top of page

Privacy Policy

​Last updated: 03/08/2025

Controller
 

Upender Mehra (trading as Upender Mehra Consultancy)
Contact: Shepherd Cross Street, 188A Oxford Grove, Bolton BL1 3BH 

​

1. Introduction

When you visit my site or contact me via the enquiry form or email, I collect certain personal data. This policy explains clearly and simply:

  • What data I collect and why

  • How long I keep it

  • How I keep it secure

  • Your rights under UK law and how to exercise them

​

2. Legal Basis for Processing

Under UK GDPR (the UK version of the GDPR, regulated by the Data Protection Act 2018), I process personal data on these lawful bases (Article 6):

  • Legitimate interests: to respond to your enquiry, send quotes, prepare a proposal, or comply with legal obligations (e.g. bookkeeping) [BAC01]

  • Contract: once we begin working together, to deliver the agreed services

  • Consent (if applicable): for optional email updates, we’ll ask explicitly and you can withdraw at any time

​

3. Data Collected & Purpose

What I collectWhyRetained for

Name, email, companyTo answer your enquiry or send proposalsUp to 2 years if no engagement

Project brief, samples, documentsTo develop your consultancy or design workUp to 5 years for project records

Payment details (for bookkeeping)To invoice and comply with tax law6 years (per statutory requirements)

For visitors, only your IP and browsing metadata are logged temporarily via website hosting—not tracked or sold. I do not use cookies or analytics plugins by default.

​

4. How I Protect Your Data

I take data security seriously:

  • Files are stored on a password-protected system

  • Passwords are updated regularly

  • Shared only with trusted suppliers (e.g. Dropbox, email provider) where necessary, mostly within the UK or EU

  • I do not transfer data to countries without adequate safeguards

​

5. Your Rights

Under UK GDPR, you have the rights to:

  • Access the personal data I hold about you

  • Correct any inaccuracies

  • Erase data (subject to legal constraints, e.g. tax record retention)

  • Restrict or Object to processing (e.g. direct marketing)

  • Ask for Data Portability, where applicable

  • Withdraw consent at any time if consent was given voluntarily

​

To request any of these, just email me at [your contact]. I will respond within one calendar month.

​

6. When the Rules May Not Apply

This privacy notice does not cover data required for:

  • Non-commercial personal or household activity

  • Anyone under 13 (children’s data should not be collected)

​

7. Changes to This Policy

This document may be updated occasionally—for example, if I add new services, update contact tools, or new legal regulation emerges. I’ll post the revised date at the top when that happens.

bottom of page