Legal

Privacy policy

Last updated 30 June 2026

Who we are

Lily Brunning (“we”, “us”) is the data controller for personal data collected through this website. We are based in the United Kingdom and you can reach us at lily@lilybrunning.com.

This policy explains what personal data we collect, why we collect it, how long we keep it, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The information we collect

We only collect personal data that you give us directly, or that is generated by your use of the site:

  • Contact form. When you complete the form on the Contact page we collect your name, email address, business name and the message you send us.
  • Email and other correspondence. If you email us or follow up after an introductory call, we keep that correspondence to manage the enquiry.
  • Scheduling. If you book an introductory conversation through our Calendly link, Calendly collects the details you provide directly on its platform (name, email, meeting time, any notes). Calendly acts as a separate controller for that data — see its own privacy notice for details.
  • Analytics and site usage. With your consent we may use analytics tools to understand which pages are read and how the site performs. See the cookie policy for the current list of tools and what they collect.
  • Server logs. Our hosting provider records standard technical information such as IP address, browser type and timestamps to keep the site secure and reliable.

We do not knowingly collect special-category data (for example data revealing health, race or political opinions). Please don't include this kind of information in messages you send us.

Why we use it and on what legal basis

  • To reply to enquiries and arrange introductions — legitimate interests (responding to people who contact us) and, where relevant, taking steps prior to entering into a contract.
  • To deliver advisory work and meet our obligations — performance of a contract, and compliance with legal obligations (for example tax and accounting records).
  • To keep the site secure and improve it — legitimate interests in operating a safe, well-functioning website.
  • For analytics and non-essential cookies — your consent, given via the cookie banner. You can withdraw consent at any time from the cookie preferences link in the footer.

How long we keep it

  • Enquiries that don't lead to an engagement are deleted within 12 months of last contact.
  • Records relating to advisory engagements are kept for as long as we need them to deliver the work and for up to 6 years afterwards to meet UK accounting, tax and professional obligations.
  • Consent preferences are stored in your browser for 12 months and refreshed each time you visit.

Who we share it with

We don't sell your personal data. We share it only with service providers that help us run the site and the business, under written terms that require them to protect it. This currently includes:

  • Our website hosting and email providers.
  • Calendly, where you choose to book a meeting through it.
  • Professional advisers (such as accountants) where strictly necessary.

Some of these providers are based outside the UK. Where that's the case we rely on safeguards recognised under UK GDPR (for example the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or an adequacy decision).

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • ask us to delete data we no longer need to keep;
  • object to or restrict certain uses of your data;
  • withdraw consent where we rely on it; and
  • complain to the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email lily@lilybrunning.com.

Changes to this policy

We may update this policy from time to time — for example when we add a new tool or service. The “last updated” date at the top of the page will always reflect the most recent version.