Privacy Policy
Last Updated: 12th June 2025

Newcroft Advisory (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring you have a positive experience when visiting our website (“Site”) or engaging our advisory services (“Services”). This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and your rights over your data.

By accessing or using our Site or Services, you consent to the collection and use of your information in accordance with this Policy. If you do not agree with this Policy, please do not use our Site or Services.

1. Who We Are
Newcroft Advisory is a UK-based consultancy providing strategic advisory services in health innovation, clinician-led projects, and early-stage healthtech ventures. Our registered address is:
Newcroft Advisory
86-90 Paul Street
London UK
EC2A 4NE

2. Personal Data We Collect
We collect personal data in several ways, depending on your relationship with us:
2.1 Data You Provide Directly
•    Contact Forms & Enquiries: When you complete forms on our Site (e.g. to download a resource, request a call, or send a message), we collect your name, email address, organisation, job title, and any other information you submit (e.g. project details).
•    Calendly Bookings: If you schedule a call or engagement via our Calendly link, we collect your name, email, and any information you include in the booking.
•    Email Correspondence: Information in the body of emails you send us (e.g. project descriptions, questions, or feedback).
•    Service Agreements: When you engage our Services, we collect billing details (e.g. address, invoicing requirements) and contractual information.
2.2 Data Collected Automatically
•    Cookies and Tracking Technologies: When you visit our Site, we may automatically collect technical information such as IP address, browser type and version, device identifiers, operating system, referring website, pages visited, and time spent on pages. We use cookies, web beacons, and similar technologies to collect this information.
•    Analytics: We employ Google Analytics (or comparable analytics tools) to understand Site usage patterns and improve our content. This includes anonymous metrics such as page views, bounce rate, and user flow.
2.3 Data from Third Parties
•    LinkedIn Lead Forms: If you submit a lead form via LinkedIn, we may receive your name, job title, organisation, and email address from LinkedIn.
•    Referrals: If a third party (e.g. a colleague or partner) introduces you, we may receive your contact details from them.

3. How We Use Your Personal Data
We process your data for the following legitimate purposes:
     1.    Provision of Services: To deliver our advisory, coaching, and project support services, including scheduling calls, preparing deliverables, and providing follow-up.
     2.    Communication: To respond to your enquiries, send confirmations, updates, newsletters, or other marketing communications (where you have consented).
    3.    Marketing & Outreach: To share relevant insights, blog posts, or service updates, provided you have opted in or consented.
    4.    Site Improvement & Analytics: To understand how visitors use our Site, improve content, and enhance user experience.
    5.    Legal & Compliance: To comply with legal obligations, resolve disputes, and enforce our Terms and Conditions.
We will only process personal data when we have a lawful basis to do so, typically:
•    Consent: You have given clear consent to process your data for a specific purpose (e.g. receiving newsletters).
•    Contractual Necessity: Processing is necessary to perform a contract with you (e.g. delivering Services).
•    Legitimate Interests: We have a legitimate interest in processing your data (e.g. improving our Site, marketing), provided it does not override your fundamental rights and freedoms.
•    Legal Obligation: We need to process your data to comply with a legal requirement (e.g. tax or accounting obligations).

4. Cookies and Tracking Technologies
4.1 What Are Cookies?
Cookies are small text files placed on your device to store basic information about your visit (e.g. preferences, login status). Other tracking technologies we use include web beacons, pixels, and analytics scripts.
4.2 Types of Cookies We Use
•    Essential Cookies: Required for core Site functionality (e.g. session cookies, security cookies).
•    Performance Cookies: Collect anonymous data on how visitors use our Site (e.g. Google Analytics).
•    Functionality Cookies: Remember preferences (e.g. language settings).
•    Advertising/Targeting Cookies: Occasionally used if we run paid ad campaigns on platforms like LinkedIn or Google Ads, but we do not store personal data on these cookies.
4.3 Managing Cookies
Most browsers allow you to control cookies via settings. You can block or delete cookies, but please note that certain features of our Site may not function properly without essential cookies. For detailed instructions, refer to your browser’s help documentation.

5. Data Sharing and Disclosure
We do not sell or rent your personal data to third parties. We share data only in the following circumstances:
     1.    Service Providers & Subprocessors: We may engage third-party providers (e.g. web hosting, email platforms, analytics providers, payment processors) to perform services on our behalf. These providers are contractually bound to protect your data and process it only as instructed.
     2.    Legal Compliance & Protection: If required by law, regulation, or court order, we may disclose your personal data to authorities. We may also disclose your data to protect our rights, property, or safety, or that of others.
    3.    Business Transfer: If Newcroft Advisory undergoes a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you prior to any change in ownership or control of your personal data.
    4.    Aggregated/Anonymised Data: We may share aggregated, non-identifiable information (e.g. Site usage trends) publicly or with partners without restriction.

6. Data Security
We implement appropriate technical and organisational measures to safeguard your personal data against unauthorised access, loss, misuse, or alteration. These measures include:
•    Encryption of data at rest and in transit (where applicable).
•    Access controls and multi-factor authentication for internal systems.
•    Regular audits of data access and security practices.
•    Secure backups with limited retention.
•    Employee training on data protection and confidentiality.
Despite these efforts, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined below or as required by law:
•    Service Records & Financial Data: Retained for a period of six years for tax, accounting, and legal compliance.
•    Marketing Data: If you have consented to receive newsletters or marketing communications, we retain your contact details until you unsubscribe or withdraw consent.
•    General Enquiries: We typically retain enquiry data (e.g. form submissions) for two years to allow us to provide ongoing support or reference past conversations.
When your data is no longer needed, we will securely delete, anonymise, or aggregate it in accordance with legal requirements.

8. Your Rights
Under the UK General Data Protection Regulation (UK GDPR) and related data protection laws, you have the right to:
     1.    Access: Request a copy of the personal data we hold about you.
     2.    Rectification: Request correction of inaccurate or incomplete data.
     3.    Erasure (“Right to be Forgotten”): Request deletion of your personal data, subject to legal obligations.
    4.    Restriction of Processing: Request that we limit the processing of your data under certain circumstances.
    5.    Data Portability: Request a machine-readable copy of your data for transfer to another controller, where technically feasible.
    6.    Object: Object to processing based on our legitimate interests, direct marketing, or profiling.
     7.    Withdraw Consent: If processing is based on consent, you may withdraw consent at any time.
    8.    Lodge a Complaint: You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data is not handled in accordance with this Policy or applicable law.

To exercise any of these rights, please contact us at:
Email: morkos.iskander@newcroftadvisory.com
Address: Newcroft Advisory, [Insert Registered Address]
We will respond to your request within one month (or two months for complex requests).

9. International Transfers
Your personal data may be transferred to and processed in countries outside the UK, including the European Economic Area (EEA) or other jurisdictions with different data protection laws. Whenever we transfer data internationally, we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses approved by the UK government or other authorised mechanisms.

10. Children’s Privacy
Our Site and Services are not directed to children under 18, and we do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe we have inadvertently collected such data, please contact us immediately so we can delete that information.

11. Links to Third-Party Sites
Our Site may contain links to external websites not owned or controlled by Newcroft Advisory. We are not responsible for the content or privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal data.

12. Updates to This and Other Policies
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or technological advancements. When we make changes, we will revise the “Last Updated” date at the top. If we make material changes that significantly impact your rights, we will provide more prominent notice (such as an email to subscribers).

13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Newcroft Advisory
Email: morkos.iskander@newcroftadvisory.com
Address: Newcroft Advisory,  86-90 Paul Street, London UK, EC2A 4NE

Thank you for trusting Newcroft Advisory with your personal data. We are committed to protecting your privacy and providing a transparent, secure experience.