Privacy Notice
How Sustain International Ltd collects, uses, stores and protects personal data — and the rights you have over the information we hold about you.
Who we are
Sustain International Ltd ("we", "our", "us") is the data controller responsible for your personal data when you use our website or engage with us as a client, supplier, or contact.
| Company name | Sustain International Ltd |
|---|---|
| Company number | 14548842 (registered in England and Wales) |
| Registered office | Northgate Business Centre, 38–40 Northgate, Newark, Nottinghamshire, NG24 1EZ, United Kingdom |
| Privacy contact | info@sustain-intl.com |
What information we collect
We only collect personal data that is necessary to deliver our services or respond to enquiries. Specifically:
Information you give us directly
- Enquiry form data — name, email address, organisation, area of interest, and the message you send us
- Email correspondence — any information you include when you email us at info@sustain-intl.com
- Engagement information — when you become a client, we hold contract details, billing information, and the operational records needed to deliver our services
Information collected automatically
- Analytics data — when you visit our website, we collect anonymised usage data (pages visited, time on page, device type, country) using Google Analytics 4. This data is aggregated and does not identify individuals.
- Technical data — IP address, browser type, operating system, and referrer URL, used solely for security and fraud prevention.
- Cookies — see our Cookie Notice for full details.
Why we collect it (lawful basis)
UK GDPR requires us to identify a lawful basis for each type of processing. Ours are:
| Purpose | Lawful basis |
|---|---|
| Responding to your enquiry | Legitimate interest (Art. 6(1)(f)) — answering a question you have asked us |
| Delivering services to clients | Performance of a contract (Art. 6(1)(b)) |
| Sending occasional updates about our work to known contacts | Legitimate interest (Art. 6(1)(f)) — you can opt out at any time |
| Website analytics | Consent (Art. 6(1)(a)) — collected only after you accept analytics cookies |
| Compliance with legal obligations (e.g., accounting records) | Legal obligation (Art. 6(1)(c)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
How long we keep it
We retain personal data only for as long as necessary for the purpose for which it was collected, plus any period required by law:
- Enquiry form submissions — 24 months from receipt, then deleted unless an active engagement has commenced
- Client engagement records — 7 years after the engagement ends, to meet HMRC and statutory record-keeping requirements
- Email correspondence — 36 months from the date of last contact
- Analytics data — 14 months in Google Analytics 4 (default retention, anonymised)
Who we share it with
We do not sell personal data. We share it only with the following categories of recipient, and only where necessary:
- Service providers who process data on our behalf under written agreements: our website hosting provider (Vercel), our email service provider, our analytics provider (Google), our accounting software provider, and our document management providers. Each is contractually bound to UK GDPR-compliant processing.
- Professional advisers — accountants, lawyers, and auditors, where engaging them requires data sharing.
- Regulators or law enforcement — only where legally required (e.g., a court order or HMRC request).
- Business successors — in the event of a merger, sale, or restructuring of the business, with prior notice where practicable.
International transfers
Some of our service providers (notably Google for analytics, and Vercel for hosting) may process data in countries outside the UK. Where this happens, we rely on:
- UK adequacy decisions (where the country has been determined to provide adequate protection), or
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner, or
- The UK International Data Transfer Agreement (IDTA).
Your rights
Under UK GDPR you have the following rights, which you can exercise at any time by emailing info@sustain-intl.com:
- Right of access — to receive a copy of the personal data we hold about you
- Right to rectification — to have inaccurate data corrected
- Right to erasure ("right to be forgotten") — to have your data deleted, subject to legal retention requirements
- Right to restrict processing — to limit how we use your data
- Right to data portability — to receive your data in a machine-readable format
- Right to object — to processing based on legitimate interests, including direct marketing
- Right to withdraw consent — for processing based on consent (this does not affect the lawfulness of processing carried out before withdrawal)
- Right to lodge a complaint — with the UK Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113
Subject access requests: we will respond within one calendar month. We may extend this by up to two further months for complex requests, in which case we will tell you within the first month and explain why.
How we protect your data
We maintain technical and organisational measures appropriate to the risk and the nature of the data we hold, including:
- Transport encryption (HTTPS / TLS) on all website traffic
- Encryption at rest for stored client data
- Access controls limiting personal data to staff with a legitimate need
- Regular review of supplier security posture
- Incident response procedures and breach notification protocols (within 72 hours to the ICO where required)
Children
Our services are directed to professional clients and we do not knowingly collect personal data from anyone under 18.
Changes to this notice
We may update this notice from time to time. The effective date at the top of this page indicates when it was last revised. Material changes will be notified to active clients by email.
Contact
For any question about this notice or how your data is handled, contact us at:
Email: info@sustain-intl.com
Post: Sustain International Ltd, Northgate Business Centre, 38–40 Northgate, Newark, Nottinghamshire, NG24 1EZ, United Kingdom