Privacy Notice

This Privacy Notice explains how Meridian GRC Consulting Ltd (“Meridian GRC Consulting”, “we”, “us”, or “our”) collects, uses, and protects personal data when you interact with our website or engage with our services.

Meridian GRC Consulting Ltd is registered with the UK Information Commissioner’s Office (ICO) as a data controller (Registration No. ZC072480).

Who We Are

Meridian GRC Consulting Ltd is a professional services consultancy providing governance, risk, and compliance advisory services to organisations globally.

Personal Data We Collect

We may collect and process limited personal data, including:

  • Contact details (such as name, business email address, and organisation).

  • Professional information provided in enquiries or correspondence.

  • Information required to deliver contracted services.

  • Website usage information collected through essential or analytics cookies.

We do not intentionally collect special category data through our website.

During consultation meetings, we may process audio recordings, transcripts, and written notes to accurately document discussions and agreed actions. Participants will be informed where meetings are recorded or transcribed.

How We Use Personal Data

We process personal data for the following purposes:

  • Responding to enquiries and communications.

  • Delivering professional services under contract.

  • Managing client relationships.

  • Meeting legal and regulatory obligations.

  • Maintaining the security and operation of our website.

 We do not use personal data for automated decision-making or profiling.

Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

  • Contractual necessity, where processing is required to deliver services or respond to requests.

  • Legitimate interests, where processing is necessary for business operations and professional communication.

  • Legal obligation, where processing is required by law or regulation.

Where consent is required, it will be obtained explicitly.

Where we use AI-assisted tools to support meeting transcription, documentation, or written review, this processing is carried out with human oversight, for limited and defined purposes, and subject to participant awareness and choice. Further details are provided in our AI Usage & Data Handling statement.

Data Sharing

We do not sell personal data.

Personal data may be shared with trusted third parties only where necessary to support our operations or service delivery, such as professional advisers, IT service providers, or regulatory bodies where required by law. All such parties are subject to appropriate confidentiality and data protection obligations.

While providing our services, we may use trusted third-party technology providers to support note-taking, transcription, and quality assurance of consultation records.

This includes the use of AI-enabled tools such as Otter AI and Gemini to transcribe and summarise meetings, and Grammarly to review written consultation notes for clarity and accuracy.

These providers act as data processors and are subject to appropriate contractual, confidentiality, and data protection obligations. We do not use personal data for automated decision-making.

Where third parties act as processors, appropriate contractual safeguards are in place.

International Data Transfers

Where personal data is transferred outside the UK or European Economic Area, appropriate safeguards are applied in accordance with applicable data protection laws.

Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, taking into account contractual, legal, and regulatory requirements. Retention decisions are based on purpose and risk, rather than fixed time periods.

Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse, consistent with the nature of the data and our professional obligations.

Your Rights

Under applicable data protection laws, you have rights, including:

  • The right to access your personal data.

  • The right to request correction or deletion.

  • The right to restrict or object to processing.

  • The right to data portability, where applicable.

  • The right to lodge a complaint with the UK Information Commissioner’s Office.

 Requests can be made using the contact details below.

Contact Details

For questions about this Privacy Notice or how personal data is handled, please contact:

Meridian GRC Consulting Ltd
Email: enquiries@meridiangrc.com

If you have concerns about how your data is processed, you also have the right to contact the UK Information Commissioner’s Office.

Updates to This Notice

This Privacy Notice may be updated periodically to reflect changes in legal requirements or business practices. The latest version will always be available on our website.