Privacy Policy (Website)

1) Who we are

Right Leap Consulting Pvt. Ltd. (“Right Leap”, “we”, “us”, “our”) is the data controller for personal data collected through this website and our business communications, unless we state otherwise. As a consulting and delivery partner, in some client engagements we may act as a data processor on behalf of a client (for example, when we process customer or employee data strictly under a client's instructions).

2) What personal data we collect

Depending on how you interact with us, we may collect:

• Contact details: name, business email address, phone number, company name, job title/role
• Enquiry details: information you provide in forms, emails, messages, or calls (e.g., your operational challenges, CRM used, case volumes)
• Website usage data: device and browser info, IP address, pages viewed, approximate location (country/region), referral source (collected via cookies/analytics if enabled)
• Scheduling details: if you book a call, we may collect appointment details and any notes you submit

We do not intentionally collect special category data (such as health information) via our website.

3) How we use your data and our lawful bases

We use personal data for the purposes below, and we rely on one or more lawful bases under UK GDPR (such as legitimate interests, contract, consent, or legal obligation).

• A. Responding to enquiries and providing information
  Purpose: to respond to messages, provide requested information, and follow up on your enquiry. Lawful basis: Legitimate interests (running our business and responding to requests) and/or taking steps to enter into a contract.
• B. Delivering consulting/services
  Purpose: to deliver services you request, including project scoping, implementation, support, and account management. Lawful basis: Contract (where we have a contract) and/or legitimate interests.
• C. Marketing communications (where applicable)
  Purpose: to send updates about our services (e.g., newsletters, insights, invitations). Lawful basis: Consent (where required) or legitimate interests (where permitted by law). You can opt out at any time. If we rely on consent, you can withdraw it at any time.
• D. Website analytics and improvement
  Purpose: to understand how our website is used and improve performance and content. Lawful basis: Consent for non-essential cookies/technologies (see Cookies section).
• E. Compliance and security
  Purpose: to protect our website, prevent fraud/abuse, and comply with legal obligations. Lawful basis: Legal obligation and/or legitimate interests.

4) Where we get your data from

• Directly from you (forms, emails, calls, messages)
• Automatically from your device/browser when you use our site (e.g., IP address, logs), especially if cookies/analytics are enabled

5) Who we share your data with

We may share your data with trusted third parties only where necessary, such as:

• Website hosting and infrastructure providers
• Analytics providers (only if you consent to analytics cookies)
• Email and communication tools
• CRM or ticketing systems
• Scheduling tools (if you book a call)

We require service providers to protect your data and use it only for providing services to us. We may also share data where required by law, regulation, or to establish/exercise/defend legal claims.

6) International transfers

Some of our suppliers may store or process data outside the UK. Where this happens, we will take steps to ensure appropriate safeguards are in place under the UK data transfer regime (for example, contractual protections).

7) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described above:

• Enquiries: typically up to 12–24 months after last meaningful contact, unless you become a client
• Client records: for the duration of the engagement and then for as long as needed for legal, accounting, or contractual reasons (e.g. 7 years where applicable)
• Marketing: until you opt out or withdraw consent
• Website analytics: retained according to the settings of our analytics tools (typically 14–26 months)

You can ask us for more detail about retention for specific data types.

8) Your rights

Under UK GDPR, you may have rights including:

• Access to your personal data
• Correction of inaccurate data
• Deletion (in certain circumstances)
• Restriction of processing (in certain circumstances)
• Objection to processing based on legitimate interests (in certain circumstances)
• Data portability (in certain circumstances)
• Withdraw consent (where we rely on consent)

To exercise your rights, contact us using the details at the top of this policy. The ICO notes that privacy information should include how individuals can exercise their rights and how they can complain.

9) Complaints

If you have concerns, please contact us first and we'll try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the UK's data protection regulator.

10) Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. No system is 100% secure, but we work to protect your information.

11) Cookies and similar technologies

We may use cookies and similar technologies to make our site work and to understand how it's used.

• Essential cookies: required for the website to function (these don't require consent in many cases).
• Non-essential cookies (e.g., analytics/marketing): we will ask for your consent before placing them. The ICO states you must clearly explain cookies and obtain consent for non-essential cookies, with an exception for cookies essential to provide a service requested by the user.
• Managing cookies: You can manage cookie preferences via our cookie banner (if implemented) and via your browser settings. You can withdraw consent at any time by updating your preferences.

Optional: A cookie list/table (Name, Provider, Purpose, Type, Expiry) can be added here once your cookie/analytics setup is finalised.

12) Third-party links

Our website may include links to third-party sites (e.g., LinkedIn). We are not responsible for their privacy practices. Please review their policies.

13) Changes to this policy

We may update this Privacy Policy from time to time. We'll update the “Last updated” date at the top. Where appropriate, we may provide additional notice.