Privacy Policy

1. Who we are

This privacy policy explains how Set The Tone collects and uses your personal data. Set The Tone is a trading name of APR Consulting Group Ltd, a company registered in England and Wales (company number 16953162) with its registered office at C/O Accounts And Legal, 81 King Street, Manchester, Greater Manchester, England, M2 4AH.

For the purposes of UK GDPR, APR Consulting Group Ltd is the data controller for any personal data you provide through this website or in the course of working with us.

If you have any questions about this policy or how we handle your data, you can reach us at arran.russell@setthetonegroup.co.uk.

2. What data we collect

We collect the following categories of personal data:

Information you give us directly

• Contact details when you sign up to a newsletter, request a free guide, take an assessment, or book a call. Typically your name and email address.
• Assessment responses when you complete the Management OS Scorecard, the Leadership Style Assessment, or any other diagnostic we offer.
• Booking information when you schedule a call with us via Calendly, including any context you provide about your business.
• Payment information when you purchase a programme or service. Payments are processed by Stripe; we do not store full card details on our systems.
• Correspondence when you email us or reply to our communications.

Information we collect automatically

• Technical data including IP address, browser type, device type, and approximate location, collected via cookies and analytics tools.
• Usage data including pages visited, links clicked, and time spent on the site.
• Email engagement data including whether you open emails we send and which links you click. This is collected by our email service provider, Kit (ConvertKit).

3. How we use your data

We use your personal data to:

• Deliver the free resources, assessments, and newsletters you've requested
• Send you our weekly newsletter, Behind Closed Doors, and occasional updates about our services (you can unsubscribe at any time)
• Provide the consulting, training, and coaching services you've engaged us for
• Respond to enquiries and follow up on conversations
• Improve our website, content, and services based on how visitors and customers use them
• Comply with our legal and regulatory obligations

We do not sell your personal data to third parties under any circumstances.

4. Our legal basis for processing

Under UK GDPR, we rely on the following legal bases:

• Consent. When you sign up for our newsletter, request a free resource, or complete an assessment, you're giving us consent to use your email address to deliver what you've asked for and to send related communications. You can withdraw consent at any time.
• Contract. When you become a paying client, we process your data to deliver the services you've contracted us for.
• Legitimate interests. We process some data (such as analytics) on the basis that we have a legitimate interest in understanding how our website is used, balanced against your privacy. You have the right to object to this processing.
• Legal obligation. We process some data to comply with tax, accounting, and other legal requirements.

5. Third parties we share data with

We use the following third-party services to run our business. Each has access to specific categories of data and processes that data under their own privacy policies:

• Kit (ConvertKit) — email service provider. Stores your email address, name, and subscription preferences. Kit privacy policy.
• ScoreApp — assessment platform that powers the Management OS Scorecard and Leadership Style Assessment. Stores your responses, results, and contact details if you opt in to receive a report. ScoreApp privacy policy.
• Calendly — scheduling platform we use for booking calls. Stores your booking details and any information you provide when you schedule. Calendly privacy policy.
• Stripe — payment processor. Handles card payments for any of our paid services. We never see or store your full card details. Stripe privacy policy.
• Leadpages — website hosting platform. Hosts the pages on this website and processes basic visitor data. Leadpages privacy policy.
• Google Analytics or similar — if enabled, collects anonymised usage data to help us understand how the site performs. Google privacy policy.

We may also share your data with our accountants, legal advisors, or regulators where required to do so. We will not share your data with anyone else without your consent unless legally required.

6. Cookies and tracking

This website uses cookies. Some are essential for the site to function. Others help us understand how the site is being used so we can improve it.

You can disable cookies in your browser settings at any time. Disabling essential cookies may affect how the site works for you.

7. How long we keep your data

We keep your data for as long as we have a legitimate reason to. In practice:

• Newsletter subscribers — until you unsubscribe. After you unsubscribe, we keep a record of your email address on a suppression list to make sure we don't accidentally email you again.
• Free resource downloads / assessment completions — until you unsubscribe from the related email sequence.
• Client and project records — for at least seven years after the engagement ends, to meet UK accounting and tax requirements.
• Enquiries that don't lead to a project — typically 12 months from the last contact, unless you ask us to delete sooner.

8. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

• The right to be informed about how your data is being used (this policy is part of how we meet that)
• The right of access — you can ask us for a copy of the data we hold on you
• The right to rectification — you can ask us to correct inaccurate data
• The right to erasure — you can ask us to delete your data, subject to any legal obligations we have to retain it
• The right to restrict processing — you can ask us to stop using your data in certain ways while we resolve a query
• The right to data portability — you can ask us to provide your data in a portable format
• The right to object — you can object to processing we do on the basis of legitimate interests
• The right to withdraw consent — you can withdraw consent for processing we do on that basis at any time

To exercise any of these rights, email arran.russell@setthetonegroup.co.uk. We'll respond within one calendar month.

9. How we protect your data

We take reasonable technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, and disclosure. The third-party services we use (listed above) are well-established platforms with their own security infrastructure.

No system is perfectly secure. If a data breach affects you, we will notify you and the Information Commissioner's Office where required by law.

10. International data transfers

Some of the third parties we use (Kit, ScoreApp, Calendly, Stripe, Google) are based outside the UK and may process data in the United States or elsewhere. Where data is transferred outside the UK, we rely on the safeguards built into UK GDPR — typically the UK's adequacy decisions, standard contractual clauses, or each provider's own UK / EU data residency commitments.

11. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of the page reflects the most recent change. Material changes will be communicated by email if they affect how we process your data.

12. Contact and complaints

If you have any questions, concerns, or requests about this policy or how we handle your data, contact us at arran.russell@setthetonegroup.co.uk.

If you're not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO), the UK's data protection regulator. Their contact details are at ico.org.uk.