Privacy Policy

Festive Road Privacy Policy

Effective date: 12 May 2026
Last reviewed: 12 May 2026
Version: 2.0

1. Introduction

Festive Road International Ltd (“Festive Road”, “we”, “us” or “our”) is committed to protecting and respecting the privacy and security of your personal information.

This Privacy Policy explains how and why we collect, use, store and share personal data and describes your rights under applicable data protection laws. This policy is intended to comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. Where relevant, we also take account of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”) and other applicable data protection laws in the jurisdictions in which we operate or with which we engage.

2. Information About Us

Festive Road International Ltd is a private limited company registered in England and Wales (company number 10020477). Our registered office is Initial Business Centre, Unit 7, Wilson Business Park, Manchester M40 8WN.

We act as a data controller for the purposes of UK GDPR.

Any questions about this Privacy Policy or our processing of personal data should be directed to hello@festive-road.com.

3. Scope of This Privacy Policy

This Privacy Policy applies to personal data we collect and process in connection with:

• use of our website (www.festive-road.com);
• delivery of consultancy and related services to our clients;
• communications with clients, prospective clients, suppliers, partners and other business contacts; and
• marketing, events and thoughtleadership activities.

This policy does not apply to thirdparty websites that may be linked from our website. We are not responsible for their privacy practices.

Throughout this policy, “you”, “your” refers to individuals whose personal data we process, including client representatives, suppliers, partners, website users, job applicants and other contacts.

4. Data Protection Principles

We process personal data in accordance with data protection law. Personal data must be:

• processed lawfully, fairly and transparently;
• collected for valid, specified, explicit and legitimate purposes;
• adequate, relevant and limited to what is necessary;
• accurate and, where necessary, kept up to date;
• retained only as long as necessary; and
• kept secure and protected against unlawful or unauthorised processing, access, loss, destruction or damage.

5. Personal Data We Collect

Depending on the nature of our relationship with you, we may collect:

• Identity data – name, job title, employer, professional role;
• Contact data – business address, email address, telephone number;
• Professional and engagement data – project information, correspondence, meeting notes and deliverables;
• Financial and transaction data – invoicing and payment details;
• Marketing and communications data – communication preferences; and
• Technical data – IP address, browser type, operating system and website usage data.

We do not routinely collect special category personal data. Where such data is required, it is processed only where permitted by law and with appropriate safeguards.

6. How We Collect Personal Data

We collect personal data:

• directly from you when you contact us, engage our services, attend events or use our website;
• from the organisation you represent;
• from publicly available sources such as company websites or professional networks;
• from thirdparty service providers supporting our operations; and
• automatically through our website and systems.

Where we obtain your personal data from a source other than you directly — for example, from your employer, a third-party introducer, or a public source such as LinkedIn or a company website — we will, on request, tell you the source of that data and (where applicable) whether it came from a publicly accessible source.

7. Lawful Bases for Processing

We only process personal data where a lawful basis applies, including:

• performance of a contract or taking steps prior to entering into a contract;
• compliance with legal or regulatory obligations;
• our legitimate business interests — including managing and developing client and supplier relationships, marketing our services to business contacts, network and information security, fraud prevention, and the day-to-day running and improvement of our business — where those interests are not overridden by your rights and freedoms; and
• consent, where required.

More than one lawful basis may apply to the same processing activity.

8. How We Use Personal Data

Under Data Protection Legislation, we can only use personal data if we have a proper reason for doing so, namely to:

• deliver consultancy and advisory services;
• manage client, supplier and partner relationships;
• respond to enquiries and communicate with you;
• administer contracts, billing and payments;
• send marketing communications and event invitations where permitted;
• operate, protect and improve our website and business; and
• comply with legal and regulatory obligations.

9. Marketing Communications

We may send you marketing communications based on our legitimate interests or your consent (where required by law). You can opt out at any time using the unsubscribe link in our communications or by contacting us at hello@festive-road.com.

Opting out of marketing will not affect essential servicerelated communications.

10. Cookies and Website Analytics

We use cookies and similar technologies to ensure our website functions properly and to help us understand how it is used.

Strictly necessary cookies are used to operate our website and do not require your consent. If you choose to block these cookies through your browser settings, parts of the site may not work as intended.

Other cookies, including those used for analytics, are used only where you have given your consent via our cookie controls. You can withdraw or change your consent at any time.

Some analytics cookies are provided by thirdparty providers. These cookies help us understand how visitors interact with our website and improve our services.

Further details are provided via our cookie banner or Cookie Policy.

11. Disclosure of Personal Data

We may share personal data with:

• professional advisers and consultants;
• IT, hosting, cloud, HR, finance and administrative service providers;
• regulators, courts or public authorities where required by law; and
• a buyer or successor organisation in the event of a business sale, merger or restructuring.

We do not sell personal data and require all recipients to protect it in accordance with applicable law.

12. International Transfers

To provide our services and operate our business, we sometimes need to share personal data with trusted service providers, suppliers, or your own service providers, some of whom may be located outside the United Kingdom or the European Economic Area (EEA).

Where personal data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with applicable data protection law, such as adequacy decisions or appropriate contractual protections.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure. Access is restricted to those with a legitimate business need.

14. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, tax and business requirements.

By way of example:

• client contracts and engagement records are typically retained for 6 years after the end of the contract (or 12 years where executed as deeds);
• financial and tax records are normally retained for 6–7 years after the relevant financial year; and
• marketing and CRM records are generally retained for 2–6 years from the last meaningful interaction.

15. Your Rights

You have rights under data protection law, including the right to:

• access your personal data;
• request correction of inaccurate data;
• request erasure in certain circumstances;
• object to or restrict processing;
• request data portability;
• withdraw consent where processing is based on consent; and
• lodge a complaint with the Information Commissioner’s Office (ICO).

Requests can be made by contacting hello@festive-road.com; tell us what personal data your request relates to and why and provide proof of your identity and address.

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee, or refuse to comply, if your request is manifestly unfounded or excessive, or if you request further copies.

We try to respond to all legitimate requests within one month. If your request is particularly complex, or if you have made a number of requests, it could take us longer than a month, in which case we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues (www.ico.org.uk). We encourage you to contact us first so that we can address your concerns, but this does not affect your right to raise a complaint directly with the ICO.

Individuals located outside the UK may also have the right to raise concerns with their local data protection authority, depending on applicable law.

16. Automated Decision Making

We do not routinely carry out automated decisionmaking or profiling that has legal or similarly significant effects on individuals. Where this changes, this policy will be updated.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website and will take effect when posted.