Privacy Policy
Last updated: September 2025
Introduction
NEUROPAC LIMITED (“NEUROPAC”, “we”, “us”) is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, our lawful bases for processing, who we share it with, and the rights you have under UK GDPR and the Data Protection Act 2018.
Who we are
NEUROPAC LIMITED is registered in England & Wales (Company No. 16673302).
Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ.
How to contact us
NEUROPAC LIMITED is registered with the UK's Information Commissioner's Office under the Data Protection Act 2018.
The Data Controller is Paul Crouch, Director.
The ICO Reference number is:
ZB993166.
For any privacy questions or to exercise your rights, contact:
team@neuropac.co.uk.
What data we collect
We collect and process the following categories of personal data, as relevant to our relationship with you:
- Identity & contact data: name, job title, employer, email address, postal address.
- Engagement data: enquiry details, proposals, statements of work, project communications.
- Transactional data: invoices, payments, purchase orders and related records.
- Technical & usage data: limited analytics (e.g. page views, timestamps, IP address) and cookies where used.
- Marketing preferences: your opt-in/opt-out choices and communication preferences.
We do not intentionally collect special category (sensitive) data (e.g., health, religious beliefs) or criminal offence data. Please do not provide such information to us.
How we collect your data
- Directly from you (e.g., email, forms, meetings, calls).
- Automatically via our website/app interactions (limited analytics and logs).
- From third parties where lawful (e.g., referrals, credit/identity verification providers).
How we use your data & lawful bases
We only process personal data where we have a lawful basis under UK GDPR:
| Purpose | Data types | Lawful basis |
|---|---|---|
| Responding to enquiries and onboarding clients | Identity, contact, engagement data | Contract (pre-contract steps at your request); legitimate interests (business development) |
| Delivering consultancy/services and administering accounts | Identity, contact, engagement, transactional | Contract; legitimate interests (service quality, debt recovery); legal obligation (tax/accounting) |
| Maintaining records and improving our services/website | Engagement, technical & usage data | Legitimate interests (operate and improve our business) |
| Sending marketing communications | Identity, contact, preferences | Consent (you can withdraw at any time); legitimate interests for B2B where appropriate |
| Legal, regulatory, and compliance purposes | Relevant data as required | Legal obligation; legitimate interests; establishment, exercise or defence of legal claims |
Marketing
We may send marketing communications if you have opted in (or where permitted for B2B on legitimate interests). You can opt out at any time by emailing team@neuropac.co.uk.
Sharing your data
We do not sell your personal data. We may share limited data with trusted processors who provide services to us (e.g., hosting, email, accounting, payment processing, analytics) under appropriate contracts. We may also share data where required by law or to protect our rights or those of others.
International transfers
Some processors may be located outside the UK/EEA. Where transfers occur, we rely on appropriate safeguards such as UK-approved Standard Contractual Clauses (SCCs) or adequacy regulations.
Data retention
We retain general contact/engagement data for 6 years after your last interaction unless a different period is required or permitted by law. Transaction and accounting records are retained for up to 7 years to comply with tax and legal obligations.
Security
We implement appropriate technical and organisational measures to protect your data. If a personal data breach occurs, we will notify the ICO without undue delay (and where feasible, within 72 hours). If the breach is likely to result in a high risk to you, we will also inform you without undue delay.
Your rights
Under UK GDPR you have the right to: access your data; rectify inaccuracies; request erasure; restrict or object to processing; and data portability (in certain cases). You also have the right to withdraw consent where we rely on it. To exercise your rights, email team@neuropac.co.uk. We will respond within one month.
You have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk. We would appreciate the chance to address your concerns first.
Cookies
Our site may use essential cookies for basic operation and optional analytics cookies to understand usage. Where required, we will request your consent for non-essential cookies. For details, see our Cookies page.
Changes to this policy
We may update this policy from time to time. The “Last updated” date above will reflect the most recent changes. Material changes may be notified via our website or by email where appropriate.
Contact
For privacy questions or requests, contact: team@neuropac.co.uk.