Privacy Policy.

Effective: 19 June 2026
Last updated: 19 June 2026

Your privacy is important to us. It is Denison Nunn’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://www.denison-nunn.com, and other sites we own and operate.

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.

In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

Information We Collect

Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.

“Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.

Personal Information

We may ask for personal information — for example, when you subscribe to our newsletter or when you contact us — which may include one or more of the following:

Name
Email
Social media profiles
Phone/mobile number
Home/mailing address

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

Collection and Use of Information

We may collect personal information from you when you do any of the following on our website:

Register for an account
Sign up to receive updates from us via email or social media channels
Use a mobile device or web browser to access our content
Contact us via email, social media, or on any similar technologies
When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

to provide you with our platform’s core features and services
to contact and communicate with you
to consider your employment application
for internal record keeping and administrative purposes
to support internal operations using AI-assisted tools

We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, our marketing and market research activities may uncover data and insights, which we may combine with information about how visitors use our site to improve our site and your experience on it.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.

How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

Children’s Privacy

We do not aim any of our products or services directly at children under the age of 18 and we do not knowingly collect personal information about children under 18.

International Transfers of Personal Information

The personal information we collect is stored and/or processed in the United Kingdom, or where we or our partners, affiliates, and third-party providers maintain facilities.

The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.

Use of Cookies

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.

Please refer to our Cookie Policy for more information.

Use of Artificial Intelligence Tools

We use artificial intelligence (AI) tools, including Claude (developed by Anthropic, PBC), to support our internal operations. These tools are used by our staff to assist with tasks such as drafting documents, conducting research, and automating administrative workflows. We do not use AI tools to make automated decisions about you that have legal or similarly significant effects.

How AI Tools May Interact with Personal Data

In the course of using AI tools for internal purposes, personal data may occasionally be included in prompts or inputs — for example, where a staff member is drafting a communication or preparing documentation that references a client. Where this occurs, we take steps to limit the personal data used to what is strictly necessary for the task.

We do not use AI tools to build profiles of individuals, and we do not share personal data with AI providers for the purposes of training their models.

Third-Party AI Processors

Where our use of AI tools involves the processing of personal data, Anthropic acts as a data processor on our behalf. Anthropic’s processing of any personal data is governed by their data processing terms and privacy policy, available at https://www.anthropic.com/legal/privacy. We have satisfied ourselves that Anthropic provides appropriate safeguards in line with UK GDPR requirements.

International Transfers

Anthropic is a US-based company. Where personal data is processed via their platform, this may constitute a transfer of personal data outside the UK. We ensure such transfers are conducted in accordance with UK GDPR Article 45 or with appropriate safeguards in place, such as standard contractual clauses.

Your Rights

Your rights under this privacy policy, including your rights of access, erasure, and restriction, apply equally to any personal data that may have been processed using AI tools. If you have concerns about how your personal data may have been used in this context, please contact us using the details in the Contact Us section.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

Limits of Our Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

Additional Disclosures for GDPR Compliance (EU) -- Data Controller / Data Processor:

The GDPR distinguishes between organisations that process personal information for their own purposes (known as “data controllers”) and organisations that process personal information on behalf of other organisations (known as “data processors”). We, Denison Nunn, located at the address provided in our Contact Us section, are a Data Controller with respect to the personal information you provide to us.

Additional Disclosures for GDPR Compliance (EU) -- Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 18 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.

Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:

Consent From You: Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place.

Performance of a Contract or Transaction: Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you.

Our Legitimate Interests: Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services.

Compliance with Law: In some cases, we may have a legal obligation to use or keep your personal information.
International Transfers Outside of the EEA

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Additional Disclosures for UK GDPR Compliance (UK) - Data Controller / Data Processor

For the purposes covered by this Privacy Policy, we are a Data Controller with respect to the personal information you provide to us and remain compliant with our data controller obligations under GDPR.

Additional Disclosures for UK GDPR Compliance (UK) - Third-Party Provided Content

We may indirectly collect personal information about you from third-parties who have your permission to share it. We may also collect publicly available information about you, such as from any social media and messaging platforms you may use.

Personal Information No Longer Required for Our Purposes

If your personal information is no longer required for our stated purposes, or if you instruct us under your Data Subject Rights, we will delete it or make it anonymous by removing all details that identify you (“Anonymisation”). However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

Legal Bases for Processing Your Personal Information

Data Protection and Privacy Laws permit us to collect and use your personal data on a limited number of grounds. We never directly market to any person(s) under 18 years of age. Our lawful bases include:

Consent From You: Where you give us consent to collect and use your personal information for a specific purpose. When you contact us, we assume your consent based on your positive action of contact.

Our Legitimate Interests: Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services.

Compliance with Law: In some cases, we may have a legal obligation to use or keep your personal information. For example, we are required to keep financial records for a period of 7 years.

International Transfers of Personal Information

The personal information we collect is stored and/or processed in the United Kingdom by us. On some occasions, where we share your data with third parties, they may be based outside of the UK or the EEA. If we transfer your personal information to third parties in other countries, we will perform those transfers in accordance with the requirements of UK GDPR (Article 45) and the Data Protection Act 2018, and we will adopt appropriate safeguards such as standard contractual clauses (SCCs) or binding corporate rules.

Your Data Subject Rights

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.

Right to Object: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest.

Right to be Informed: You have the right to be informed with how your data is collected, processed, shared and stored.

Right of Access: You may request a copy of the personal information that we hold about you at any time by submitting a Data Subject

Access Request (DSAR). The statutory deadline for fulfilling a DSAR request is 30 calendar days from our receipt of your request.

Right to Erasure: In certain circumstances, you can ask for your personal data to be erased from the records held by organisations. This is a qualified right and may only apply in certain circumstances.

Right to Portability: Individuals have the right to get some of their personal data from an organisation in a way that is accessible and machine-readable, for example as a CSV file, and to ask an organisation to transfer their personal data to another organisation where technically feasible.

Right to Rectification: If personal data is inaccurate, out of date, or incomplete, individuals have the right to correct, update or complete that data.

Notification of data breaches: Upon discovery of a data breach, we will investigate the incident and report it to the UK’s data protection regulator and yourself, if we deem it appropriate to do so.

Complaints: You have the right, at any time, to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Enquiries, Reports and Escalation

To enquire about Denison Nunn’s privacy policy, or to report violations of user privacy, you may contact our Data Protection Officer using the details in the Contact Us section of this privacy policy.

If we fail to resolve your concern to your satisfaction, you may also contact the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate)
Website: www.ico.org.uk

For any questions or concerns regarding your privacy, you may contact us using the following details:
Jack Denison
Jack@denison-nunn.com