Privacy Policy (UK) 

Mahogany Inclusion Partners (“we”, “us”, “our”) is committed to protecting your personal data and being transparent about how we collect and use it. 

This Privacy Policy explains how we collect, use, share, and protect personal data when you use our website, contact us, engage our services, attend our events, or participate in our programmes. 

We comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and applicable e-privacy rules (including PECR). 

1) Who we are (Data Controller) 

This website and our services are operated by Mahogany Inclusion Partners Ltd (“we”, “us”, “our”). 

We may also trade under the names Mahogany Inclusion PartnersAggie Mutuma, and Authentic Executive Presence. References in this Privacy Policy to “we”, “us”, or “our” include those trading names. 

Data Controller: Mahogany Inclusion Partners Ltd 
Address: 85 Great Portland Street, London W1W 7LT, United Kingdom 
Email: [email protected] 
Company number: 12659930 

If you have questions about this policy or want to exercise your rights, contact us using the details above. 

2) What personal data we collect 

Depending on how you interact with us, we may collect: 

  1. Data you provide directly
  • Contact details: name, email address, phone number, organisation, job title 
  • Enquiry details: the content of messages you send us (via forms/email) 
  • Service delivery information: session logistics, attendance, feedback, and (where relevant) notes or agreed outputs 
  • Billing and contract information: invoicing contact details, purchase order references, payment status (we typically avoid collecting full card details ourselves) 
  • Event information: registration details, accessibility requirements, dietary requirements (if you choose to provide them) 
  1. Data we collect automatically (website use)
  • Technical data: IP address, device type, browser type/version, operating system 
  • Usage data: pages visited, time on site, referral source, approximate location (derived from IP), cookies/identifiers (see section 11) 
  1. Data from third parties
  • Business contact data from referrals, introductions, professional networks, or publicly available sources (e.g., LinkedIn) where relevant to your professional role. 

3) Special category data (sensitive information) 

Some work involving inclusion, culture, leadership, and psychological safety can involve special category data (e.g., racial or ethnic origin, health information, or other sensitive details) if you choose to share it, or where a client organisation shares it with us for a defined purpose. 

Where we process special category data, we: 

  • collect the minimum necessary, 
  • use additional safeguards, and 
  • rely on an appropriate Article 9 condition (see section 5). 

If you are unsure whether you should share sensitive information with us, please ask first. 

4) How we use your data (purposes) 

We use personal data to: 

  1. Respond to enquiries and communicate with you 
  1. Provide our services, including consulting, coaching, facilitation, diagnostics, workshops, and programme delivery 
  1. Manage client and supplier relationships, including contracting and invoicing 
  1. Run events and programmes, including registrations, attendance, accessibility support, and follow-up 
  1. Improve our website and user experience, including performance and security monitoring 
  1. Send relevant updates/marketing where permitted (see section 10) 
  1. Meet legal and regulatory obligations (e.g., tax/accounting records, handling complaints) 

5) Lawful bases we rely on 

We rely on one or more lawful bases under UK GDPR Article 6, depending on the context: 

(a) Marketing 

  • Consent: where you sign up to receive marketing communications (e.g., newsletters/insights) and where non-essential cookies are used for marketing/tracking. 
  • Legitimate interests: where we contact business contacts with relevant information about our services (B2B), provided your rights are not overridden and you can opt out at any time. 
  • PECR rules may also apply to electronic marketing and cookies. 

(b) Programme participation data (e.g., registrations, attendance, feedback) 

  • Contract: where processing is necessary to deliver a programme or service you (or your organisation) have engaged us to provide. 
  • Legitimate interests: where necessary to administer and improve programmes (e.g., managing attendance lists, follow-up, quality assurance), and it does not override your rights. 
  • Legal obligation: where we must keep certain records (e.g., financial records). 

(c) Special category data (where applicable) 

Where special category data is processed, we generally rely on: 

  • Explicit consent (for example, where you voluntarily share sensitive information in a coaching/programme context and it is necessary to support you appropriately), and/or 
  • Employment/social protection or other applicable conditions only where relevant and appropriate to the engagement (this is more common when client organisations collect equality monitoring data and we process it on their instructions). 

We will make clear at the point of collection when special category data is involved and what basis applies. 

6) When we act as “controller” vs “processor” 

  • For website enquiries and our own marketing, we act as a Data Controller. 
  • For some client engagements (e.g., where we handle participant lists or deliver a programme on behalf of a client), we may act as a Data Processor and the client organisation may be the Controller. In those cases, we process personal data only on the client’s documented instructions and under appropriate contractual terms. 

7) Tools and vendors we use 

We use trusted service providers to support our operations, including: 

  • WordPress (website content management system) 
  • HubSpot (customer relationship management, contact forms, email communications, and related analytics where enabled) 
  • Vimeo (video hosting and embedded video playback) 

We may also use: 

  • website hosting / IT providers and professional advisers (e.g., accountants, legal advisers, insurers). 

We require service providers to protect personal data and, where they act as processors, to process it only on our instructions. 

8) International transfers 

Some of our providers (including HubSpot and Vimeo) may process data outside the UK. Where personal data is transferred internationally, we use appropriate safeguards—such as adequacy regulations and/or approved contractual protections (for example, Standard Contractual Clauses with the UK addendum)—to help keep data protected. 

9) How long we keep data (retention) 

We keep personal data only as long as necessary for the purposes described in this policy, including legal, accounting, or reporting requirements. Typical retention periods are: 

  • Website enquiries / contact requests: up to 24 months from last meaningful contact 
  • Marketing records (subscriptions, preferences, opt-outs): until you unsubscribe/opt out; we may keep a minimal suppression record to ensure we respect your choice 
  • Client delivery records (business-to-business engagements): typically 6 years after the end of the engagement (to support contractual, legal, and professional obligations) 
  • Invoices and accounting records: typically 6 years (or longer where required by law) 
  • Programme participation records (attendance, logistics, feedback): typically 24 months after programme completion, unless a client contract requires a different period 
  • Coaching notes / reflective notes (if created): typically 12–24 months after the end of coaching, unless we agree a different approach with you or your organisation, or longer retention is required for legal reasons 

We may retain data longer where necessary to establish, exercise, or defend legal claims. 

10) Marketing communications 

We may contact you with relevant insights, services, or event information: 

  • If you opt in, we will send updates until you unsubscribe. 
  • For business-to-business communications, we may contact you on the basis of legitimate interests where permitted, always providing a clear opt-out. 

You can unsubscribe at any time using the link in our emails or by contacting [email protected]. 

11) Cookies and similar technologies 

We use cookies and similar technologies to operate our website and (where enabled) to understand how it’s used. 

  • Essential cookies: necessary for the website to function (do not require consent). 
  • Non-essential cookies (e.g., analytics, preference, marketing/tracking): used only where required consent is collected via our cookie banner/settings. 

Because we use HubSpot and Vimeo, you may see: 

  • cookies linked to form submissions, session recognition, and website analytics (HubSpot), and 
  • cookies or similar technologies related to video playback and embedded media (Vimeo), which may vary depending on your settings and the way the video is embedded. 

Cookie controls: You can manage cookie preferences via our cookie banner/settings on the site and via your browser controls. 

For more detail, see our Cookie Policy: Visit Cookie Policy 

12) Who we share personal data with 

We may share personal data with trusted third parties only where necessary, including: 

  • IT/hosting providers and security services 
  • HubSpot (as described above) 
  • Vimeo (as described above) 
  • professional advisers (accountants, legal advisers, insurers) 
  • delivery partners/subcontractors supporting delivery (under contract and confidentiality) 

We do not sell personal data. 

13) How we protect your data 

We use appropriate technical and organisational measures designed to protect personal data, including access controls, confidentiality obligations, and secure systems. No method of transmission or storage is 100% secure, but we work to maintain safeguards appropriate to the nature of the data. 

14) Your data protection rights 

You have rights under UK data protection law, including: 

  • the right to access your personal data 
  • the right to rectification 
  • the right to erasure (in certain circumstances) 
  • the right to restriction (in certain circumstances) 
  • the right to data portability (where applicable) 
  • the right to object (particularly where we rely on legitimate interests) 
  • the right to withdraw consent at any time where processing is based on consent 

To exercise your rights, contact [email protected]. We may need to verify your identity. 

15) Complaints 

We’d appreciate the chance to resolve any concerns first—please contact us using the details above. 

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection. 

16) Children 

Our website and services are not intended for children, and we do not knowingly collect personal data from children. 

17) Automated decision-making 

We do not use your personal data to make solely automated decisions that produce legal or similarly significant effects for you. 

18) Links to other websites 

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review the privacy notices on those sites. 

19) Changes to this policy 

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. 

Last updated: 16 February 2026