Version 1.0 · Effective 21 May 2026 · Controller: Physarum
This notice explains how we handle personal data when you use physarum.uk and contact us. It is not legal advice; ask us if anything is unclear.
Who we are (data controller)
Physarum is the data controller for personal data described in this notice.
Privacy and data subject requests: contact@physarum.uk.
Collection of personal data
We process personal data about business contacts: individuals we are or may be in contact with in the course of our consultancy activities. These include existing and potential clients, recruiters, hiring managers, suppliers, and other professional contacts.
- Name, company, email, phone (optional), and message content from the contact form.
- Correspondence you send us by email or phone.
- Job title, employer, and areas of business interest where you provide them or they appear in a role brief we are responding to.
- Technical data in server and security logs (for example IP address, user agent, timestamps) needed to operate and protect the website.
- Physarum CRM records for opportunity and application workflow where you are a recruiter, client contact, or similar B2B context.
We may collect details directly from you (for example via our website contact form or email), from the organisation you represent, or from publicly available professional sources where relevant to B2B outreach.
Depending on how you interact with us, we may process:
Use of personal data
We use contact data for the purposes below. Legal grounds are stated in summary form under UK GDPR.
- Responding to enquiries and managing our relationship with you (contract steps at your request, and legitimate interests in running a B2B consultancy).
- Administering and improving our website, systems, and security (legitimate interests).
- Physarum CRM and consent records to document enquiries and, where you use the contact form, your consent to processing for establishing contact (consent for that specific processing; legitimate interests for wider Physarum CRM administration).
- We do not use contact-form data for general marketing mailing lists without a separate lawful basis. If we contact you about services after an enquiry, that is tied to your request or an existing relationship, not bulk unsolicited marketing.
Data retention
We keep personal data only as long as needed for the purposes above, including our retention policy for enquiries and consent records (typically up to 24 months from last meaningful contact unless a longer period is required by law, contract, or legal claims).
If an enquiry becomes a client or supplier relationship, retention follows the relevant contract and accounting rules.
Server security logs are kept for a short operational period (typically up to 90 days) unless needed for incident investigation.
If we ever send optional marketing by email to a personal address, you may opt out at any time; we would retain minimal details on a suppression list to honour that choice.
Your rights
Under UK GDPR you may have the right to:
- Access a copy of your personal data.
- Rectify inaccurate data.
- Erase data in certain circumstances.
- Restrict or object to processing in certain circumstances.
- Withdraw consent where processing is based on consent (without affecting prior lawful processing).
To exercise rights or withdraw contact-form consent, email contact@physarum.uk with enough detail for us to identify your enquiry. We aim to respond within one month.
Security
We apply appropriate technical and organisational measures for a small B2B consultancy.
Changes to this notice
We may update this notice when our processing or legal obligations change. You are reading version 1.0. When we publish an update, we assign the next version number and update the effective date shown at the top of this page.