Skip to content
McCullochRegulatory Compliance

Legal

Privacy Policy

Last updated 6 June 2026

This Privacy Policy explains how McCulloch Regulatory Compliance (“we”, “us”, “our”) collects, uses, and protects personal data when you visit mccullochrc.com (the “Site”) or contact us. It is designed to meet the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, and the California Consumer Privacy Act as amended by the CPRA (“CCPA”).

Please review and complete the items marked in square brackets, and have this policy reviewed by qualified counsel, before relying on it.

1. Who we are (data controller)

McCulloch Regulatory Compliance is the controller of personal data processed through this Site. [Insert registered legal entity name, registered office address, and company/registration number.]

Privacy enquiries: [privacy@mccullochrc.com]. [If you have appointed a Data Protection Officer or an EU/UK representative under Article 27, insert their details here.]

2. The personal data we collect

Information you provide

  • Contact form: your name, email address, organisation, and the content of your message.
  • Newsletter sign-up: your email address.

Information collected automatically

  • Technical data such as IP address, browser and device type, and pages visited, via server logs and strictly necessary cookies, to operate and secure the Site.
  • With your consent, analytics data about how you use the Site (see “Cookies and analytics”).

We do not intentionally collect special category data or information from children (see section 10).

3. How we use your data, and our legal bases

Under the EU/UK GDPR we rely on the following legal bases:

  • To respond to your enquiries and correspondence — our legitimate interests in answering you, and/or taking steps at your request prior to entering into a contract.
  • To send our newsletter — your consent, which you may withdraw at any time.
  • To operate, maintain, and secure the Site and prevent abuse or spam — our legitimate interests.
  • To measure and improve the Site through analytics — your consent.
  • To comply with legal obligations and to establish, exercise, or defend legal claims — compliance with a legal obligation and/or our legitimate interests.

4. Cookies and analytics

We use strictly necessary cookies to make the Site work. Non-essential analytics are not loaded unless you accept them via our cookie banner. You can change your choice at any time using “Cookie settings” in the footer. For more detail, see your browser settings and our cookie controls.

5. Recipients and service providers

We share personal data only with service providers that process it on our behalf under appropriate contractual safeguards, which may include:

  • Website hosting and content delivery (e.g., Vercel).
  • Content management (e.g., Sanity).
  • Spam protection for forms (e.g., Cloudflare Turnstile).
  • Email delivery for enquiries and/or the newsletter (e.g., Resend or a comparable provider).
  • Analytics, where you have consented (e.g., Google Analytics).

We may also disclose personal data where required by law or to protect our rights. We do not sell your personal data.

6. International transfers

Some of our service providers are located outside the European Economic Area and the United Kingdom. Where personal data is transferred internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, and/or adequacy decisions. You may request details of these safeguards using the contact details above.

7. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, or reporting requirements. Enquiry correspondence is retained for [insert period]; newsletter data is retained until you unsubscribe. We then delete or anonymise the data.

8. Your rights under the EU and UK GDPR

Subject to conditions, you have the right to: access your personal data; have it rectified; have it erased; restrict or object to processing; data portability; and withdraw consent at any time (without affecting prior processing). You are also not subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, contact us using the details above. You also have the right to lodge a complaint with a supervisory authority: in the UK, the Information Commissioner’s Office (ico.org.uk); in the EU, your local data protection authority or our lead supervisory authority, [insert authority].

9. California privacy rights (CCPA/CPRA)

If you are a California resident, you have additional rights regarding your personal information. In the preceding 12 months we have collected the categories of personal information described in section 2 (primarily identifiers and internet/electronic activity) for the business purposes described in section 3.

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we do not use or disclose sensitive personal information beyond the purposes permitted by law.

Subject to verification, you have the right to: know and access the personal information we collect; request deletion; request correction; opt out of any sale or sharing; and limit the use of sensitive personal information. You will not be discriminated against for exercising these rights.

To exercise these rights, contact us using the details above; you may use an authorized agent. We also honour Global Privacy Control (GPC) browser signals where applicable.

10. Children’s privacy

The Site is intended for business and professional audiences and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

12. Changes to this policy

We may update this policy from time to time. The “last updated” date below indicates when it was last revised, and material changes will be reflected on this page.

13. Contact

For any privacy questions or to exercise your rights, contact us at [privacy@mccullochrc.com] or [registered office address].