Privacy Policy

1. Who We Are

Summit Executive Support Ltd (trading as Summit Exec) is the data controller responsible for your personal data.

Registered name: Summit Executive Support Ltd
Trading as: Summit Exec
Registered in: England & Wales
Email: hello@summitexec.co.uk
Website: www.summitexec.co.uk

Summit Executive Support Ltd is registered with the Information Commissioner's Office (ICO) as required under UK data protection law.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

  • Contact information — your name, email address, phone number and company name when you make an enquiry or become a client

  • Business information — information about your role, organisation and the support you require

  • Communications — emails, messages and other correspondence you send to us

  • Website usage data — anonymised data about how you use our website, collected via Squarespace analytics and cookies

  • Client data — personal data you share with us in the course of our working relationship, including details about your contacts, employees, stakeholders and business operations

3. How We Collect Your Data

We collect personal data in the following ways:

  • When you submit an enquiry through our website contact form

  • When you email or call us directly

  • When you become a client and we enter into a working relationship

  • Through cookies and analytics on our website (see Section 8 for more detail)

  • When you connect with us on LinkedIn or other professional platforms

4. Why We Use Your Data and Our Legal Basis

We only use your personal data where we have a lawful basis to do so under UK GDPR. The table below explains how and why we use your data:

  • To respond to your enquiry — Legitimate interests / pre-contractual steps

  • To deliver our executive support services — Performance of a contract

  • To issue invoices and manage payments — Performance of a contract / legal obligation

  • To comply with legal and regulatory requirements — Legal obligation

  • To maintain records of our working relationship — Legitimate interests

  • To improve our website and services — Legitimate interests

We will never use your personal data for marketing purposes without your explicit consent, and we do not sell your data to any third party under any circumstances.

5. How We Share Your Data

Summit Executive Support Ltd does not sell, rent or share your personal data with third parties for their own purposes. We may share data with trusted third party service providers who help us deliver our services, including:

  • Google Workspace — email, calendar, document storage and collaboration

  • Squarespace — website hosting and contact form processing

  • Starling Bank — business banking and payment processing

  • DocuSign / Adobe Sign — electronic signature coordination (where applicable)

All third party providers are required to handle your data securely and in accordance with applicable data protection law. We only share the minimum data necessary for them to perform their services.

We may also disclose your data where required to do so by law, regulation or legal process.

6. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law:

  • Client records — retained for 6 years following the end of the working relationship, in line with HMRC requirements for financial records

  • Enquiry data (non-clients) — retained for 12 months following your initial enquiry, then securely deleted

  • Website analytics data — retained in anonymised form as determined by Squarespace's data retention policies

Upon termination of a client relationship, all personal data provided during the course of our work together will be returned or securely deleted within 30 days, as outlined in your Client Services Agreement.

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — you can request a copy of the personal data we hold about you

  • Right to rectification — you can ask us to correct inaccurate or incomplete data

  • Right to erasure — you can ask us to delete your personal data in certain circumstances

  • Right to restrict processing — you can ask us to limit how we use your data

  • Right to data portability — you can request your data in a structured, machine-readable format

  • Right to object — you can object to our use of your data where we rely on legitimate interests

  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at hello@summitexec.co.uk. We will respond within 30 days. There is no charge for making a request.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

8. Cookies

Our website uses cookies — small text files placed on your device — to help the site function correctly and to understand how visitors use it. Squarespace, our website platform, manages cookie consent through the cookie banner you will have seen when visiting our site.

We use the following types of cookies:

  • Essential cookies — necessary for the website to function. These cannot be disabled

  • Analytics cookies — help us understand how visitors use our site so we can improve it. These are only set with your consent

You can manage your cookie preferences at any time by clicking the cookie settings link in the footer of our website, or by adjusting your browser settings.

9. Data Security

We take the security of your personal data seriously. All business systems used by Summit Executive Support Ltd are protected by multi-factor authentication and up-to-date security software. We hold Cyber Liability insurance as an additional layer of protection.

In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

10. International Data Transfers

Some of the third party services we use may process data outside the UK or European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses or adequacy decisions — to protect your data in line with UK GDPR requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page will always show when it was last updated. We encourage you to review this policy periodically.

If we make significant changes that affect how we use your personal data, we will notify clients directly by email.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please get in touch:

Summit Executive Support Ltd
Email: hello@summitexec.co.uk
Website: www.summitexec.co.uk
Registered in England & Wales