Privacy Policy

The Other Consultants

Last updated: 15 May 2026

Who we are

The Other Consultants Ltd (Company Number: [confirm], VAT Number: 401616343), Glasgow, United Kingdom. We are the data controller for personal data collected through this website and during our consulting engagements.

For any privacy matter, contact Adam Isaacs Rae at adam@theotherconsultants.com.

What this policy covers

This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and the rights you have over it. It covers the website theotherconsultants.com and the consulting, auditing and PRRC services we provide.

The data we collect

When you contact us or request a quote, we collect your name, email address, phone number if you provide it, the name of your organisation, and whatever you choose to tell us about your enquiry.

When you engage us for consulting, auditing or PRRC services, we collect contact details for you and your colleagues, professional information needed to deliver the engagement, and any personal data contained within documents you share with us (for example employee names appearing in quality records, supplier contacts, or audit evidence).

When you buy a product or service through our website, our payment processor collects your billing details, delivery address where relevant, and payment card data. We do not see or store full payment card numbers.

When you sign up to our newsletter or Substack, we collect your name and email address.

When you visit the website, we automatically collect technical information including IP address, browser type, device type, pages visited, time spent, and referring source. This is collected through cookies and similar technologies (see cookies section below).

Why we use your data and the legal basis

We use enquiry and engagement data to respond to you, deliver services, manage the client relationship, and meet our professional obligations. The legal basis is either performance of a contract with you, or our legitimate interest in running a consultancy business and responding to enquiries.

We use purchase data to fulfil orders, process payments, and provide receipts and tax records. The legal basis is performance of a contract and compliance with our legal obligations under UK tax law.

We use marketing data (newsletter, occasional updates about services) on the basis of your consent, which you can withdraw at any time using the unsubscribe link in any email.

We use website analytics data to understand how the site is used and improve it. The legal basis is your consent through the cookie banner, or our legitimate interest where strictly necessary cookies are used.

We may use data to comply with legal obligations, including responding to regulatory requests, tax record-keeping, and obligations arising from our work as a regulatory consultancy.

Data shared during regulatory engagements

When we act as your consultant, auditor, or Person Responsible for Regulatory Compliance, you remain the data controller for personal data within your quality system, technical documentation, and audit records. We act as your data processor for that data and handle it under the terms of our engagement letter or a separate data processing agreement.

When we act as a contract auditor for a notified body or certification body, that body is the controller and we act under their instructions.

Who we share data with

We share data with service providers who help us run the business. These include Squarespace (website hosting and commerce), our email provider, our newsletter platform (Substack and any email marketing tool we use), our payment processor, our accounting and bookkeeping tools, and cloud storage providers. All of these are bound by contract to protect your data and process it only on our instructions.

We share data with certification bodies, notified bodies, and competent authorities where required by our work and by law. This includes the MHRA, FDA, and equivalents in other jurisdictions where you have engaged us to support submissions or audits.

We share data with our professional advisors (accountants, legal advisors, insurers) where necessary.

We do not sell your personal data.

International transfers

Some of our service providers process data outside the UK, including in the United States and the EU. Where data is transferred outside the UK, we rely on approved transfer mechanisms such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.

For client work, data may need to be transferred to regulatory authorities or notified bodies in the jurisdictions you are seeking market access in (for example the EU, US, Singapore, Saudi Arabia, Australia). Where this happens we agree the transfer arrangement with you in your engagement letter.

How long we keep data

Enquiries that do not lead to engagement: 24 months from last contact.

Client engagement records: 7 years after the engagement ends, to meet professional, tax, and regulatory record-keeping obligations. Some records relating to medical device technical documentation may be kept longer where required by the underlying regulation (for example up to 10 years for general medical devices and 15 years for implantable devices under EU MDR), where we hold copies for audit trail purposes.

Newsletter subscribers: until you unsubscribe.

Website analytics: as set in our cookie settings, typically up to 24 months.

Tax and accounting records: 6 years from the end of the relevant accounting period, in line with HMRC requirements.

Cookies

The website uses cookies to function and to help us understand how people use it. Strictly necessary cookies (for things like the shopping cart and security) are set without consent. Analytics and any marketing cookies are set only when you accept them through the cookie banner.

You can change your cookie preferences at any time through the cookie settings link in the footer, and you can block or delete cookies in your browser. Blocking strictly necessary cookies will stop parts of the site working.

Your rights

Under UK GDPR you have the right to ask us for a copy of the personal data we hold about you, to correct inaccurate data, to delete data in certain circumstances, to restrict or object to processing, to withdraw consent where we rely on it, and to data portability where applicable.

To exercise any of these rights, email adam@theotherconsultants.com. We will respond within one month.

If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office at ico.org.uk or on 0303 123 1113. We would prefer you to come to us first so we can try to resolve it.

Security

We use reasonable technical and organisational measures to protect personal data, including access controls, encryption in transit, and contractual safeguards with our processors. No system is completely secure, and we cannot guarantee absolute security, but we treat data protection as core to running a regulated consultancy.

Changes to this policy

We will update this policy when our practices change or when the law requires it. The "last updated" date at the top of the policy shows when it was last revised. Material changes will be flagged on the website.

Contact

Adam Isaacs Rae The Other Consultants adam@theotherconsultants.com Glasgow, United Kingdom