Privacy Policy

Last updated: 4 July 2026

1. Who we are

This website is operated by Metron Advisory.

For the purposes of UK data protection law, the data controller is:

Legal entity: Metron Advisory Limited
Trading name: Metron Advisory
Registered or trading address: 66 Paul Street, London, EC2A 4NA
Privacy contact: Enquiries@metronadvisory.co.uk

This privacy policy explains how we collect, use, store and protect personal information when you visit our website, contact us or enquire about our services.

2. Information we collect

We currently collect limited personal information.

Information you provide to us

When you complete a contact form, email us, telephone us or otherwise make an enquiry, we may collect:

  • your name;

  • your company or organisation name;

  • your email address;

  • your telephone number; and

  • any information you choose to include in your enquiry or correspondence.

Please do not provide sensitive personal information through our website unless we specifically request it.

Website and analytics information

When you visit our website, we and our service providers may collect technical and usage information, including:

  • your IP address;

  • browser and device type;

  • operating system;

  • approximate location, such as country, region or city;

  • pages viewed and time spent on those pages;

  • referring website or source;

  • date and time of your visit;

  • interactions with website features; and

  • cookie or similar technology identifiers.

We use this information to operate, secure, understand and improve our website and services.

3. How we use your information

We may use your personal information for the following purposes:

To respond to enquiries and requests
We use your information to answer questions, respond to contact forms and communicate with potential clients. We rely on our legitimate interests in managing business enquiries and communications.

To discuss or prepare services you have requested
We may use your information to understand your requirements, prepare proposals or take other steps before entering into a contract with you.

To provide our services
Where you become a client, we use your information to deliver and manage the services agreed with you. We rely on the performance of our contract with you.

To maintain business records
We may retain records of enquiries, communications and business activities. We rely on our legitimate interests in keeping accurate and appropriate records.

To operate and protect our website and systems
We use technical and usage information to maintain our website, prevent misuse, investigate security issues and protect our systems and users. We rely on our legitimate interests in maintaining the security and reliability of our business.

To understand and improve our website and services
We may use cookies and analytics information to understand how visitors use our website, identify performance or usability issues and improve our content and services. We rely on our legitimate interests where permitted by law, or on your consent where consent is required.

To meet legal and regulatory requirements
We may use or disclose information where necessary to comply with legal, regulatory, accounting or law-enforcement obligations.

Where we rely on legitimate interests, we consider whether the processing is necessary and proportionate and whether your rights and interests override our interests.

We do not use personal information collected through the website for automated decision-making that produces legal or similarly significant effects.

4. Cookies and analytics

Cookies are small files or pieces of information stored on or accessed from your device when you visit a website. Similar technologies, such as scripts, tags and local storage, may perform comparable functions.

We may use the following categories:

Strictly necessary cookies

These cookies are required for the website to operate properly, remain secure, remember privacy choices or provide functionality you have requested. They cannot generally be disabled through our website.

Analytics cookies and technologies

We may use analytics technologies to understand matters such as:

  • the number of visitors to our website;

  • which pages are most frequently visited;

  • how visitors navigate through the website;

  • how long visitors spend on particular pages;

  • the devices and browsers visitors use;

  • whether visitors encounter performance or usability problems.

Where our analytics use meets the applicable statistical-purpose exception, it will be used solely to produce aggregate statistical information for improving our website or service. Visitors will be given clear information and a simple, free way to object.

Where an analytics technology falls outside an applicable exception, it will not be activated until you have provided the required consent.

We do not currently use website analytics information for targeted advertising, cross-site tracking or profiling individual visitors unless this is separately disclosed and the required consent has been obtained.

You can manage your preferences through [insert link or reference to cookie settings]. You may also be able to restrict or delete cookies through your browser settings, although this may affect certain website functions.

5. Sharing your information

We do not sell personal information.

We may share limited personal information with trusted suppliers that help us operate our business and website, including:

  • website hosting and maintenance providers;

  • cloud hosting, storage and email providers;

  • website contact-form providers;

  • analytics providers;

  • IT support and cybersecurity providers;

  • professional advisers, such as accountants, insurers or legal advisers; and

  • public authorities or regulators where disclosure is legally required.

Suppliers may only process information for the agreed purpose and in accordance with our instructions where they act as our data processor.

Where a third-party analytics provider is used under the statistical-purpose exception, it must only use the information on our behalf to help us understand and improve our website or service. Our cookie information will identify the relevant analytics services and explain their purpose.

We may also disclose information where reasonably necessary to establish, exercise or defend legal claims, investigate suspected fraud or protect our rights, systems, users or property.

6. International transfers

Some of our technology or service providers may store or process information outside the United Kingdom.

Where personal information is transferred internationally, we take steps to ensure that an appropriate legal safeguard is in place. This may include:

  • transferring information to a country covered by UK adequacy regulations;

  • using the UK International Data Transfer Agreement;

  • using an approved UK Addendum to standard contractual clauses; or

  • relying on another safeguard permitted by UK data protection law.

You may contact us for further information about the safeguards that apply to your information.

7. How long we retain information

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected.

As a general approach:

  • enquiry and contact information will normally be retained for no longer than 24 months after our last meaningful contact, unless a business relationship develops or there is a reason to retain it for longer;

  • information relating to an established client relationship may be retained for the duration of that relationship and afterwards where needed for legal, contractual, insurance, tax or accounting purposes;

  • identifiable analytics information will be retained only for the period necessary to produce the relevant statistics and will be aggregated or deleted as soon as reasonably practicable; and

  • cookie retention periods will be stated within our cookie settings or cookie information.

We may retain information for longer where required by law, where a dispute or legal claim is anticipated or ongoing, or where necessary to prevent fraud or protect our systems.

8. How we protect your information

We use appropriate technical and organisational measures designed to protect personal information against unauthorised access, disclosure, alteration, loss or destruction.

Depending on the relevant system and risk, these measures may include:

  • access controls and restricted permissions;

  • strong authentication and password controls;

  • multi-factor authentication;

  • encryption in transit and, where appropriate, at rest;

  • secure cloud and website services;

  • system updates and security monitoring;

  • backups and recovery arrangements;

  • supplier due diligence; and

  • procedures for responding to security incidents.

Access to personal information is limited to people and suppliers who reasonably need it for their work.

Although we take reasonable steps to protect information, no website, internet transmission or storage system can be guaranteed to be completely secure.

9. Your data protection rights

Depending on the circumstances and the lawful basis being used, you may have the right to:

  • request access to the personal information we hold about you;

  • ask us to correct inaccurate or incomplete information;

  • ask us to delete your information;

  • ask us to restrict how your information is used;

  • object to certain uses of your information;

  • receive certain information in a portable format;

  • withdraw consent at any time where processing is based on consent; and

  • complain about how we have handled your information.

These rights are not absolute and may be subject to legal conditions or exemptions.

Your right to object

You have the right to object where we process your personal information on the basis of legitimate interests.

Where you object, we will stop the relevant processing unless we have compelling legitimate grounds to continue or the processing is required to establish, exercise or defend legal claims.

To exercise a right, contact us using the details in section 1. We may need to request information to verify your identity. We will not normally charge a fee, although the law permits fees or refusal in limited circumstances.

10. Data protection complaints

You can raise a data protection concern or complaint by contacting us at [insert privacy email address or link to electronic complaint form].

We will acknowledge a data protection complaint within 30 days, investigate it appropriately and communicate the outcome without undue delay.

You also have the right to complain to the Information Commissioner’s Office, the UK regulator responsible for data protection. We would appreciate the opportunity to address your concerns directly before you approach the regulator, although you are not required to contact us first.

11. Third-party websites

Our website may contain links to websites operated by other organisations. We are not responsible for the privacy practices, security or content of those websites.

You should review the privacy information provided by the relevant third party before submitting personal information or using its services.

12. Children’s information

Our website and services are intended for businesses and professionals and are not directed at children.

We do not knowingly collect personal information from children through our website. If you believe a child has provided personal information to us, please contact us so that we can delete it.

13. Changes to this privacy policy

We may update this privacy policy to reflect changes to our website, suppliers, services or legal obligations.

The most recent version will be published on this page and the “last updated” date will be amended. Where a change materially affects how we use personal information, we will take reasonable steps to bring it to the attention of affected individuals.