Privacy Policy

1. Who we are

The Negotiation Experts is an independent advisory firm. The legal entity operating this website and acting as data controller in respect of personal data collected through it is the firm's relevant legal entity for the jurisdiction in which you reside. To exercise any of the rights described in this policy, contact our privacy team via the contact page selecting “Privacy enquiry” from the form options.

2. What personal data we collect

We collect personal data in three ways. First, when you complete a form on this site (contact, white paper download, newsletter signup), we collect the information you provide: typically name, work email, company, role, and the contents of any message. Second, when you visit the site, our hosting infrastructure logs your IP address, the pages you visit, the timestamps and your browser user-agent string for security and operational analytics. Third, where you have consented, we use first-party analytics cookies to measure aggregate site behaviour.

3. Why we collect it and the legal basis

For form submissions, our legal basis is your consent (Article 6(1)(a) UK and EU GDPR) where you have opted in to marketing communication, or our legitimate interests in responding to commercial enquiries (Article 6(1)(f) GDPR) where you have submitted a contact form. For server logs, our legal basis is legitimate interests in operating and securing the website. For analytics cookies, our legal basis is your consent indicated through the cookie banner.

4. Who we share data with

We share personal data with a small number of essential service providers, each operating as our data processor under written agreement: our website hosting provider, our form-processing platform (Formspree), our email delivery platform, and our customer relationship management platform. Where personal data is transferred outside the United Kingdom and the European Economic Area, the transfer is covered by Standard Contractual Clauses (UK addendum included where applicable) and supplementary technical measures.

We do not sell personal data to anyone, in any jurisdiction, for any consideration. We do not share personal data with marketing partners or data brokers. We do not enrich the data you provide with third-party data sources without your explicit consent.

5. How long we keep it

Form submissions are retained for as long as the commercial relationship is active, plus seven years for tax and contract record retention where the submission led to an engagement, or 24 months otherwise. Newsletter subscriber data is retained until you unsubscribe, then deleted within 30 days. Server logs are retained for 90 days, then aggregated for security analysis and the personal data deleted. Analytics cookie data is retained for 14 months.

6. Your rights under GDPR and UK GDPR

If you are in the United Kingdom or the European Economic Area, you have the right to access the personal data we hold about you, the right to rectification of inaccurate data, the right to erasure (the “right to be forgotten”) in the circumstances set out in Article 17 GDPR, the right to restriction of processing, the right to data portability for data you provided to us, and the right to object to processing based on legitimate interests. Where we process data on the basis of your consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our privacy team via the contact page. We respond within one calendar month. We do not charge a fee for routine requests. You also have the right to lodge a complaint with the supervisory authority in your jurisdiction (in the UK, the Information Commissioner's Office; in EU member states, the relevant national supervisory authority).

7. Your rights under the California Consumer Privacy Act

If you are a California resident, you have the right to know what personal information we have collected about you, the right to delete that information subject to the exceptions in Cal. Civ. Code § 1798.105(d), the right to correct inaccurate information, the right to opt out of the sale or sharing of personal information (we do not sell or share personal information, so there is nothing to opt out of), and the right to non-discrimination for exercising your CCPA rights. To exercise these rights, contact us as set out above.

8. Cookies

We use a small number of strictly necessary cookies to operate the site (session management, security tokens). We do not use these cookies for marketing or analytics. Where we use first-party analytics cookies, we request your consent through the cookie banner before setting them, and you can change your preferences at any time via the cookie settings link in the footer.

9. Security

We apply appropriate technical and organisational measures to protect personal data, including TLS in transit, encryption at rest where supported by the data processor, access control on a need-to-know basis, mandatory two-factor authentication for staff access to client and contact data, and quarterly access review.

10. Children

This site is not directed at, and we do not knowingly collect personal data from, anyone under the age of 16. If you become aware that a person under 16 has provided personal data to us, contact us and we will delete the data promptly.

11. Changes to this policy

We review this policy at least annually. Material changes are notified by email to newsletter subscribers and by site-wide banner for at least 30 days. The version date and version number at the top of this page reflect the most recent review.