Legal

Privacy Policy

Last updated: 28 February 2026

1. Introduction

Datum ("we", "our", or "us") is a data engineering consultancy operating in the United Kingdom and providing services to clients across Europe and beyond. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit https://datum.io, enquire about our services, engage us as a client, or interact with us in any other way. It applies to all personal data we process in connection with our business activities.

If you have any questions or concerns about this policy, or about how we handle your data, please contact us at privacy@datum.io.

2. Data We Collect

We collect personal data in the following categories:

  • Identity data — your first and last name, job title, and company name as provided through our contact form or during client onboarding.
  • Contact data — your email address, phone number, and business address.
  • Communication data — the content of emails, messages, and meeting notes you exchange with us.
  • Technical data — your IP address, browser type and version, time zone setting, operating system, and other technology on devices you use to access our website. We collect this via standard server logs.
  • Usage data — information about how you use our website, pages visited, time spent, and referral source.
  • Financial data — bank account or payment details collected only where we issue invoices or process payments. We do not store card details; all payment processing is handled by regulated third-party providers.
  • Enquiry data — details you provide when submitting a project enquiry, including your data infrastructure, team size, and technical requirements.

3. How We Collect Your Data

We collect personal data through the following means:

  • Direct interactions — when you fill in our contact form, send us an email, book a call, or enter into a client agreement.
  • Automated technologies — our website uses cookies and similar tracking technologies to collect technical and usage data. Please see our Cookie section below.
  • Third parties — we may receive data about you from referral partners, LinkedIn or other professional networks, and analytics providers.

4. Lawful Basis for Processing

We process your personal data only where we have a lawful basis to do so under UK GDPR and the UK Data Protection Act 2018. The applicable bases are:

  • Contract — processing is necessary to perform a contract with you or to take steps before entering into one (e.g. responding to your project enquiry, delivering agreed services).
  • Legitimate interests — processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights. This includes maintaining business records, improving our website, and communicating with prospective clients.
  • Legal obligation — processing is necessary to comply with a legal obligation, such as retention of financial records for HMRC purposes.
  • Consent — where we send you marketing communications, we will ask for your consent first. You may withdraw consent at any time by emailing us at privacy@datum.io.

5. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To respond to your enquiry and discuss your project requirements.
  • To deliver data engineering consulting, engineering placement, project squad, and training services.
  • To manage our client relationship, including invoicing, reporting, and project communications.
  • To send you service-related updates and, where you have opted in, relevant insights or newsletter content.
  • To improve and maintain our website, and to understand how visitors use it.
  • To comply with applicable laws, regulations, and legal obligations.
  • To protect the rights, property, and safety of Datum, our clients, and third parties.

6. Data Sharing and Third Parties

We do not sell your personal data. We may share it with trusted third parties in the following circumstances:

  • Service providers — companies that provide IT infrastructure, hosting, analytics, email, or payment processing services on our behalf, bound by data processing agreements.
  • Professional advisors — accountants, lawyers, and auditors who require access in the course of providing professional services to us.
  • Engineers and contractors — where we place an engineer within your organisation, limited relevant data may be shared with that engineer under strict confidentiality obligations.
  • Regulatory or legal authorities — where required by law, court order, or government authority.

All third-party service providers are required to handle your data in accordance with applicable data protection law and our instructions.

7. International Data Transfers

Where we transfer personal data outside the United Kingdom or the European Economic Area, we ensure that appropriate safeguards are in place — such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses — in accordance with applicable data protection law.

Our primary hosting and services are based in the UK and EU. If any third-party provider processes data in other jurisdictions, we carry out transfer impact assessments and apply appropriate safeguards.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Client and project records — retained for 7 years after the end of a client engagement, in line with our legal and financial record-keeping obligations.
  • Enquiry and prospect data — retained for 12 months after the last point of contact, unless you engage our services.
  • Website analytics data — retained in aggregated, anonymised form for up to 24 months.
  • Marketing consent records — retained until you withdraw consent or for 3 years from the last interaction, whichever is sooner.

When data is no longer required, it is securely deleted or anonymised.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data where there is no compelling reason for us to continue processing it.
  • Right to restrict processing — to request that we limit how we use your data in certain circumstances.
  • Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object — to object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making — we do not use automated decision-making or profiling.

To exercise any of these rights, please contact us at privacy@datum.io. We will respond within one month. If you are unhappy with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files placed on your device that help us understand how you use our site.

We use the following types of cookies:

  • Strictly necessary cookies — essential for the website to function. These cannot be disabled.
  • Analytics cookies — help us understand visitor behaviour in aggregate (e.g. pages visited, time on site). We use privacy-respecting analytics and anonymise IP addresses.
  • Preference cookies — remember your settings and preferences for return visits.

You can control or delete cookies through your browser settings. Disabling cookies may affect some website functionality.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • Encrypted communications (HTTPS/TLS) across all web properties.
  • Access controls limiting data to those with a need to know.
  • Regular review of data handling procedures.
  • Contractual data protection obligations with all sub-processors.

No method of internet transmission or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the 'Last updated' date at the top of this page. Material changes will be communicated where practicable.

We recommend you review this page periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Datum — Data Privacy
privacy@datum.io

We aim to respond to all privacy-related enquiries within 5 business days.

View Terms of Service →Contact us with questions →