Who we are
Neura North Ltd (“we”, “us”, “Neura North”) is a company registered in England and Wales under company number 16548294, with its registered office in Leeds, West Yorkshire. We are the data controller for personal data collected via this website and through our services.
Our designated contact for data protection matters is Daniel Doherty: daniel.doherty@phdnetworks.co.uk.
What data we collect
We collect personal data when you interact with us in the following ways:
- Enquiry forms and email: name, organisation, role, email address, phone number (if provided), and the contents of your message.
- Triage and workshop bookings: the information you supply when booking, including organisational context, current AI tool usage, and any preferences or accessibility needs.
- Website analytics: anonymised usage data (pages visited, device type, approximate location) via privacy-respecting analytics. We do not use cross-site advertising tracking.
- Cookies: strictly necessary cookies for site function. See our cookie policy.
Lawful basis for processing
We process personal data on the following lawful bases under UK GDPR Article 6:
- Contract performance — when delivering services you have engaged us to provide.
- Legitimate interests — responding to enquiries, managing the client relationship, and improving our services. We have balanced these interests against your rights and freedoms.
- Legal obligation — complying with tax, accounting, and other statutory record-keeping requirements.
- Consent — for any optional marketing communications, given separately and withdrawable at any time.
How long we keep it
Enquiry-only data is retained for 12 months from last contact, then deleted. Client engagement data is retained for the duration of the engagement and for 7 years afterwards in line with statutory record-keeping requirements. Financial records are retained for 7 years.
Who we share it with
We do not sell personal data. We share data only with the following categories of processor, each under a data processing agreement:
- IT and hosting providers (UK or EEA based)
- Email and calendar providers (Microsoft 365 / Google Workspace where used)
- Accounting and bookkeeping providers
- Where strictly necessary, professional advisers (legal, insurance) under their own duties of confidentiality.
We do not transfer personal data outside the UK or EEA except where necessary and supported by an adequacy decision or appropriate safeguards under UK GDPR.
Your rights
You have the following rights under UK GDPR:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your data where there is no continuing lawful basis to hold it.
- Restriction — request that we limit processing.
- Portability — request a structured, machine-readable copy of data you have provided.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — at any time, for any processing based on consent.
- Complain — to the Information Commissioner’s Office (ico.org.uk) if you believe we have mishandled your data.
To exercise any of these rights, email daniel.doherty@phdnetworks.co.uk. We will respond within one calendar month.
Security
We apply technical and organisational measures appropriate to the sensitivity of the data we handle, including encrypted communications, access controls, and regular review of our supplier security posture.
Changes to this policy
We will update this policy as our practices change or as required by law. The “last updated” date at the top of this page indicates the version. Material changes will be flagged in our outgoing communications.