Legal

Privacy Policy

Effective date: 2 February 2026 | Version 1.0

RegisteredPulsar Consulting Ltd · Company No. 15543932 · 7 Gregory Drive, Yateley, England, GU46 7AWContactData enquiries: hello@pulsar-ngc.com · Website: pulsar-ngc.comJurisdictionPrimary: United Kingdom (UK GDPR / DPA 2018) · Secondary: South Africa (POPIA) · Additional: EU GDPR where applicable

Pulsar Consulting Ltd (“Pulsar”, “we”, “us” or “our”) is a UK-registered technology and management consultancy specialising in ServiceNow platform advisory, implementation, and managed services. We are committed to protecting the privacy and security of personal data processed in connection with our website, client engagements, and business operations. This Privacy Policy explains who we are, what data we collect, how we use and protect it, and what rights you have.

This policy applies to all individuals whose personal data we process, including website visitors, prospective clients, existing clients and their personnel, suppliers, partners, job applicants, and event participants. It does not apply to the processing activities of our clients — where Pulsar acts as a data processor on behalf of a client, processing is governed by the relevant client data processing agreement.

1. Scope of This Policy

This policy covers:

The Pulsar Consulting Ltd website at pulsar-ngc.com and all subdomains.
Interactions initiated via our website, including contact forms, gated content downloads, webinar registrations, and newsletter sign-ups.
Processing of personal data in the course of business development, client delivery, supplier management, recruitment, and event participation.
Any other context in which Pulsar acts as a data controller in relation to your personal data.

This policy does not cover:

Third-party websites or services linked from our website — see Section 16 (External Links).
Processing undertaken by Pulsar as a data processor on behalf of its clients — this is governed by client-specific data processing agreements.
Employee HR data, which is addressed in Pulsar’s internal HR Privacy Notice.

2. Who We Are and Our Role

Pulsar Consulting Ltd is the data controller for personal data collected via this website and in the course of its commercial activities. A data controller is the entity that determines the purposes and means of processing personal data.

Where Pulsar is engaged by a client to implement or configure technology platforms — including ServiceNow — and in so doing processes personal data on behalf of that client, Pulsar acts as a data processor. In that capacity, processing is governed by a formal data processing agreement with the relevant client, and this policy does not apply to that processing.

Our services span four principal practice areas:

Tech and Customer Excellence — ServiceNow platform implementation, configuration, integration, and customer workflows.
Risk and Security Excellence — governance, risk and compliance (GRC), security operations, and IT risk advisory.
Employee Excellence — HR Service Delivery, Employee Centre, and workforce technology enablement.
Strategy and Assurance — digital transformation advisory, organisational readiness, adoption, and value assurance.

3. What Personal Data We Collect

3.1 Data Collected via the Website

Contact Data: name, job title, company name, business email address, telephone number.
Enquiry Data: the content of messages or requests submitted via contact forms.
Marketing Preferences: your consent choices and opt-in or opt-out status for communications.
Event Data: registration details for webinars, workshops, or downloadable content.
Usage Data: IP address, browser type and version, operating system, pages visited, time on page, referral source, and cookie identifiers.

3.2 Data Collected in the Course of Business

Professional Data: employer, role, seniority, professional background, and contact details provided in a business context.
Correspondence Data: emails, messages, meeting notes, and other communications.
Contractual Data: information required to execute and manage client or supplier agreements.
Recruitment Data: CVs, cover letters, interview notes, and references (handled under our Recruitment Privacy Notice).

3.3 Special Category Data

We do not knowingly collect or process special category data (including data about health, religion, ethnicity, political opinions, or sexual orientation) through our website or in the ordinary course of business development. If special category data becomes relevant in a specific client delivery context, this will be addressed under the applicable client data processing agreement and subject to explicit lawful basis.

4. How We Collect Your Data

Direct Submission: when you complete a form on our website, register for an event, download content, or contact us directly via email or telephone.
Website Technology: cookies, analytics tools, and similar technologies collect usage data automatically when you browse our site. See Section 7.
Third Parties: we may receive your contact details from reputable B2B data providers, LinkedIn, or partners who have your consent to share data with organisations such as ours.
Client and Supplier Relationships: personal data of client and supplier personnel is collected as part of the normal conduct of a professional services engagement.

5. How We Use Your Personal Data

We use personal data for the following purposes:

To respond to your enquiry and provide information about Pulsar’s services.
To follow up with relevant thought leadership, service information, or event invitations that align with your interests and business context.
To process registrations for events, webinars, or gated content downloads.
To manage and deliver client engagements, including project communications, scheduling, and reporting.
To manage supplier and partner relationships.
To conduct business analysis and improve the performance and content of our website.
To comply with legal, regulatory, and contractual obligations.
To pursue, defend, or manage legal claims or disputes.

We do not use your personal data for unsolicited or irrelevant marketing communications, sale, rental, or trading to third parties, or automated decision-making that produces legal or similarly significant effects.

6. Legal Basis for Processing

We process personal data only where we have a lawful basis to do so:

Consent (Article 6(1)(a)): when you submit a form, subscribe to communications, or agree to cookies. You may withdraw consent at any time.
Contract (Article 6(1)(b)): where processing is necessary to enter into or perform a contract with you or your organisation.
Legal Obligation (Article 6(1)(c)): where we are required to process data to comply with applicable law.
Legitimate Interests (Article 6(1)(f)): for business development, website improvement, client relationship management, and security. You may object at any time.
Vital Interests (Article 6(1)(d)): in rare circumstances where processing is necessary to protect someone’s life.

Where Pulsar operates in South Africa, processing is additionally governed by the Protection of Personal Information Act 4 of 2013 (POPIA) and its eight conditions for lawful processing.

7. Cookies and Tracking Technologies

7.1 What Cookies We Use

Strictly Necessary: essential for the website to function. Cannot be declined.
Functional (Preferences): remember your choices and personalise your experience. Require consent.
Analytics (Statistics): collect anonymised usage data to help us understand how visitors use the site. Require consent.
Marketing: track your activity across websites for advertising personalisation. Require consent.

7.2 Cookie Consent

When you first visit our website you will be presented with a cookie consent banner. You may accept all cookies, decline non-essential cookies, or customise your preferences by category. You can update your preferences at any time via the cookie preferences link in the website footer.

7.3 Third-Party Cookies

Some cookies are set by third-party services we use. These third parties have their own privacy policies. We only permit third-party cookies for services with which we have a data processing agreement in place.

8. Data Sharing

We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:

Service Providers: website hosting, analytics, CRM, email delivery, and event management. All providers are contractually bound to process data only on our instructions.
Professional Advisors: legal, financial, or insurance advisors under obligations of confidentiality.
Regulatory and Law Enforcement Bodies: where required by law, court order, or to protect our legal rights.
Business Transfers: in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections.
Group Entities: Pulsar’s South Africa-based team may access certain data for business delivery purposes, subject to cross-border transfer safeguards (Section 12).

9. Data Retention

Website Enquiries: up to 24 months from last contact.
Client Engagement Data: 7 years from completion of the engagement.
Marketing Data: retained while consent remains active or until opt-out is received.
Recruitment Data: up to 12 months from the conclusion of the recruitment process.
Financial and Tax Records: 7 years in accordance with HMRC requirements.
Security and Access Logs: up to 12 months for operational security monitoring.

Data is subject to periodic review. When retention periods expire, data is securely deleted or anonymised.

10. Information Security

10.1 Technical Controls

Data is transmitted via TLS-encrypted connections. We enforce HTTPS across all web properties.
Access to personal data is restricted by role-based permissions and the principle of least privilege.
We use secure, cloud-based infrastructure with recognised security certifications.
Systems containing personal data are protected by multi-factor authentication.
Security logging and monitoring is applied to systems processing personal data.

10.2 Organisational Controls

All Pulsar personnel receive data protection awareness training.
Internal data handling procedures and security policies govern how data is collected, stored, accessed, and disposed of.
Third-party providers are assessed for security compliance prior to engagement.
We conduct periodic reviews of our security posture and data processing activities.

10.3 Incident Response

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours. Where the breach poses a high risk to individuals, we will also notify affected data subjects without undue delay.

11. Data Accuracy

We take reasonable steps to ensure that personal data we hold is accurate, complete, and kept up to date. If you believe that data we hold about you is inaccurate or outdated, you have the right to request rectification (see Section 13). Where data is sourced from third-party providers, we take reasonable steps to verify accuracy at the point of collection.

12. Cross-Border Data Transfers

Pulsar operates with personnel and systems based in both the United Kingdom and South Africa. Personal data may therefore be transferred between these jurisdictions in the ordinary course of business delivery.

12.1 Transfers to South Africa

International Data Transfer Agreements (IDTAs) or UK Addendum to EU Standard Contractual Clauses.
Internal security controls and access restrictions.
Awareness training and data handling obligations applied consistently across all geographies.

12.2 Transfers to Other Third Countries

Where our third-party service providers are based outside the UK or EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses (SCCs), or Binding Corporate Rules. You may request further information by contacting hello@pulsar-ngc.com.

13. Your Data Protection Rights

Right	Description	Applies Under
Access	Request a copy of your personal data held by Pulsar.	UK GDPR / POPIA
Rectification	Request correction of inaccurate or incomplete data.	UK GDPR / POPIA
Erasure	Request deletion of your data where there is no overriding lawful basis to retain it.	UK GDPR / POPIA
Restriction	Request that we limit processing of your data in certain circumstances.	UK GDPR
Portability	Receive your data in a structured, machine-readable format.	UK GDPR
Objection	Object to processing based on legitimate interest or direct marketing.	UK GDPR / POPIA
Non-Automated Decisions	Not be subject to solely automated decision-making that produces legal effects.	UK GDPR
Opt-Out	Opt out of the sale or sharing of personal information.	CCPA (California)

To exercise any of these rights, contact us at hello@pulsar-ngc.com. We will respond within one calendar month, or within 30 days as required under POPIA.

14. Complaints and Dispute Resolution

14.1 Internal Complaints Process

If you have a concern about how we have handled your personal data, contact us at hello@pulsar-ngc.comwith “Data Privacy Complaint” in the subject line, or write to us at 7 Gregory Drive, Yateley, England, GU46 7AW. We will acknowledge within 5 business days and provide a substantive response within 20 business days.

14.2 Escalation to a Supervisory Authority

United Kingdom: Information Commissioner’s Office (ICO) — www.ico.org.uk — 0303 123 1113
South Africa: Information Regulator — www.inforegulator.org.za — complaints.IR@justice.gov.za
European Union: the supervisory authority in your EU member state of habitual residence.

14.3 Dispute Resolution — Consulting Engagements

Where a dispute concerning data privacy arises in the context of a client engagement, the parties should first attempt resolution through the dispute escalation mechanism specified in the relevant Statement of Work or Master Services Agreement.

15. Online Advertising

We may use digital advertising tools, including retargeting technologies, to present Pulsar content to individuals who have previously visited our website. These tools may set cookies on your device. We only activate marketing-category cookies with your prior consent.

15.1 What We Advertise

Pulsar only advertises its own consulting services and thought leadership content. We do not sell advertising space on our website to third parties.

15.2 Managing Advertising Preferences

You can manage advertising cookie preferences via our cookie consent banner at any time. You may also opt out via LinkedIn advertising settings, your device’s Advertising ID settings, or browser-level extensions that block tracking technologies.

16. External Links

Our website may contain links to external websites. Pulsar has no control over the content, privacy practices, or security of external websites and is not responsible for their privacy policies. The presence of a link does not constitute an endorsement.

17. Children's Privacy

Our website and services are directed at business professionals and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at hello@pulsar-ngc.com.

18. Changes to This Privacy Policy

We review and update this Privacy Policy periodically. Material changes will be notified via a prominent notice on our website. The effective date at the top of this document indicates when it was last revised. Previous versions are available on request.

19. How to Contact Us

General Enquirieshello@pulsar-ngc.comData Requestshello@pulsar-ngc.com — subject: Data Privacy RequestPostal AddressPulsar Consulting Ltd, 7 Gregory Drive, Yateley, England, GU46 7AWWebsitepulsar-ngc.com

This policy was drafted in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, the Protection of Personal Information Act 4 of 2013 (POPIA), and with reference to guidance published by the Information Commissioner’s Office.