Privacy Policy

Who we are

Ladyship Group Ltd ("Ladyship", "we", "us", "our") is a UK-registered limited company (Company No. 1595373) operating as an independent, strategic & creative consultancy. Our registered office is 79 Canadian Avenue, London SE6 3AX. 

Ladyship Group Ltd operates alongside its wholly owned US subsidiary, Ladyship Inc. Depending on the nature of the engagement, personal data may be processed by one or both entities. 

For UK GDPR purposes, Ladyship is the data controller for the personal data described in this notice. 

If you have any questions about this notice or about how we handle your personal data, contact us at [privacy@weareladyship.com] or by writing to the address above. 

We approach data with the same level of care and discretion we bring to our client work. 

What this notice covers 

This notice explains: 

  • What personal data we collect 

  • Why we collect it and our lawful basis for doing so 

  • Who we share it with 

  • How long we keep it 

  • The rights you have over your data and how to exercise them 

It applies to visitors to our website, prospective and existing clients, individuals at supplier and partner organisations, contractors and freelancers we engage, and anyone who applies to work with us. 

Personal data we collect  

Depending on your relationship with us, we may collect: 

Website visitors — basic analytics data (pages visited, approximate location, browser type), and any information you submit through contact forms 

Prospective and existing clients — names, business email addresses, phone numbers, job titles, employer details, content of your communications with us which may include materials provided in the course of our work, such as research inputs, interview notes, workshop outputs, and strategic or creative materials 

Contractors and freelancers — names, contact details, bank or invoicing details, identification documents where required (e.g. right-to-work checks), portfolio and engagement records 

Recruitment enquiries — names, contact details, CVs, portfolios, content of communications 

We do not intentionally collect special category personal data. Where such data is shared with us as part of client work or recruitment processes, we will only process it where necessary and in accordance with applicable law. 

How we use your personal data and our lawful basis

Lawful basis 

Purpose

Responding to enquiries and delivering strategic and creative services to clients 

Contract; legitimate interest in operating our business 

Engaging contractors and managing freelance relationships 

Contract; legal obligation (e.g. right-to-work) 

Managing supplier relationships 

Contract; legitimate interest 

Sending occasional updates about our work to existing business contacts (they can opt out at any time) 

Legitimate interest (with right to object) 

Operating our website and improving it through analytics 

Legitimate interest 

Meeting legal, tax, and accounting obligations 

Legal obligation 

Recruitment 

Legitimate interest 

We do not sell your personal data and we do not use it for automated decision-making. 

Who we share your data with 

We only share personal data with third parties where necessary to operate our business, and we ensure appropriate contractual and security measures are in place.

We use a small number of trusted technology providers to run our business. These act as our data processors and handle personal data on our behalf under appropriate contractual terms:

  • Google Workspace (Google LLC) — email, document storage, calendar, file sharing

  • Microsoft 365 (Microsoft Corporation) — email and productivity

  • Slack (Slack Technologies / Salesforce) — internal and client messaging

  • Figma (Figma Inc.) — design collaboration

  • Squarespace (Squarespace Inc.) — our public website

  • Afi.ai (Afi Inc.) — backup and ransomware protection for Workspace and Microsoft 365 data

  • 1Password (AgileBits Inc.) — secrets management

We may also share personal data with:

  • Professional advisers (accountants, legal advisers, insurers) where reasonably necessary

  • Authorities and regulators where legally required

  • A buyer or successor entity in the event of a sale or restructure of our business

International transfers

Our technology providers may process data outside the United Kingdom — primarily in the European Economic Area and the United States. Where data is transferred outside the UK, we rely on the lawful transfer mechanisms permitted under UK data protection law (UK Adequacy Regulations, the International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, as appropriate). We assess these transfers to ensure an appropriate level of protection for personal data.

How long we keep your data

We retain personal data only for as long as we need it for the purpose it was collected, or as required by law:

  • Client and supplier records — for the duration of our engagement and for [6] years afterwards, to meet UK accounting and contractual record-keeping requirements

  • Contractor and freelancer records — for the duration of the engagement and for [6] years afterwards

  • Recruitment data — typically [12 months] after the application closes, unless you have asked us to keep your details on file

  • Enquiry and marketing data — until you ask us to remove it, or until it is no longer relevant to our business relationship (typically no longer than 24 months without engagement).

  • Website analytics — typically [14 months], in line with our analytics provider's defaults

Your rights

Under UK data protection law you have the right to:

  • Access the personal data we hold about you

  • Correct inaccurate or incomplete data

  • Erase your data where there is no compelling reason for us to keep it

  • Restrict how we use your data in certain circumstances

  • Object to our use of your data based on legitimate interest, including direct marketing

  • Data portability — receive your data in a structured, machine-readable format

  • Withdraw consent where we rely on consent as our lawful basis

To exercise any of these rights, email [privacy@weareladyship.com]. We will respond within one calendar month.

If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO) — ico.org.uk — though we'd appreciate the chance to address your concerns first.

Cookies

Our website is hosted on Squarespace and uses a small number of cookies. These fall into two categories:

  • Essential cookies — required for the site to function properly, including security, basic navigation, and remembering your cookie preferences. These are set automatically and do not require consent.

  • Analytics cookies — we use Squarespace's built-in analytics and Google Analytics (provided by Google LLC) to understand which pages are visited, how visitors arrive at the site, and how the site is performing. This data is aggregated and is not used to identify you personally.

Where required, we obtain your consent before placing non-essential cookies, including analytics cookies. You can accept, decline, or manage your preferences through the cookie banner on our site, and you can change your choice at any time via the "Cookie Preferences" link on our site or through your browser settings. Disabling certain cookies may affect how parts of the site work.

For more detail on the cookies Squarespace sets, see Squarespace's cookie policy at squarespace.com/cookie-policy. For information on Google Analytics and how to opt out, see policies.google.com/privacy and tools.google.com/dlpage/gaoptout.

Changes to this notice

We may update this notice from time-to-time to reflect changes in our practices or in the law. The "Last updated" date at the top tells you when it was most recently revised.

Published at https://www.weareladyship.com/privacy

Last updated: April 2026