MOU Consulting
MOU Consulting
Assurance · Risk · Growth

Legal

Privacy Policy

Last updated: 9 May 2026

This Privacy Policy explains how MOU Consulting Ltd ("MOU Consulting", "we", "us") collects, uses, stores and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

MOU Consulting Ltd is a company registered in England and Wales, providing audit readiness, systems governance and operational risk advisory services. We are the data controller for personal data collected through this website and our client engagements.

Contact: enquiries@mouconsulting.co.uk.

2. Personal data we collect

  • Identity and contact data (name, job title, employer, email, phone).
  • Enquiry content you submit via contact forms, scorecard or email.
  • Engagement data (correspondence, deliverables, billing details).
  • Technical data (IP address, browser, device, pages viewed) via cookies and logs.

3. Purpose of processing

We process personal data only for clearly defined purposes, as set out below:

  • Responding to enquiries — to reply to your contact form, scorecard or email submission. Lawful basis: legitimate interests / steps prior to entering a contract.
  • Delivering our services — to provide audit readiness, ITGC, governance and risk advisory services to clients. Lawful basis: contract performance.
  • Scorecard and assessment tools — to generate your readiness score and, where you opt in, send the report to our internal operator. Lawful basis: legitimate interests.
  • Compliance and record-keeping — to meet our legal, regulatory and professional obligations (e.g. ICAEW, anti-money-laundering). Lawful basis: legal obligation.
  • Website security and analytics — to keep the site secure and understand how it is used. Lawful basis: legitimate interests.
  • Marketing communications — to send relevant insights where you have consented or are an existing client. Lawful basis: consent / legitimate interests. You can unsubscribe at any time.

We do not sell personal data, and we do not use it for automated decision-making that produces legal effects.

4. Sharing your data

We share data only with vetted processors who support our services (hosting, email delivery, analytics, secure storage), or where required by law. All processors are bound by written agreements consistent with UK GDPR.

5. International transfers

Where data is transferred outside the UK, we rely on UK adequacy regulations or appropriate safeguards such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses.

6. Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting and reporting requirements. Engagement records are typically retained for seven years.

7. Your rights

Under UK GDPR you have the right to:

  • access a copy of your personal data;
  • request correction or erasure;
  • object to or restrict processing;
  • withdraw consent at any time;
  • data portability where applicable;
  • complain to the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email enquiries@mouconsulting.co.uk.

8. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, secure hosting and least-privilege principles to protect personal data.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent change.