Fill 2 Fill 1 Page 1 Logo (white) Logo Page 1 Copy 9 Group Group Copy Page 1 Page 1 Copy 4 Page 1 Copy Fill 1

Privacy Policy

Latte Privacy Policy 2025

This version is dated: 8th September 2025

 

Our commitment to your privacy 

At Latte, your privacy matters. We promise to safely process and store any personal data you share with us or that we receive indirectly.

Personal data includes your name, contact details, professional information, and anything else you provide that identifies you.

We collect your data to provide our services, respond to your requests, keep you informed about opportunities or news you may be interested in, and comply with legal obligations. We may share your information with trusted service providers, subcontractors, or law enforcement if required by law. 

Your data may be accessed outside the UK or Australia – for example, by subcontractors in South Africa using UK servers – but we always ensure it is protected.

We process personal data in accordance with applicable laws, including UK GDPR, the Data Protection Act 2018, and the Australian Privacy Act 1988 (Cth).

You have rights under UK and Australian privacy laws, including the right to access, correct, or delete your data, object to certain uses, or make a complaint.

Contact us:

 

Please read this Privacy Policy carefully to understand what personal data we collect, why, and how we will treat it. From time to time, we may update this Privacy Policy to reflect changes in our practices or legal requirements.

 

1. Information we may collect from you

We may directly collect personal data from you through one or more of the following:

  • By you registering for one of our jobs
  • By you emailing or calling us with an enquiry
  • By you entering your details through our website
  • When your business card has been given to or exchanged with one of our staff

 

We may indirectly collect personal data about you in one or more of the following ways:

  • Data is given to us by our partners, but only with your knowledge and, if legally required, where you have consented to this.
  • If you provide your data to media subscription services.
  • If you are one of our followers on our social media channels, e.g., LinkedIn, Twitter or Instagram.

 

If you provide your personal data to any other company that is acting independently of us, it is important that you read and understand their privacy policy or notice so that you are aware of how they will process your data.

 

2. What personal data do we collect?

The type and quantity of information we collect and how we use it depends on why you are providing it.

We will mainly collect:

  • Your name
  • Your contact details
  • Where you work and/or other professional details
  • Any other information you wish to provide
  • Any information which we require to enter and/or to fulfil a contract at your request

 

3. How will we use your data?

We may use your data:

  • To provide you with the services or information that you have requested from us
  • To comply with applicable laws and regulations
  • To manage and administer our legitimate activities as a provider of public relations, reputation management and corporate communications services
  • To deal with your requests or enquiries
  • To provide you with information about us, our services and our clients
  • To keep a record of any communication from you or agreements with you that we hold
  • To get in touch with you on behalf of our clients
  • To inform you about upcoming and relevant jobs
  • To comply with our obligations under UK and Australian law
  • Other purposes that you may contact us about from time to time

 

4. How we keep your data safe and who has access to your information

We ensure that there are appropriate technical and organisational controls in place to protect your personal details from being accessed or used on an unauthorised basis or to protect them from accidental loss, destruction or damage. For example, our online forms are encrypted, and our network is protected and routinely monitored.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff.

We also ask that any clients apply the same controls.

 

4a. Data processing outside our business locations

Some of our subcontractors and service providers may process personal data outside the UK or Australia. For example, we have subcontractors based in South Africa who may access personal data stored on UK servers to provide services such as recruitment support, IT services, or administrative assistance.

  • Where personal data is processed outside your country of residence, we ensure that:
  • The transfer complies with applicable data protection laws, including UK GDPR and the Australian Privacy Act 1988 (Cth)
  • Subcontractors and service providers are bound by contractual obligations to handle your data securely and only in accordance with our instructions
  • Appropriate safeguards are in place, such as standard contractual clauses, to protect your personal data

 

Your rights under UK and Australian law continue to apply.

By using our services or providing personal data, you consent to this international processing as described above.

 

5. Disclosure of information

We may disclose your personal information to third parties in the following situations:

  • To companies and/or organisations that act as our service providers, who handle that data on our behalf and in accordance with our instructions under contract (called “data processors”). These include IT suppliers, data hosting providers, payment processors, recruiters or agencies we use to conduct fraud checks.
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation (e.g., where we have a duty to provide data to the police or courts) or other statutory regulations we have to comply with.
  • To enforce or comply with any agreements you have made with Latte, for example, where we have to pass personal data to a party who is contracted to provide a service to you or to our lawyers or other professionals.
  • To protect the rights, property, or safety of Latte, or others. This includes exchanging information with other organisations for the purposes of protecting us against fraud or safeguarding ourselves (or others) from criminal activity.
  • If we are ever subject to a corporate merger or acquisition, although we will ensure your data is only ever used for the same purpose(s) for which it was originally collected.

 

We may also disclose personal data to subcontractors or service providers outside the UK or Australia, for example in South Africa, who process data on our behalf. Such transfers are always safeguarded to comply with applicable data protection laws, including UK GDPR and the Australian Privacy Act 1988 (Cth), and are subject to contractual obligations or other lawful transfer mechanisms.

We will only ever share your personal data with third parties for their own purposes in other circumstances with your prior knowledge and, if in connection with marketing, where we have your specific, informed, freely given and unambiguous consent. Any third-party data controllers external to us with whom we deal, as described above, will handle your personal data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organisations to understand how they may use your personal data. Since these controller organisations are acting outside of our control, we have no responsibility for their data processing practices.

 

6. Keeping your information up to date

If we get in touch with you for any of the reasons above, we will give you the opportunity to correct and update your information. You can also contact us by emailing dean@wearelatte.com at any time to let us know when your information needs correcting, updating, or removing.

Where personal data is processed by subcontractors or service providers outside the UK or Australia (for example, in South Africa), you can still exercise your rights to correct, update, or remove your data by contacting us.

We may also use publicly available sources (such as LinkedIn, press releases, or other professional publications) to update information about you, but only where it is accurate and relevant for the purposes we collected your data.

 

7. How long do we keep your information for?

The period for which we keep your personal data usually depends on the purpose(s) for which your information was collected.

We will not keep your personal data for longer than necessary for that/those purpose(s) or unless we need to keep data for a longer period to comply with any legal or regulatory requirements.

Personal data that we no longer need to hold is securely disposed of and/or anonymised so you can no longer be identified from it.

Where personal data is processed by subcontractors or service providers outside the UK or Australia (for example, in South Africa), the retention period is aligned with this policy, and we require all third parties to securely delete or anonymise data once it is no longer needed.

We may also retain certain data for longer periods to comply with legal obligations in the UK, Australia, or other applicable jurisdictions, including tax, employment, or regulatory requirements.

 

8. Lawful basis for processing

We process your personal data for the above purposes relying on one or more of the following lawful grounds:

  • Where we agree to provide any product and/or service to you, in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you
  • Where we need to use your personal data for our legitimate interests of being able to provide public relations, reputation management and corporate communications services and manage our business in that regard. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right of privacy
  • Where you have freely provided your specific, informed and unambiguous consent to us using your personal data for particular purposes
  • Where we need to protect your vital interests or those of someone else (such as in a medical emergency); and/or
  • Where we need to collect, process or hold your personal data to comply with a legal obligation

 

Where personal data is processed by subcontractors or service providers outside the UK or Australia (for example, in South Africa), we ensure that their processing activities are covered by the same lawful basis as described above.

Special category data (sensitive personal data), such as health, ethnic origin, religious/philosophical or political beliefs, trade union membership or sex life, will only be processed with explicit consent, to protect vital interests, if publicly disclosed, or where required for legal claims. This applies equally to any international processing.

 

9. Your data rights

Under data protection law, you have a legal right to request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to, as well as certain other information (called a “subject access request”). Usually, we will have one month to respond to such a subject access request, although in the case of complex requests, we may require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access. We may also ask for further information to locate the specific information you seek before we can respond in full and may apply certain legal exemptions to some of the information we disclose when responding to a subject access request.

You also have the following rights, which are exercisable by making a request to us in writing:

  • That we correct personal data that we hold about you which is inaccurate or incomplete
  • To object to any automated processing (if applicable) that we carry out in relation to your personal data, for example if we conduct any automated credit scoring
  • To object to our continued use of your personal data for direct marketing
  • That we erase your personal data without undue delay and/or to object to and/or to restrict the use of your personal data by us for any purpose unless we have a legitimate reason for continuing to hold or process that data; or
  • That we transfer your personal data to another party where the personal data has been collected with your consent or is being used to perform contract with you and we are processing that data by automated means (i.e., on computer)

 

These rights apply equally to personal data processed by subcontractors or service providers outside the UK or Australia (for example, in South Africa).

Australian residents may also make a complaint to the Office of the Australian Information Commissioner (OAIC) if they are unsatisfied with how we have handled their personal data.

We will take reasonable steps to ensure that your rights are respected across all jurisdictions where your data is processed.

All of these requests may be forwarded on to a third-party data processor who is involved in the processing of your personal data on our behalf.

 

10. Contact or Complaints

If you would like to exercise any of the above rights or if you have any concerns about how we use your personal data, please contact us via:

  • Email: dean@wearelatte.com
  • Phone (UK): 07366 939 704
  • Phone (Australia): 0413 555 061

 

When you make any request, you may be required to provide appropriate evidence so that we can verify your identity before we can respond.

For UK residents: If you make a request and are not satisfied with our response or believe that we are illegally processing your personal data, you have the right to complain to the UK Information Commissioner’s Office (ICO) – see: https://ico.org.uk/concerns/

For Australian residents: If you are not satisfied with our response or believe your personal data has been mishandled, you have the right to complain to the Office of the Australian Information Commissioner (OAIC) – see: https://www.oaic.gov.au/privacy/privacy-complaints