Privacy & Cookies
This Privacy Notice explains how I use your personal data and what your rights are. It applies to people who enquire about or commission my services, apply for micro-funding, and anyone who takes part in research, consultation or evaluation activities.
Palimpsest is the trading name of Nicola Allen, sole trader. For the purposes of my own business activities, I am the data controller for the personal data processed by the consultancy. In some circumstances, I also process personal data on behalf of clients, acting as a data processor in accordance with their instructions and contractual arrangements.
I may also receive confidential business or organisational information while carrying out commissions. Such information is handled in accordance with contractual and professional confidentiality obligations.
Palimpsest provides archive, records management, information governance, consultancy, training services and related professional services. Protecting privacy and information security is an important part of my professional practice. I seek to ensure that personal data is processed lawfully, fairly and transparently, collecting only information that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. Personal data is retained only for as long as necessary and protected against unauthorised access, loss or misuse.
Personal data may be obtained directly from you, from your employer or organisation, from project partners or commissioning organisations, or from publicly available sources where relevant to the services provided.
I can be contacted by email: nicola.allen.professional@hotmail.com
PURPOSES AND LAWFUL BASIS FOR USING YOUR DATA
UK data protection law allows personal data to be processed where there is a lawful basis for doing so.
Examples of how I may process personal data where necessary:
Performance of a contract
· responding to enquiries;
· preparing proposals;
· entering into or carrying out contracts;
· delivering consultancy and training services.
Compliance with a legal obligation
· meeting tax and accounting requirements;
· complying with other legal or regulatory obligations.
Legitimate interests
· providing professional consultancy services;
· managing client and professional relationships;
· communicating with clients and project participants;
· to operate and administer a discretionary micro-funding scheme that supports archive, heritage and
related projects;
· maintaining business records;
· managing information security;
· establishing, exercising or defending legal claims.
While I rely on legitimate interests, I consider potential impact on individuals and seek to ensure that their rights and freedoms are respected.
Consent
Occasionally I rely on your consent, for example:
Surveys
Participation is voluntary. Surveys will not normally require personal information, although you may choose to provide contact details.
Interviews and focus groups
Participation is voluntary. You can choose what information to provide, decline to answer questions and withdraw before information has been anonymised or incorporated into aggregated findings.
Research and evaluation
Personal data collected for research and evaluation is processed only for specified purposes and, where practical, anonymised or aggregated before publication.
You may withdraw consent at any time. This will not affect processing already carried out lawfully before consent was withdrawn.
Some personal information is necessary for me to enter into contracts, deliver services and comply with legal obligations. If required information is not provided, I may not be able to provide the relevant service.
Micro-funding
If you apply for a micro-funding award, I will use the information you provide to assess your application, contact you about the outcome and, where applicable, administer the award. This processing is carried out under my legitimate interests in operating and managing the micro-funding scheme.
If you choose to share information about your project or agree to publicity about the award, I may use this information to promote the scheme, including through social media. This will only happen with your consent, which you may withdraw at any time.
Information relating to unsuccessful applications will be retained only for as long as necessary to administer the scheme and deal with any queries before being securely deleted.
You can always change your mind and withdraw your consent by contacting me.
The website does not currently use non-essential cookies or tracking technologies. Essential technical functionality may be provided by the website platform.
WHAT PERSONAL DATA I USE
Depending on the nature of the work, I may process:
· names and contact details;
· job titles and organisation details;
· correspondence and communications;
· project and contract information;
· billing and payment information;
· survey, interview and evaluation responses;
· meeting attendance and scheduling information;
· files and documents shared during projects;
· technical information associated with the use of online services, such as IP addresses, browser or device information, and website or training platform usage data where collected automatically;
· training and assessment information, including participation in training activities and test results where these are collected.
Occasionally, consultancy or research work may involve special category personal data. Where this occurs, it will only be processed where permitted by UK data protection law and appropriate safeguards are in place.
INFORMATION SHARING, STORAGE AND INTERNATIONAL TRANSFERS
I do not sell personal information.
Personal data may be shared where necessary with:
· trusted associates or subcontractors engaged to support consultancy, research or archive projects;
· professional advisers;
· providers of business and communication services;
· clients where necessary for commissioned work;
· public authorities or regulators where required by law.
Access to personal data is limited to those who need it for legitimate purposes and appropriate contractual or professional obligations of confidentiality apply.
I use third-party service providers, including Zoom, Microsoft 365, Netlify, GoDaddy, SmartSurvey and Doodle, to support the operation of my business and the delivery of consultancy and training services.
Most personal data processing takes place within the UK. Where personal data is transferred outside the UK, this will only take place where appropriate safeguards or recognised legal mechanisms under UK data protection law are in place.
Depending on the nature of the services provided, Palimpsest may act as a data controller for its own business activities or as a data processor on behalf of client organisations. The role undertaken will depend on the services being provided and the contractual arrangements in place.
Where Palimpsest acts as a data processor and processes personal data only in accordance with the client's documented instructions and applicable contractual obligations, individuals wishing to exercise their data protection rights in relation to such processing should normally contact the relevant client organisation, although I will assist controllers in meeting their obligations where required.
MOBILE DEVICES
I may access personal data using mobile devices to manage commissions and communications.
Devices are protected using passwords, PINs, biometric controls where available, encryption and regular software updates.
SECURITY AND RETENTION
I handle personal data in accordance with UK data protection legislation and maintain appropriate technical and organisational measures to protect it.
These include:
· secure accounts;
· strong passwords;
· multi-factor authentication;
· access controls;
· encryption where appropriate;
· information security procedures.
I keep client-related personal data for six years after work is completed and invoices are settled. This may include correspondence, contracts, project files and financial records. Other personal data is retained only for as long as necessary for the purposes for which it was collected or to meet legal or contractual obligations.
Retention periods are reviewed periodically to ensure information is not kept for longer than necessary.
YOUR RIGHTS
UK data protection law gives you rights over your personal data. These include:
· the right to be informed;
· the right of access;
· the right to rectification;
· the right to erasure;
· the right to restrict processing;
· the right to data portability;
· the right to object to processing;
· rights relating to automated decision-making and profiling.
Palimpsest does not carry out automated decision-making or profiling that produces legal or similarly significant effects for individuals.
Some rights apply only in particular circumstances.
To exercise your rights, please contact me.
To protect personal data, I may ask you to provide reasonable evidence of your identity before responding to a request.
COMPLAINTS
If you have concerns about how I collect, use, store or otherwise process your personal data, please contact me in the first instance.
I will investigate concerns and seek to resolve them promptly.
You also have the right to complain to the Information Commissioner's Office (ICO).
Information Commissioner's Office (ICO)
Telephone: 0303 123 1113.
CHANGES TO THIS NOTICE
This Privacy Notice may be updated from time to time to reflect changes in legislation, guidance or business practice.
The latest version will always be available on this website.
Updated: June 2026 / This notice will be updated from time to time.
Unsure what you need? Book a free 40 min call to explore your project.
Copyright © 2026 Palimpsest - All Rights Reserved.