Privacy Policy

Last updated: 29th December 2025

This website is operated by Connected Paths ("I", "me", "my"). I am committed to protecting your privacy and handling your personal data transparently and in line with applicable data protection laws, including the UK GDPR and Data Protection Act 2018.

This policy explains what personal data I collect, how I use it, and the choices you have.

If you have any questions, you can contact me at:

Email: privacy@connectedpaths.co.uk

1. Who is responsible for your data?

For this website and my direct services (consulting, mentoring, speaking), the data controller is:

Riaz Kanani
Connected Paths
privacy@connectedpaths.co.uk

2. What data I collect

The data I collect depends on how you interact with the site.

2.1 Information you provide directly

Contact forms / email

When you contact me via a form or email, I may collect:

Name
Email address
Role / company
The contents of your message (which may include information about your business, plans, or situation)

Mentoring / consulting enquiries

If you enquire about mentoring, consulting, fractional roles or speaking, I may also collect:

Information about your company and team
Stage of your business
Goals, challenges, and any other information you choose to share

Newsletter or updates (if you enable this)

If you sign up to a mailing list, I collect:

Email address
Optionally: name, company, role

2.2 Information collected automatically

When you visit this website, basic technical information is collected automatically.

Depending on your setup, this may include:

IP address (which may be anonymised or truncated)
Browser type and version
Device type and operating system
Referring site or campaign (how you got here)
Pages visited and time spent on pages
General location (e.g. country or city, not your exact address)

This is typically collected via our analytics service: Google Analytics

2.3 Cookies and similar technologies

This site may use cookies or similar technologies to:

Remember basic preferences (e.g. light/dark mode, cookie consent)
Measure traffic and usage (analytics)

I try to keep cookies to a minimum and avoid unnecessary tracking.

You can control cookies:

In your browser settings (block or delete cookies).
Via any cookie banner or preferences tool used on the site.

2.4 Embedded content from other sites

Blog posts and pages may include embedded content (e.g. videos, social media posts, code snippets, forms). Embedded content from other websites behaves in the same way as if you visited those websites directly.

These third parties may collect data about you, use cookies, and monitor your interaction with that embedded content. Examples include:

YouTube / Vimeo
X (Twitter), LinkedIn
Slide platforms, form tools, etc.

Their use of your data is governed by their own privacy policies.

3. How I use your data

I use your personal data for the following purposes:

To respond to enquiries
Answering contact form submissions and emails
Discussing potential consulting, mentoring, fractional or speaking engagements
Scheduling calls or meetings
To provide services
Delivering agreed consulting, fractional, mentoring or speaking services
Managing our working relationship, including billing and administration
To send updates or content (if you opt in)
Sending newsletters, essays, updates, or event information you have subscribed to
You can unsubscribe at any time via the link in the email or by contacting me.
To understand and improve the site
Analysing aggregated visitor behaviour (which posts are read, which pages perform well)
Improving content, navigation and overall user experience
Keeping the site secure and monitoring for abuse

I do not sell your personal data.

4. Legal basis for processing (UK / EU visitors)

Where UK GDPR applies, I rely on different legal bases depending on what we're doing:

Consent - for sending newsletters or marketing emails you explicitly sign up to.
Contract - when we're discussing, entering into, or performing a contract (e.g. consulting, mentoring, speaking).
Legitimate interests - for:
- Responding to inbound enquiries
- Basic analytics and site security
- Keeping limited business records

You can contact me if you'd like more detail about how these bases apply to your situation.

5. How long I keep your data

I keep personal data only for as long as it is reasonably needed for the purposes described above, and to meet legal and reporting requirements.

In general:

Contact form / enquiry emails: usually kept for up to 2 years unless we start working together or you ask for deletion sooner.
Client records (consulting, mentoring, fractional, speaking): kept for up to 7 years to comply with tax and accounting obligations.
Newsletter/email list: kept until you unsubscribe, or if emails hard-bounce.
Analytics data: aggregated and non-identifiable after 13 months.

6. Who I share your data with

I may share your data with carefully selected service providers who help run the website and my business, such as:

Website hosting and infrastructure providers: Netlify
Email and productivity tools: Gmail
Analytics tools: Google Analytics
Newsletter/email delivery providers: tbc
Scheduling tools: cal.com

These providers act as data processors and process personal data on my behalf, under contract. They are not allowed to use your data for their own purposes.

I may also disclose your data if required to do so by law, or in response to valid legal requests from public authorities.

I do not sell or rent your personal data.

7. International transfers

Some of the tools and service providers used may be based outside the UK/EEA, for example in the United States.

Where that is the case, I aim to ensure that appropriate safeguards are in place, such as:

Adequacy regulations (where the UK has recognised the destination as providing adequate protection), or
Standard contractual clauses or equivalent mechanisms between UK/EEA and non-UK/EEA entities.

If you'd like details of specific providers and safeguards, you can contact me.

8. Your rights

If UK or EU data protection law applies to you, you have certain rights over your personal data, including:

Access - the right to ask for a copy of the personal data I hold about you.
Correction - the right to have inaccurate or incomplete data corrected.
Deletion - the right to ask me to delete your personal data in certain circumstances.
Restriction - the right to ask me to limit how I use your data in certain circumstances.
Objection - the right to object to processing based on legitimate interests or direct marketing.
Data portability - the right to receive your data in a structured, commonly used and machine-readable format in certain cases.

To exercise any of these rights, please contact me at privacy@connectedpaths.co.uk

You also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

9. Security

I take reasonable technical and organisational measures to protect your personal data, including:

Using reputable hosting and service providers
Limiting access to data to those who need it
Using encryption where appropriate (e.g. TLS/HTTPS, secure email accounts)

However, no system is completely secure. If you believe your personal data may have been compromised in connection with this website or my services, please contact me immediately.

10. Third-party links

This website may contain links to other websites. I am not responsible for the privacy practices or content of those sites. I encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to this policy

I may update this privacy policy from time to time. When I do, I will update the "Last updated" date at the top of this page. The new policy will apply from the date it is posted.

12. Contact

If you have any questions about this privacy policy or how your data is handled, you can contact me at:

Email: privacy@connectedpaths.co.uk