Last updated: [01/04/2025]

White Turtle (“we”, “our”, “us”) is committed to protecting the privacy of individuals whose data we process. This Privacy Policy explains how we collect, handle, store and protect personal data when individuals visit our website www.whiteturtle.co.uk.
Engage with us, or when we access data while delivering CRM and Revenue Operations (RevOps) consulting services and managed services.

We comply with the UK GDPR, Data Protection Act 2018, and all other applicable data-protection legislation.

1. Data We Collect

We only collect data that is necessary for communication, enquiry handling, or delivering our services.

1.1 Lead & Contact Data

Name

Company name

Job title

Email address

Phone number (if supplied)

Professional social media or public data

Information sent to us via website forms or email

1.2 Client Operational Data (B2B Consulting Work)

When delivering CRM or RevOps services, we may access:

CRM records

Contact databases

Customer interaction data

Account settings, configuration data, and audit logs

This data is always client-owned. We act strictly under client instruction.

1.3 Website & Technical Data

If applicable:

Cookies

IP address

Website analytics

Browser/device information

Cookies and analytics are only used with consent (see section 12).

2. How We Collect Data

We collect data when:

You fill out a form on our website

You contact us via email, phone, or LinkedIn

You opt in to communications

Clients grant access to CRM systems for consultancy purposes

You interact with our website (with cookie consent)

We do not collect data from children (see section 10).

3. How We Use Personal Data

We process personal data for the following purposes:

3.1 Lead & Enquiry Handling

Responding to enquiries

Scheduling meetings

Managing CRM lead records

Sending communications only where consent has been given

3.2 Delivery of CRM & RevOps Consulting Services

Accessing client CRM systems to perform audits

Implementing configurations or optimisations

Providing reports, insights, and guidance

Supporting client teams

We never use client CRM data for our own business purposes.

3.3 Website Operation & Improvement

Ensuring website functionality

Understanding website performance (only with consent)

We do not sell personal data or share it with third parties for independent purposes.

4. Legal Basis for Processing

Data Type Purpose Legal Basis Retention

Lead/contact data Responding to enquiries Legitimate Interest 24 months after last interaction

Marketing communications Newsletters, updates Consent Until consent withdrawn

Client CRM data Delivering contracted services Contract Duration of contract + 6 years

Analytics/cookies Website performance Consent Varies (see cookie policy)

5. Acting as a Data Processor for Clients

For CRM and RevOps consultancy, we often act as a data processor.

We only access client data as instructed

We do not copy, store, or redistribute CRM data unless required for delivery

All access is controlled and confidential

We never use client data for sales, marketing, training, or AI model training

We may occasionally act as a joint controller when defining strategy with a client. Roles are always defined in the contract.

6. Data Sharing

We do not share personal data with third parties except where required to operate securely (e.g., hosting providers, email infrastructure).

All third parties act as data processors, meaning they cannot use data independently of us.

We never sell or disclose data to marketers or external commercial entities.

7. International Data Transfers

Some tools we use may store data outside the UK/EU.

Where international transfers occur, we ensure:

Standard Contractual Clauses (SCCs)

UK International Data Transfer Addendum (IDTA)

Adequacy decisions where applicable

You may request details of these safeguards at any time.

8. Sub-Processors & Tools We Use

We may use secure, industry-standard platforms such as:

Website hosting providers

Email and productivity tools (e.g., Google Workspace or Microsoft 365)

CRM systems (accessed only under client instruction)

Project management tools (e.g., ClickUp, Notion, or similar)

These providers only process data on our behalf and cannot use it for their own purposes.

A current list of processors is available upon request.

9. Data Retention

We keep data only as long as needed:

Leads: 24 months after last interaction

Client CRM data: Duration of engagement + 6 years

Email marketing: Until consent is withdrawn

Website analytics: As per cookie preferences

You can request deletion at any time (see section 11).

10. Children’s Data

We do not knowingly collect or process data relating to individuals under 16 years of age.

If such data is identified, we will delete it promptly.

11. Automated Decision-Making

We do not conduct automated decision-making or profiling that has legal or significant effects on individuals.

No AI-driven lead scoring, automated qualification, or behavioural modelling is used on personal data.

12. Cookies

We use essential cookies for website operation.

Analytics or marketing cookies are only enabled with explicit consent.

Visitors may withdraw consent at any time.

A separate Cookie Policy can be provided if required.

13. Your Rights Under UK GDPR

Individuals have the right to:

Access their data

Rectify inaccuracies

Request deletion (“right to be forgotten”)

Restrict processing

Object to processing

Withdraw consent at any time

Request portability of their data

How to withdraw consent

You can withdraw consent by emailing:

[Insert Contact Email]

14. Complaints

If you have concerns about how we handle data, you can contact us directly.

You also have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)

Website: ico.org.uk

15. Contact Us

For all privacy-related enquiries, contact:

White Turtle

Email: [Insert Email]

Website: www.whiteturtle.co.uk

16. Changes to This Policy

We may update this Privacy Policy periodically.

The latest version will always be posted on this page.