Privacy Policy
Last updated: 7 February 2026
Fiesole Consulting (“we”, “us”, “our”) is committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we process personal data when you visit our websites https://fiesole.co.uk and https://fiesole-labs.co.uk.
1. Who we are (Controller)
Fiesole Consulting is the data controller for the personal data processed through this website.
Contact: [email protected]
2. What personal data we collect and why
We collect and process extremely limited personal data. Specifically:
| Data | Purpose | Lawful basis (UK GDPR Art. 6) | Retention |
|---|---|---|---|
| Theme preference (light/dark mode) | To remember your display preference on return visits | Legitimate interests (Art. 6(1)(f)) – providing a consistent user experience | Until you clear browser data |
We do not collect or process:
- names, email addresses, phone numbers or postal addresses
- IP addresses, precise geolocation or device identifiers for tracking
- analytics data, behavioural data or profiling information
- any special category data or criminal offence data
3. Cookies & similar technologies
We use only one strictly necessary first-party storage mechanism:
- Name:
fiesole-theme(stored in localStorage) - Purpose: Remembers whether you prefer light or dark mode
- Type: Strictly necessary (no consent required under PECR)
- Duration: Persistent (until cleared by the user)
We do not use:
- third-party cookies
- analytics cookies (e.g. Google Analytics, Plausible, Matomo)
- advertising or marketing cookies
- tracking pixels, fingerprinting or cross-site tracking
4. Recipients & international transfers
The website is hosted on Google Cloud infrastructure (via a static hosting provider such as Cloudflare Pages, Vercel or similar, which may utilise Google Cloud services).
Standard server logs (e.g. IP address, browser type, timestamp, requested URL) may be temporarily processed by Google for security, abuse prevention and performance reasons. These logs are:
- not linked to any identified individual
- retained only for short periods (typically hours to days)
- subject to Google’s Data Processing Addendum and UK International Data Transfer Addendum
No personal data is intentionally transferred outside the UK or EEA. Where any transfer occurs, it is safeguarded by UK-approved mechanisms (UK IDTA or adequacy regulations).
5. Your UK GDPR rights
Under the UK GDPR you have the right to:
- access your personal data
- rectify inaccurate data
- erase data (right to be forgotten)
- restrict processing
- object to processing based on legitimate interests
- data portability (where applicable)
Because we hold almost no personal data and do not link it to individuals, most requests will be satisfied by clearing your browser cookies/local storage. If you wish to exercise any rights, please email [email protected].
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint
6. Changes to this policy
We may update this policy from time to time. The date of the last update will always appear at the top of this page.
7. Contact
Email: [email protected]