Privacy Policy: EHR Advisory

Last Updated: February 2026

ICO Registration Number: tbc

1. Introduction

At EHR Advisory, I am committed to protecting the privacy and security of your business and personal data. This policy explains how I collect, use, and protect your information when you visit ehradvisory.uk or engage my services.

As a marketing advisor, I act as a Data Controller for my own business and a Data Processor when handling your specific customer data.

2. The Data I Collect

To provide an evidence-led advisory service, I collect the following:

  • Contact Information: Name, email, and phone number when you enquire.

  • Business Information: Your website URL and marketing challenges.

  • Technical Data: IP address, browser type, and how you interact with this site (collected via Squarespace cookies).

3. The "Detective Phase": Accessing Your Systems

If we work together on a Strategic Build or Retainer, you may grant me access to your platforms (e.g., Google Ads, Meta Business Suite, Squarespace Analytics).

  • Confidentiality: I treat all client data as strictly confidential.

  • Access Only: I only access the data necessary to perform the agreed-upon audit or management. I do not download or "harvest" your customer lists for my own use.

  • Security: I use secure, encrypted workstations and two-factor authentication (2FA) for all platform logins.

4. How I Use Your Information

I only process data where I have a legal basis to do so:

  • To Perform Our Contract: To deliver the audits, builds, or monthly management you have hired me for.

  • Legitimate Interests: To respond to your enquiries, manage my business, and improve my website experience.

  • Consent: Where you have opted-in to receive specific updates from me.

5. Data Sharing & International Transfers

I do not sell your data. I use a small number of trusted third-party services to run my business (e.g., Google Workspace and Squarespace).

  • Some of these providers store data outside the UK (typically in the US).

  • I ensure these transfers are protected by UK Standard Contractual Clauses (IDTA) to ensure your data remains as safe as it is in the UK.

6. Your Rights

Under UK GDPR, you have the following rights:

  • Access: You can request a copy of the data I hold about you.

  • Correction: You can ask me to update inaccurate information.

  • Erasure: You can ask me to delete your personal data ("the right to be forgotten").

  • Object: You can object to me using your data for marketing.

7. Data Retention

I only keep your information for as long as is necessary to provide my services or to meet legal/accounting requirements (typically 6 years for financial records).

8. Contact & Complaints

If you have any questions or wish to exercise your rights, please contact me directly:

Emy Heather-Rees Email: emyhrees@gmail.com

Location: Shropshire, England

If you are unhappy with how I handle your data, you have the right to complain to the Information Commissioner’s Office (ICO), although I would appreciate the chance to resolve any concerns with you first.