Privacy Policy

Introduction

StillPointHQ ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy applies to individuals in the United States and the United Kingdom and complies with applicable data protection laws including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and the Telephone Consumer Protection Act (TCPA).

Data Controller Information

Information We Collect

We may collect the following types of personal information:

Information You Provide

• Contact Information: Name, email address, phone number, business name
• Business Information: Industry, company size, service requirements
• Communication Data: Information contained in your enquiries, form submissions, and correspondence with us
• Booking Information: Appointment scheduling preferences and meeting notes

Information Collected Automatically

• Technical Data: IP address, browser type and version, time zone setting, operating system
• Usage Data: Pages visited, time spent on pages, navigation paths (collected only with your consent via analytics cookies)

Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

• Contract: Processing necessary to perform a contract with you or take steps at your request before entering into a contract
• Consent: Where you have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications, analytics cookies)
• Legitimate Interests: Processing necessary for our legitimate interests, provided these are not overridden by your rights
• Legal Obligation: Processing necessary to comply with legal requirements

How We Use Your Information

We use your personal information for the following purposes:

• To provide and maintain our services
• To respond to your enquiries and provide customer support
• To schedule and manage appointments and consultations
• To send you service-related communications
• To send marketing communications (only with your explicit consent)
• To analyse and improve our website and services (only with your consent)
• To comply with legal obligations

Marketing Communications

We will only send you marketing communications if you have explicitly opted in to receive them. You will not find pre-ticked boxes on our forms. You can withdraw your consent at any time by:

• Clicking the unsubscribe link in any marketing email
• Contacting us directly at [email protected]

SMS and Voice Communications (TCPA Compliance)

We comply with the Telephone Consumer Protection Act (TCPA) and UK regulations regarding electronic communications. We will only send SMS messages or make automated voice calls with your prior express written consent.

• All SMS and voice communications require verified opt-in consent
• You can opt out at any time by replying STOP to any message
• We maintain records of all consent obtained
• We honour opt-out requests promptly

Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Third-party vendors who assist in delivering our services (e.g., CRM platforms, email service providers, booking systems)
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with any merger, sale of assets, or acquisition

We do not sell your personal information to third parties.

International Data Transfers

As we operate in both the UK and US, your data may be transferred between these jurisdictions. When transferring data from the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data in transit
• Secure hosting infrastructure
• Access controls and authentication
• Regular security assessments
• Staff training on data protection

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Typically:

• Client records: Duration of business relationship plus 6 years
• Marketing consent records: Duration of consent plus 2 years
• Website analytics data: As per cookie policy (varies by cookie type)

Your Rights

UK GDPR Rights

If you are in the UK, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data in certain circumstances
• Right to Restrict Processing: Request limitation of processing
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making: Not to be subject to solely automated decisions

US Rights (California CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected about you
• Know whether your personal information is sold or disclosed
• Say no to the sale of personal information (we do not sell personal information)
• Access your personal information
• Request deletion of your personal information
• Not be discriminated against for exercising your privacy rights

How to Exercise Your Rights

To exercise any of your rights, please contact us using the details below. We will respond to your request within one month (or as required by applicable law). We may need to verify your identity before processing your request.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.

UK: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) atico.org.ukor by calling 0303 123 1113.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.