our policies

This policy explains how we collect, use and protect any information about you and your organisation that we obtain as part of our marketing activities, or when you communicate with us, use this website or engage our services.

This policy was last reviewed on 2 November 2023.


We work hard to protect your data and privacy. We believe it’s important to act ethically and help protect human rights in our increasingly digital world. So:

  1. We only collect information about you and your organisation that is publicly available or when you communicate with us.
  2. This website does not use cookies. Full stop.
  3. We use privacy-friendly website analytics and will never use software that tracks you or invades your privacy.
  4. We regularly review and update this policy to ensure it meets data protection laws.

The detail

When you provide us with personal information about you, you can be assured that it will only be collected with your consent and be used in accordance with this privacy policy. We will never disclose or share your information without your consent, unless required to do so by law. We will never sell your data.

We regularly review and update this policy to ensure it meets data protection laws. Most recently, the policy has been reviewed to meet the European Parliament’s General Data Protection Regulation (“GDPR”), which replaces the UK’s Data Protection Act 1998. Where this policy refers to "data protection laws", it implies the General Data Protection Regulation.

The terms "As It Should Be", "us" or "we" refer to As It Should Be Ltd. Our company is registered in England and Wales, company number 07251721.

What we collect

We may collect publicly available information about you and your organisation as part of our efforts to find and connect with clients that are a good fit for us.

We may also collect the following information about you and your organisation when you contact us or become a client:

  • Your name and job title
  • Your organisation and work address
  • Contact details, typically your email address, and sometimes things like a telephone number (or digital equivalent) and social media account usernames
  • Your Internet Protocol (IP) address and details of the web browser and operating system you use (see Analytics)
  • Rarely, as part of customer surveys and/or offers, we may collect demographic information such as personal preferences and interests

We may collect personal information via our website, email, telephone, social media or in person. Sometimes, we may obtain personal information via one of our partner organisations during normal business activities, such as project work or referrals. In such cases, our data protection and privacy policies form part of our contracts.

We do not collect sensitive personal data as part of our normal business activities. This means that we do not usually collect information concerning ethnicity, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences. At times we are required to collect such information, we will clearly state the reason for collecting the data and how it will be used.


We use a privacy-friendly website analytics tool called Plausible Analytics. It helps us understand how many people are visiting the website, and what content is most useful to our visitors.

Plausible tracks overall trends, but does not track individual visitors. It does not collect or store any personal data or personally identifiable information, and does not use cookies.

Visit their website to read all about how Plausible protects your privacy.


This website does not use cookies and does not track you.

"Cookies" are small files that are placed on your computer’s hard drive by your web browser. They can be used to make your experience online much better and useful, but they can also be used for more invasive purposes, such as tracking your browsing habits. You can read more about cookies and how to manage them at allaboutcookies.org.

You'll find YouTube videos on some pages of this site. We try to ensure that these are added in a way that means that no cookies are used. Sometimes a video slips through that means YouTube sets some of its cookies, but we try our best to spot these quickly and switch to "no cookie" mode.

Web fonts

The web fonts we use on this website are hosted by us. We do this to protect your privacy by avoiding using third party services that may track you. It also means that we can control the web host environment to ensure that our site is powered by green energy.

IP addresses

Internet Protocol (IP) addresses are used to connect your computer to the Internet and are assigned to you by your internet service provider. As standard, web servers collect and store details of your web browser and operating system, the website from which you came, the pages that you browse on our website, the date of your visit, and your IP address. This information is collected as part of reasonable measures towards the prevention and detection of fraud, attacks on our website, and other irregularities. As such, we do not require your consent to collect this data. However, we do whatever we can to anonymise and encrypt this data where possible, then dispose of the data when it is no longer necessary (usually within 12 months).

What we do with the information we collect

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • To facilitate the normal activities of providing our services to you, which includes communicating with you or your organisation
  • For internal record keeping
  • To fulfil our legal obligations in the prevention or detection of fraud or other illegal activities
  • To contact you to gather feedback on our work, training courses, events or talks you have attended
  • To contact you by email or phone for market research purposes
  • To send occasional promotional emails about new services or offers using the email address which you have provided (we do not send regular marketing newsletters)

Where your data is used

Wherever possible, your information will only be used internally by our staff and within the UK. In some circumstances, it may be necessary to share some of your information with subcontractors, who may be located outside the UK. When we work with subcontractors, they are required to adhere to our policies, including this privacy policy. In these situations, we will only share your information with your consent.

We will not sell or lease your personal information to third parties.

Where your data is stored on third-party systems, we try to ensure that your data remains in the UK, or inside the EU. For example, our website is hosted in the UK, and our email systems are all based in the UK with our web hosting provider.

Where it is necessary to use services outside the UK, we have contracts in place with those third-party suppliers to ensure they meet data protection laws and our privacy and data protection policies. For example, in some situations, your data may be transferred and stored through online systems that operate outside the UK or the EU. Such services that we use internally include Google Workspace (for calendars, documents, spreadsheets), Dropbox (for internal file transfer), and SendInBlue (to send emails).

How long we retain your personal information

We retain personal information we collect from you as long as we have an ongoing legitimate business need to do so. For example, this may be in the normal activities of providing our services to you or as required by financial obligations or applicable laws. Data retention periods for different types of data are defined in our data protection policy, which is available on request.

We aim to be a paperless organisation, meaning that all data is stored electronically wherever possible. We work hard to ensure that personal information is stored using secure software and services. Any paper with sensitive information is securely shredded and recycled. When your personal information goes past its data retention period, it is deleted. If it is not possible to fully delete data, it will be anonymised in order to protect your privacy.

Controlling your personal information

Under data protection laws, you have the right to obtain a copy of any personal data we hold for you. You also have the right to ask that we remove all your data from our records.

You may request from us full details of the personal information we hold about you (commonly referred to as a subject access request). If you would like a copy of the information held on you, please contact us. We will fulfil reasonable requests within one month. There is no fee for reasonable subject access requests.

If you believe that any information we are holding about you is incorrect or incomplete, please write to or email us as soon as possible. We will fulfil reasonable requests to correct inaccurate or incomplete information within one month.

You may choose to restrict the collection or use of your personal information, or even request that we remove all your data from our records. If you have previously agreed to us using your personal information and have changed your mind in any way, please contact us to request changes to or removal of your data.

Links to other websites

This website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting other sites, and such sites are not governed by this privacy policy. You should exercise caution and look for the privacy statement applicable to the website in question.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Our email systems are secured using a secure socket layer (SSL). Wherever we request personal information from you digitally, we use Hypertext Transfer Protocol Secure (HTTPS) to ensure your data is safely transmitted to our server via SSL. Web browsers typically indicate that a website is secure by showing a padlock icon in its address bar.

Data breach notifications

Should we detect any data breaches that adversely affects your privacy, we will contact you as soon as possible and within the 72 hours required by data protection laws.

Contacting us about your privacy

If you have any questions about this privacy policy, please contact us via the website, or email us at privacy@digitalasitshouldbe.com.