Privacy Policy

Last updated: December 2025

Last updated: December 2025

This Privacy Policy explains how Code Ivy Consulting (“Code Ivy”, “we”, “us”, “our”) collects, uses, and protects personal data when you visit our website, contact us, book a consultation, or use our services.

1) Who we are (Data Controller)

Controller: Code Ivy Consulting
Company number (if applicable): 14969762
Registered address: 10 Ladyhouse Lane, Berry Brow, Huddersfield, United Kingdom HD4 7QD
Email: admin@codeivy.co.uk
Phone: 07883386238

If you have questions about this policy or how we use your data, contact us at privacy@codeivy.co.uk.

2) What data we collect

We may collect and process the following categories of personal data:

A. Website & enquiries

  • Name, email address, phone number

  • Company/practice name, role/title

  • Message content and enquiry details

  • Records of communications (email, phone, forms)

B. Bookings & meetings

  • Appointment details (date/time)

  • Notes you share during calls (e.g., operational pain points, requirements)

C. Service delivery (B2B)
Depending on the service, we may process personal data on behalf of a client (e.g., a dental practice). This can include:

  • Patient/admin contact details (non-clinical), appointment-related data, communications metadata

  • Staff user accounts and access logs

  • System usage and audit logs

Important: Where we process data on behalf of a client, we typically act as a processor and the client is the controller. The client’s privacy notice will apply to their patients/end users.

D. Technical data

  • IP address, browser type/version, device identifiers

  • Pages visited, interaction data, referring URLs

  • Cookie identifiers (where applicable)

3) How we use your data (purposes)

We use personal data to:

  • Respond to enquiries and provide information you request

  • Book and manage consultations and meetings

  • Provide our services (websites, booking/recall systems, AI receptionist and automation)

  • Improve our website, security, and service quality

  • Send service communications (e.g., updates, confirmations)

  • Send marketing communications (where permitted—see section 9)

  • Comply with legal and regulatory obligations

4) Lawful bases (UK GDPR)

We rely on one or more of the following lawful bases:

  • Contract: to deliver services or take steps before entering a contract

  • Legitimate interests: to respond to enquiries, improve services, maintain security, prevent fraud, and run our business (balanced against your rights)

  • Consent: for certain cookies and (where required) marketing

  • Legal obligation: to comply with applicable laws and regulations

5) Special category data (health data)

We do not aim to collect or process clinical health data through our website enquiry forms.

If a client requests functionality that involves special category data (e.g., patient health information), this will be handled under a specific written agreement and appropriate safeguards, including a Data Processing Agreement (DPA) and security measures.

6) Who we share data with

We may share personal data with trusted third parties where necessary to operate our website and deliver services, such as:

  • Hosting and infrastructure providers (e.g., cloud hosting, email services)

  • Analytics providers (e.g., website performance/traffic analytics)

  • Scheduling/CRM tools (e.g., booking and contact management)

  • Communications tools (e.g., email, telephony, chat providers)

  • Subcontractors who help us deliver services (under confidentiality and data protection obligations)

  • Professional advisers (lawyers, accountants) where necessary

  • Regulators / law enforcement where required by law

7) International transfers

Some of our service providers may process data outside the UK. Where personal data is transferred internationally, we use appropriate safeguards such as:

  • UK Addendum to the EU Standard Contractual Clauses (SCCs), and/or

  • Adequacy regulations (where applicable), and/or

  • Other lawful transfer mechanisms under UK GDPR.

8) Data retention

We keep personal data only as long as necessary for the purposes set out in this policy.

Typical retention periods:

  • Enquiries: up to [12–24] months after last contact

  • Client service data: for the duration of the contract and a reasonable period after (e.g., [6–24] months) unless longer retention is required

  • Invoices/financial records: as required by law (typically 6 years in the UK)

  • Security logs: typically [30–180] days unless needed for investigation

Clients can request specific retention rules for systems we build/host.

9) Marketing communications

We may send marketing emails to business contacts where permitted by law (e.g., under legitimate interests for B2B) or where you have consented.

You can opt out at any time by:

We do not sell personal data.

10) Cookies and analytics

We use cookies and similar technologies to:

  • ensure the website works properly

  • understand how visitors use the site

  • improve performance and content

Where required, we will ask for your consent for non-essential cookies.
Cookie details: [Link to Cookie Policy] or include a short cookie table.

11) Your rights (UK GDPR)

Depending on your circumstances, you may have the right to:

  • access your personal data

  • correct inaccurate data

  • request deletion (in certain cases)

  • restrict or object to processing

  • data portability (in certain cases)

  • withdraw consent (where consent is used)

To exercise your rights, contact admin@codeivy.co.uk.

You also have the right to complain to the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk

  • Phone: 0303 123 1113

12) Security

We use appropriate technical and organisational measures to protect personal data, such as:

  • access controls and least-privilege permissions

  • encryption in transit (and where appropriate at rest)

  • secure development practices

  • backups and monitoring

No method of transmission or storage is 100% secure, but we work to protect your data and reduce risk.

13) Third-party links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.

14) Children’s data

Our website and services are not directed at children, and we do not knowingly collect children’s data via our website.

15) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with an updated “Last updated” date.