Privacy Policy

This page tells you what personal data we collect when you use this website or get in touch with us, why we collect it, how long we keep it, and what your rights are under UK GDPR. If anything here is unclear, email info@jmopartners.co.uk and we'll explain.

1. Who we are

The data controller is JMO Partners Ltd (Companies House registration 15592258), trading as JMO|Partners. We're a small IT consultancy based in South London, working with SMEs across Greater London and the surrounding home counties.

You can reach us at info@jmopartners.co.uk. That mailbox is read by the founders directly.

2. What personal data we collect

We only collect what we need. In practice that means:

• Contact-form submissions. If you fill in the contact form on the home page, we receive your name, company, email address, and the message you wrote.
• Resource-download forms. If you ask for a gated download (a scorecard, checklist, or template), we collect your name, company, and work email so we can send the file and let you know when we publish related resources.
• Direct emails. If you email us, your message and your reply address end up in our inbox — same as any business correspondence.
• Server logs. Like every web host, our hosting provider records standard request data — IP address, browser user-agent, timestamps, and the page requested. We use this only to keep the site running safely and to investigate suspected abuse.

We do not run analytics scripts, advertising trackers, or behavioural-profiling tools on this site. There are no third-party cookies dropped from the pages you read.

3. Why we collect it (lawful basis)

Under UK GDPR every use of personal data needs a lawful basis. Ours are:

• Legitimate interest — for business-to-business enquiries about our services. When you fill in the contact form or email us about a project, we have a clear interest in replying and you have a clear expectation we will.
• Consent — for occasional marketing emails about new resources and posts. Tick the download form and you're opting in. You can unsubscribe at any time, and we'll act on that immediately.
• Performance of a contract — for active client work. Once you're a client, we process the data we need to run the engagement (account details, ticket history, project records).
• Legal obligation — for the records UK law requires us to keep (for example, finance records under the Companies Act).

4. How long we keep it

• Contact-form submissions. Retained while the enquiry is active, then for twelve months after the last meaningful contact. After that we delete or anonymise the record unless you've become a client.
• Resource-download details. Retained until you unsubscribe. If you've not engaged with anything we send for twenty-four months, we'll prune your record at our next review.
• Client records. Retained for the duration of the contract plus any period the contract specifies. Finance records (invoices, receipts, contracts touching tax) are retained for seven years per the Companies Act 2006 and HMRC rules.
• Server logs. Held by our hosting provider for a short rolling window (typically 30–90 days) for security and abuse-prevention purposes.

5. Who we share it with

We don't sell your data and we don't share it with advertising networks. The only places it goes outside our own systems are:

• Web3Forms — the form processor that receives contact-form and download-form submissions and forwards them to our inbox. Their privacy policy is at web3forms.com/privacy.
• Our hosting provider — for serving the site and storing its log files.
• Email and document tools we use to run the business — for example, the inbox we read your email in. These are standard business systems, configured with sensible access controls.
• Specific named subprocessors involved in delivering an active engagement (we'll name them in the engagement contract).

If a UK regulator or law-enforcement body issues a lawful request, we'll comply. We'll push back on anything that looks overbroad.

6. Where your data is stored

We aim to keep data in the UK or the European Economic Area wherever practical. Some of the third-party tools we use (including Web3Forms) operate in other jurisdictions; their own privacy policies set out where they store data and what transfer safeguards they rely on. Where personal data leaves the UK, we rely on the UK government's adequacy decisions or on standard contractual safeguards permitted by the ICO.

7. Cookies

This site uses only strictly-necessary cookies — the kind set by your browser or the hosting platform to keep the site working. We don't use analytics cookies, advertising cookies, or any third-party tracking. Because we only use essential cookies, no consent banner is required under UK PECR.

If we ever add analytics, we'll update this page and add a proper cookie banner first.

8. Your rights under UK GDPR

You have the following rights over your personal data. They're set out in Articles 15 to 22 of the UK GDPR.

• Access. Ask us what we hold about you and get a copy.
• Rectification. Ask us to correct anything that's wrong or out of date.
• Erasure. Ask us to delete your data ("the right to be forgotten"). There are some exceptions — for example, records we're legally required to retain.
• Restriction. Ask us to stop using your data while we sort out a dispute about it.
• Portability. Ask for a copy in a portable, machine-readable format so you can move it elsewhere.
• Objection. Object to a particular processing activity — including direct marketing, which we'll always stop on request.
• Withdraw consent. Where we rely on your consent, you can withdraw it at any time without giving a reason.
• Complain. Lodge a complaint with the UK regulator, the Information Commissioner's Office, at ico.org.uk.

9. How to exercise your rights

Email info@jmopartners.co.uk with the request. Use the subject line "Privacy request" so it doesn't get lost. We'll respond within one calendar month, as UK GDPR requires. If we need to extend that (because the request is complex), we'll tell you why and how long it'll take.

To unsubscribe from resource emails, either reply with "unsubscribe" or use the link in the email itself.

10. Security

We follow reasonable, proportionate security measures for an SME consultancy — access controls, multi-factor authentication, encrypted devices, vendor due-diligence, and incident response procedures. No system is perfectly secure; if something does go wrong, we'll tell you and (if required) the ICO within 72 hours per UK GDPR.

11. Changes to this policy

We update this page when our practices change or when guidance from the ICO moves on. The "last updated" date at the top reflects the most recent change. Significant changes (a new processor, a new lawful basis, a new category of data) will get a clear note in any next email we send.

12. Contact

Questions, requests, or anything else about your data: info@jmopartners.co.uk. One of the founders will read it.