Privacy Policy

  • Effective date: May 24th, 2018

Privacy Policy



Stratigen Consulting, (“us”, “we”, or “our”) operates,,, and (the ‘Services’). The security of all data is important to us; in this document, we will explain how we collect, use and protect the personal data we control and process.

We will also explain what rights you have with regards to personal data and how you can exercise those rights. By using any of the Services above, you hereby agree to the collection and use of information as defined in this Privacy Policy.

This is intended as a global Privacy Policy, for all customers/individuals using our Services, noting certain rights and principles are applicable to, and reserved for, EU citizens and the handling of their personal data (i.e. the areas that refer to the ‘GDPR’).


For the purpose of this Privacy Policy we operate as a Data Controller for our customers personal data. In addition, in fulfilling our management consulting projects, we sometimes operate as a Data Processor as instructed by a Data Controller and might (on occasion) be granted access to the personal data of third parties. Such access is needed to perform our Contractual Obligations and where the Data Controller has given their Informed Consent (and, in turn the Data Controller has captured Informed Consent from the individuals to transfer the data to Stratigen as a Data Processor).


These are 6 principles that underpin our approach to GDPR in terms of our responsibilities as a Data Controller and a Data Processor. In different words, we strive to ensure personal data is:

  1. Processed Lawfully, fairly and in a transparent manner;
  2. Collected for specified, explicit and legitimate purposes;
  3. Adequate, relevant and limited to what is necessary;
  4. Accurate and, where necessary, kept up to date;
  5. Retained only for as long as necessary; and,
  6. Processed securely in an appropriate manner to maintain security.

In our role as a Data Controller, we also strive to obtain Informed Consent, defined as being ‘freely given, specific, informed and unambiguous’.


As an EU citizen whose personal information we hold, the GDPR affords certain rights. If you wish to exercise any of these rights, please email or through our Services. In order to process your request securely, we reserve the right to request two valid forms of identification from you, for verification purposes.

Your rights are as follows:

  • The right to be informed;
  • The right of access;
  • The right to rectification;
  • The right to erasure (the ‘right to be forgotten’);
  • The right to restrict processing;
  • The right to data portability;
  • The right to object; and,
  • Rights in relation to automated decision making and profiling.

In our role as a Data Controller, we strive to uphold these rights in the manner, and to the timelines, defined within GDPR. If we consider requests to: be frivolous or vexatious; necessitate disproportionate effort to complete (time or cost); or, cannot be fulfilled for another legitime reason (e.g. legal) – then we reserve the right to refuse them. If such an exceptional circumstance arises, then we will inform you (within a reasonable timeframe). If answering requests is likely to require additional time (above that specified in GDPR) or generates a commercially unreasonable expense (which you may have to meet, in part or in full), then we will also inform you (within a reasonable timeframe).


On matters where GDPR specifies a defined timeline, for example, fulfilling Subject Access Requests (‘no later than 30 days’) and/or reporting data breaches to the Supervisory Authority (‘where feasible, within 72 hours’), we will make commercially reasonable efforts to achieve said timelines. If exceptional circumstance arise, which might impact us achieving these deadlines, then we will inform you (within a reasonable timeframe). If there is no defined timeline for a specific matter, then we will strive to address them ‘within a reasonable timeline’ as recommended within GDPR.


We collect different types of information from the customers of our Services, including:

  • Registration and Contact Information. We collect information about you when you (a) register to use the Services; and/or, (b) provide contact information to us via email, chat bots, telephone, or through our Services.
  • Payment Information. When you purchase the Services (via: PayPal), we collect transactional information, which may include your credit card information, billing and mailing address et al (necessary to complete purchase).
  • Technical, Usage and Location Information. We automatically collect information as you interact with our Services, such as your IP address, date and time, browser version, operating system, location data, computer or device details, pages viewed, and items clicked.
  • Other Information. We may collect other information from you.


Stratigen Consulting is a UK registered business so there is no transfer of personal data outside the EU. If such a transfer is required, then informed consent will be obtained before said transfer is made.


We take the security of all data extremely seriously and utilize multiple technologies, processes and protocols to protect against the loss or theft of personal data, including (but not limited to): access controls, data backups, passwords, reputable third parties et al. This being said, although we invest at a commercially reasonable level, no software platform or data storage can be 100% secure; thus, we cannot make guarantees relating to data security.


We use personal data for various activities including (but not limited to) safeguarding, delivering and improving our Services to you, such as:

  • Fulfilling, maintaining and improving the Services;
  • To answer your Service questions and otherwise deliver customer service;
  • To process your payments, we share and use external payment processors (PayPal);
  • To control, monitor and prevent unauthorized use or abuse of the Services;
  • To analyze trends, usage patterns, demographic data, or other data to optimize the Services (Google Analytics);


In simple terms, we do not sell, distribute or lease any personal information outside of our business, without obtaining Informed Consent, unless we are legally required to do so, or there is a ‘good faith belief’ such action is absolutely necessary. For example, if Stratigen or its Services are involved in a merger, acquisition or sale, then personal data might be transferred; in this case, we will provide advance notice. Disclosure could also be required to: protect the rights or assets of our business; prevent or investigate a wrongdoing related to our Services; support a legal request from a recognized legal authority; and/or, protect the safety of users of the Services et al.


We use third-parties (including, but not limited to those listed, beneath) to monitor, analyze, support, promote and enhance our Services. In some cases, these providers will use personal data to fulfil their contractual obligations (with us), when we request them to perform various services on a legitimate interest basis:

For the avoidance of doubt, we do not support Do Not Track (“DNT”) technologies (DNT is a web browser setting that requests that a web application disable its tracking of an individual user).


As our Services and operations evolve, we may update our Privacy Policy to reflect changes. In this scenario, we will make best endeavours to inform customers prior to the change becoming effective. We will also update the ‘effective date’ at the top of this Privacy Policy, to enable customers to be aware of updates. This being said, changes to this Privacy Policy are deemed effective when they are posted on this page and, accordingly, you are advised to review this Privacy Policy page periodically for any changes.