Effective 17 July 2026 · Last updated 17 July 2026

Privacy policy

1. Who we are

36 Chambers is the trading name of Tiernan De Souza, a sole trader registered in England at 31 Parkland Crescent, Leeds LS6 4PR, United Kingdom. 36 Chambers provides strategic consulting, automation systems and managed advertising to martial arts schools. For anything in this policy, contact info@36chambers.co.uk.

2. What we collect

3. How we use it

To respond to enquiries, deliver and improve our services, run advertising campaigns on behalf of client schools, invoice and keep accounting records, and meet legal obligations. We do not sell personal data.

4. Lawful bases

We rely on consent (for example when you contact us), performance of a contract (delivering services), legal obligation (accounting records) and legitimate interests (running and protecting our business) under UK GDPR.

5. Who we share it with

Service providers who help us operate, including Google (email, advertising and analytics tools), Meta (advertising tools), Cloudflare (website hosting) and the CRM and invoicing platforms used to deliver client work. Each acts as a processor under GDPR-compliant terms. We do not share personal data with anyone else except where the law requires it.

6. International transfers

Some providers process data outside the UK and EU. Where that happens, transfers rely on the UK International Data Transfer Agreement, Standard Contractual Clauses or equivalent safeguards.

7. How long we keep it

Correspondence for as long as needed to deal with your enquiry and any follow-up. Client data for the length of the engagement plus a reasonable handover period. Financial records for six years, as UK law requires.

8. Your rights

If you are in the UK or EU you can ask to access, correct, delete, restrict or port your personal data, object to processing, and withdraw consent at any time. Email info@36chambers.co.uk and we will respond within one month. You can also complain to the Information Commissioner's Office at ico.org.uk.

9. Security

We use encrypted connections, access controls and two-factor authentication on the systems we operate. No system is perfectly secure, but we take reasonable steps to protect the data we hold.

10. Changes

We update this policy when our practices change and show the date of the latest version at the top of this page.