law. Our legal bases include:
-
Contract performance – to deliver agreed services
-
Legal obligations – to meet compliance or regulatory requirements
-
Legitimate interests – to manage our business and communicate with clients
-
Consent – where you have freely given it (e.g., marketing preferences)
-
Legal claims or compliance – to establish, exercise, or defend legal rights
​
We may use your personal data for purposes including:
-
Delivering our services and managing client relationships
-
Operating, maintaining, and improving our website
-
Business development and marketing (with opt-out options available)
-
Legal and regulatory compliance, including anti-money laundering and client due diligence
-
Enforcing legal rights and managing debt recovery
-
Organisational changes, restructuring, or transfer of business
​
6. Sharing Your Information
We may share your personal data with:
-
Consultants and professionals within our network
-
Professional advisers (e.g., legal, financial, or risk consultants)
-
IT and document management service providers
-
Insurers and auditors
-
Government and regulatory authorities, where required by law
​
All third parties are required to respect the confidentiality and security of your personal data and process it only in accordance with applicable laws.
​
7. International Transfers
If we transfer your personal data outside the UK or EEA, we ensure that appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs), to ensure an adequate level
of protection.
​
8. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected or to comply with legal and regulatory obligations. When data is no longer required, we securely delete or anonymise it.
​
9. Data Security
We implement suitable technical and organisational measures to protect your personal data from unauthorised access, misuse, or loss. These include secure servers, encrypted storage, restricted access protocols, and
staff training on data privacy.
If we provide you with a password for accessing any platform or service, please keep it confidential and do not share it with anyone.
​
10. Your Data Rights
Under data protection laws, you have the following rights:
-
Access to your personal data
-
Correction of inaccurate or incomplete data
-
Deletion (“right to be forgotten”) in certain circumstances
-
Withdrawal of consent (where applicable)
-
Objection to processing based on legitimate interests
-
Restriction of processing while a complaint or investigation is ongoing
To exercise your rights, please contact us using the details below.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk or with your local supervisory authority if you are based outside the UK.
​
11. Data Controller
LAC is the data controller unless otherwise stated. Where services are delivered by consultants through our platform, the relevant
consultant may also act as a data controller for their processing activities.
​
12. Cookies and Website Technologies
We use cookies to enhance user experience and analyse website usage. These cookies do not collect personally identifiable information.
For more information on the types of cookies used and how to manage them, please refer to our Cookie Policy.
​
13. Contacting Us
If you have any questions about this notice or wish to exercise your data protection rights, please contact: info@ludlowconsultancy.net
14. Updates to This Notice
We may update this Privacy Notice periodically to reflect changes in our practices or legal requirements. Any updates will be published on this page with a revised “Last updated” date.