1. Introduction and Governance

This Privacy Policy formally outlines the procedures by which Dr. Hanaa Al-Banna (referred to herein as “I”, “me”, or “my”), operating as a professional consultant and academic, collects, processes, and safeguards the personal information provided by users of this website.

My practice is committed to the highest standards of data protection, confidentiality, and transparency. This policy is governed by, and fully compliant with, United Kingdom data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By engaging with this website and its services, you confirm your acceptance of the terms detailed in this policy.

2. Identity of the Data Controller

The individual responsible for controlling and determining the purposes and means of processing your personal data is Dr. Hanaa Al-Banna.

Contact and Correspondence Details:

• Role: Data Controller, Global Strategist and Academic
• Contact Email: hanaa.albanna@northumbria.ac.uk
• UK Correspondence Address: 81 Scholars Walk, London, United Kingdom
• Telephone: +44 7501 201051

3. Personal Data Collected

I may collect and process the following categories of personal data, which are necessary to facilitate professional engagement and to optimise the website experience:

• Identity and Professional Data: Full name, title, professional organisation, and job function, typically provided when seeking consultation or collaboration.
• Contact Data: Business email address, telephone number, and postal address (if provided).
• Enquiry Data: Details of your specific professional needs or enquiries, enabling the provision of targeted strategic counsel.
• Technical and Usage Data: Information regarding your interaction with the website, including your IP address, browser information, geographical location, pages visited, and traffic data. This is collected via cookies and server logs for performance analysis.

4. Legal Basis for Processing

Processing of personal data is conducted strictly under the following lawful bases as defined by the UK GDPR:

• Legitimate Interests: Processing necessary for my legitimate business interests in professional networking, security, and the continuous analysis and improvement of my digital presence, provided these interests do not override your fundamental rights.
• Performance of a Contract: Processing required for the effective execution of a contract for services (e.g., strategic counsel, speaking engagements, or training programmes) requested by you or your organisation.
• Consent: Where explicit consent is the appropriate legal basis (e.g., for non-essential cookies or direct marketing communications), this consent will be clearly obtained and can be withdrawn at any time.

5. Purposes for Data Utilisation

Your personal data is utilised to achieve the following professional objectives:

• To fully process and respond to complex enquiries and facilitate effective professional collaboration.
• To administer, organise, and deliver consulting, lecturing, or advisory services as contracted.
• To manage client relationships, maintain accurate administrative records, and satisfy legal and accounting requirements.
• To conduct internal research and analysis to understand user demographics and optimise the website’s technical and content performance.

6. Data Disclosure and Sharing

I will not sell, rent, or trade your personal information. Data sharing is limited exclusively to the extent necessary to deliver professional services or comply with legal obligations:

• Trusted Service Providers: Data may be shared with essential third-party service providers (e.g., IT specialists, website hosting providers like Phylix, and platform organisers) who act as data processors under strict contractual terms of confidentiality and security.
• Professional Advisers: Disclosure may occur to legal counsel, auditors, or insurers when necessary to obtain professional advice or manage legal exposure.

7. Data Security and Retention

I have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised manner.

Data is retained only for the duration necessary to fulfil the purpose for which it was collected, and to meet any statutory, regulatory, tax, accounting, or legal reporting requirements.

8. Your Rights Under UK GDPR

As a data subject, you have the right to exercise the following rights regarding your personal data:

• The right to access the personal data I hold about you.
• The right to rectification of inaccurate or incomplete data.
• The right to erasure (the right to be forgotten).
• The right to object to processing based on legitimate interests.
• The right to restriction of processing.
• The right to data portability.
• The right to withdraw consent at any time.

To exercise any of these rights, please submit a written request to the Data Controller via the contact email provided in Section 2.

9. Complaints Procedure

Should you be dissatisfied with how your data has been handled, you have the right to lodge a formal complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
Website: www.ico.org.uk

10. Policy Updates

This policy may be reviewed and revised periodically to reflect changes in legal or professional requirements. The most recent version will always be published on this page.

This Privacy Policy was last updated in November 2025.