Privacy Policy

Last Updated: June 2026

1. Introduction

Welcome to XCF Consulting (a trading name of Integrated Control Framework Consulting Ltd, "we", "us", or "our"). We are committed to protecting your personal data and respecting your privacy. We maintain the highest standards of data security and confidentiality.

This privacy policy explains how we collect, use, store, and protect your personal data when you visit our website (https://www.xcfconsulting.com/) or engage with our advisory and consultancy services.

2. The Data We Collect

We may collect and process the following categories of personal information:

Identity Data: First name, last name, and job title.
Contact Data: Email address, telephone number, and company name.
Technical Data: Internet Protocol (IP) address, browser type, time zone setting, and operating system when you browse our site.
Usage Data: Information about how you navigate and interact with our website.

3. How and Why We Use Your Personal Data

We will only use your personal data when the law allows us to (the "lawful basis" under UK GDPR). Most commonly, we use your data for the following purposes:

To respond to inquiries: If you reach out via our "Get in Touch" or contact options, we process your contact data based on your consent or to take steps at your request prior to entering into a contract.
To deliver services: To perform our contractual obligations if you partner with us for GRC transformation, delivery, or advisory solutions.
Legitimate Interests: To analyze and optimize website performance, improve user experience, and secure our network infrastructure.

4. Data Security

Security is at the core of our business model. We have implemented rigorous technical, physical, and organizational measures to prevent your personal data from being accidentally lost, compromised, altered, or accessed without authorization. We strictly limit internal data access to employees and associates who have a legitimate business need to know.

5. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. For general inquiries, data is deleted once the query is resolved, unless a business relationship is established.

6. Sharing Your Data

We do not sell or rent your personal information to third parties. We may share your information with trusted third-party service providers (such as IT hosting partners) strictly to operate our website and deliver our services under strict confidentiality agreements. We may also disclose data if legally required to do so by regulatory authorities or law enforcement.

7. Cookies

Our website uses essential cookies to ensure basic site functionality and analytical cookies to evaluate user traffic. You can set your browser to refuse all or some browser cookies, though doing so may prevent certain elements of the site from functioning correctly.

8. Your Legal Rights

Under the UK GDPR, you hold specific data rights regarding your personal information:

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request corrections to inaccurate or incomplete data.
Right to Erasure: Request the deletion of your personal data under certain conditions.
Right to Object/Restrict: Object to or restrict the processing of your data.
Right to Withdraw Consent: Withdraw your consent at any time where consent is our legal basis.

9. Contact Us & Complaints

If you have any questions regarding this privacy policy or wish to exercise your data rights, please contact us through the options provided on our website:

Company Name: Integrated Control Framework Consulting Ltd (XCF Consulting)
Registration No: 12768179 (Registered in England)
Website Contact: xcfconsulting.com

You also have the right to lodge a formal complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.