AllChange GDPR Privacy Policy


AllChange Strategic Consulting is a specialist Strategic Change firm.          We provide strategic business consulting and integrated transformation products to clients around the world. Our products and service create value for clients by successfully bringing strategy to life in a way that connects with people’s heads, hearts and hands. As such we collect a variety of personal data necessary to provide these services in a highly confidential and secure database, accessible only by AllChange Strategic Consulting.

What does this Policy cover?

AllChange Strategic Consulting takes the processing and security of your personal data seriously. This policy, therefore:

  • Sets out the types of personal data that we collect about you and your organisation;
  • Explains how and why we collect and use your personal data;
  • Explains how long we keep your personal data for;
  • Explains when, why and with who we will share your personal data;
  • Sets out the legal basis we have for using your personal data;
  • Explains the effect of refusing to provide the personal data requested;
  • Explains the different rights and choices you have when it comes to your personal data; and
  • Explains how we may contact you and how you can contact us.

What personal data do we collect about you?

We collect the information necessary and needed to deliver the AllChange transformation products and services, which typically involve helping AllChange to understand your organisations business context and strategic intent so we understand your past journey of change, your current state and understand your aspired future state. This information typically includes:

  • Contact details, such as name, email address, postal address and telephone numbers, strategy and business planning documents, technology and functional specifications; and strategic messaging and other associated communications transmitted via email and marketing collateral.
  • We may also collect sensitive private data about your organisation if you have explicitly shared it with us. We only collect sensitive private data from you, and further process this data, where you have given your explicit consent.

If you do not wish to disclose your organisations’ private information, we will be unable to provide you with the services we offer since strategic and business planning and other similar private information is necessary to provide the AllChange transformation products and services.

Where do we collect personal data about you from?

We typically obtain your data from the following different sources (although this is not an exhaustive list):

  • Directly from you (such as a website registration form or meeting interview)
  • Social Media – such as LinkedIn
  • Public domain – such as trade/business press, company websites
  • From an agent/third party acting on your behalf
  • Notes following a conversation, meeting, call or video conference
  • Our website
  • By Reference or word of mouth – you may be recommended by a friend, a former colleague or former current/former vendor

Where you are a client and we have obtained your personal data from a third party, it is our policy to advise you of the source when we first communicate with you or within 30 days.

How and why we use your personal data?

The processing of your personal data may include:

  • Collecting and storing your private organisation and personal data in a physical and electronic format
  • Notifying you of new product solutions or relevant client case studies
  • Assessing you and your organisation and reviewing your suitability for the AllChange value proposition
  • Engaging you for a client reference
  • Sending information to third parties with whom we have entered into a contractual arrangement which is related to our strategic change transformation products and service
  • Providing information to regulatory authorities or statutory bodies and our legal or other professional advisors including insurers
  • To market our strategic change products and service and send you information on research, promotions, events and other relevant information or market trends
  • To retain a record of our dealings
  • Establish quality, training and compliance and best practice

We will initially collect basic information on you and your organisation such as contact details, job role, experience and summary desktop organisation information under a legitimate business interest policy and will only then process and share more detailed information to third parties (our contracted associates) with your consent.

Please be assured that we do not sell your information to third parties or use the information for purposes that are incompatible with any of those described in this notice.

How long do we keep your personal data for?

We will retain information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the strategic change services or to comply with applicable legal, tax, or accounting requirements).

When we have no on-going legitimate business need to process your personal information, we will delete it.

Typically we will keep personal and private organisation data for 5 years with no client contact.



Who do we share your personal data with?

Your personal and private organisation data is shared with our contracted associate community or strategic partners who might be directly involved in providing the strategic change services.

What legal basis do we have for using your information?

We will normally collect personal and private organisation information from you where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, in connection with the strategic change products and service, we typically rely on our legitimate interests to process personal information for our research and advisory activities and where permitted by law, certain marketing activities).

When required by law, we will collect personal information only where we have your consent to do so (for example, if we need to collect and process any sensitive personal information about you and your organisation). In some limited cases, it may be necessary for us to process personal and private organisation information and, where appropriate and in accordance with local laws and requirements, sensitive information, in connection with exercising or defending legal claims (for example, where we are required by law to preserve or disclose certain information as part of the legal process).

What happens if you do not provide us with the information we request or ask that we stop processing your information?

If you do not provide the personal and private organisation data necessary, or withdraw your consent for the processing of your personal and private organisation data, this will limit our ability to consider you in connection with the services we offer.

Do we make automated decisions concerning you?

No, we do not carry out automated profiling.

Do we use Cookies to collect personal data on you?

To provide better service to you on our websites, we use cookies to collect your personal data when you browse.

Use of Cookies

Cookies provide information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website. We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever. You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at

Do we transfer your data outside the EEA?

No. We do not transfer personal data outside the EEA.

Your Data Protection Rights

You have the following data protection rights:

  • If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the contact us section of our website. When asked to remove a record from our database, we will retain minimal personal and private organisation information in order to prevent future contact, to keep a record of the information disclosed to our clients, associated and partners, and to preserve AllChange Strategic Consulting’s interests in accordance with any applicable legal requirements.
  • In addition, if you are a resident of the European Economic Area, you can object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided.
  • Similarly, if we have collected and processed your personal or private organisation information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal or private organisation information conducted in reliance on lawful processing grounds other than consent. If you withdraw your consent, you will not be able to be able to receive AllChange Strategic Consulting transformation products or service.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area are available here. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

How will we contact you?

We may contact you by phone, email or social media. If you prefer a particular contact means to another please just let us know

How can you contact us?