Privacy policy.

This updated Privacy Policy for Three Hats Consulting Limited has been refined for professional clarity, legal consistency with UK GDPR/DPA 2018, and ease of navigation for your clients.

Privacy Policy: Three Hats Consulting Limited

Last Updated: 19th April 2026

At Three Hats Consulting Limited, we are committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

1. Key Definitions

To help you understand this policy, we use the following terms:

  • "We", "Us", "Our": Three Hats Consulting Limited.

  • "You", "Data Subject": The natural living person whose data we process.

  • "Representative": Someone legally authorized to act on your behalf.

  • "Third Party": External suppliers (e.g., delivery companies, software providers) with whom we may share data.

  • "Data": Any personal information we hold about you.

  • "ICO": The Information Commissioner’s Office, the UK’s data protection regulator.

2. Who We Are (Data Controller)

Three Hats Consulting Limited acts as the Data Controller for the personal data we collect directly from you. In instances where your data is shared with us by a third party, we may act as either a Data Controller or a Data Processor.

Contact Details:

  • Name: Simon Bergenroth

  • Email: simon@threehats.co.uk

  • Address: Flat 11, 1 Craws Close, South Queensferry, EH30 9AZ

  • Phone: +44 (0) 7802 629 906

3. The Data We Collect

We collect data through various channels, including online forms, emails, post, telephone, and social media.

A. Information You Provide

  • Contact Details: Full name, home/business address, email address, and phone numbers.

  • Financial Data: Bank details or credit card information for payment processing.

  • Professional Context: Information shared during coaching sessions or within intake forms.

  • Representative Data: If you provide data about others, you must ensure you have their consent and have shared this policy with them.

B. Information We Collect Automatically

  • Call Recordings: We may record telephone conversations for training and quality assurance.

  • Analytics: Data generated to understand market trends and website usage.

C. Information From Third Parties

  • Business Partners: Referrals or introductions for new coaching opportunities.

  • Social Media: Profile information (name, contact details) if you interact with our promotional content on platforms like LinkedIn, Facebook, or Instagram.

  • Public Records: Information from publicly available sources to verify identity or business context.

4. How and Why We Use Your Data

We process your data based on several legal grounds:

Purpose Legal Basis Providing executive coaching services

Contractual Necessity Billing, payments, and debt recovery

Contractual Necessity / Legal Obligation Identity verification

Legal Obligation Sending marketing info (with your consent

Consent Improving our services via surveys/analysis

Legitimate Interest Preventing fraud or money laundering

Note on Special Category Data: We do not process sensitive data (e.g., health, politics, beliefs) without your explicit consent or a specific legal requirement.

5. Sharing Your Data

We do not sell or hire your personal data to third parties. We only share data with:

  • Service Providers: Reputable third parties who assist in delivery (e.g., IT support, delivery couriers, or administrative assistants). They are contractually bound to use the minimum data necessary.

  • Credit Reference Agencies: To perform identity and credit checks.

  • Legal/Regulatory Bodies: If required by law (e.g., HMRC) or to protect our legal rights.

  • Business Transfers: In the event of a sale, merger, or acquisition of our business assets.

6. International Data Transfers

Your data is primarily stored and backed up within the UK or EEA. If we use suppliers based outside these areas, we ensure they provide an equivalent level of protection through appropriate safeguards (such as Standard Contractual Clauses) to protect your privacy rights.

7. Data Retention

We retain your data only for as long as necessary.

  • Standard Rule: We typically keep client data for the duration of our contract plus 6 years to comply with legal requirements (such as HMRC audits) and to handle any future queries or legal claims.

  • Consent-based Data: Kept until you withdraw consent or the purpose is fulfilled.

8. Your Rights

Under the UK GDPR, you have the following rights:

  1. Right to be Informed: To know how your data is being used.

  2. Right of Access: To request a copy of the data we hold about you.

  3. Right to Rectification: To correct inaccurate or incomplete data.

  4. Right to Erasure: To ask us to delete your data (where applicable).

  5. Right to Restrict Processing: To "pause" the use of your data.

  6. Right to Data Portability: To move your data to another service provider.

  7. Right to Object: To stop us from using your data for direct marketing or legitimate interests.

To exercise these rights, please contact us at simon@threehats.co.uk.

9. Cookies

Our website uses cookies—small text files placed on your device—to improve your browsing experience and remember your preferences. You can manage or disable cookies through your browser settings, though this may affect website functionality.

10. Complaints

If you have concerns about how we handle your data, please contact us first so we can resolve the issue. If you remain dissatisfied, you have the right to lodge a complaint with the ICO: