Legal · Elite Careers Strategy

Privacy Policy

Last updated: 15 April 2026

Elite Careers Strategy ("ECS", "we", "us", or "our") is committed to protecting the privacy of every person who visits our website, submits an enquiry, subscribes to our newsletter, or engages our services. This policy explains what personal data we collect, how we use it, who we share it with, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to our website at accessecs.com, any subdomain we operate, and any direct communication between you and ECS by email, telephone, video call, or messaging platform.

1. Who we are

Elite Careers Strategy is a trading name of a UK-based advisory practice founded by Hassan Akram. Our registered correspondence address is:

Elite Careers Strategy
London, United Kingdom
Contact: clients@accessecs.com

For all privacy-related enquiries, the data controller is Hassan Akram. You can reach us at clients@accessecs.com.

2. What personal data we collect

We only collect personal data that you voluntarily provide, or that is necessarily generated when you interact with our website. Specifically:

2.1 Data you provide directly

Enquiry form data: first name, last name, email address, university, target sector, target firms, and any free-text notes you include when you submit the form at accessecs.com/start.
Parent or guardian data: if you indicate a parent or guardian is involved, we collect their first name, last name, email address, and (optionally) telephone number, so that we can include them in our engagement process as required by our standing policy.
Diagnostic call data: any information you share during a diagnostic or strategy call, whether by voice, video, or written message.
Newsletter subscription data: your email address and any profile attributes you provide, used to deliver our newsletter via Beehiiv.

2.2 Data collected automatically

Technical data: IP address, browser type, device type, operating system, referring URL, and pages visited on our website. We use this data solely to diagnose technical problems and understand general usage patterns.
Cookies and analytics: we use a minimal set of first-party cookies for session continuity and may use privacy-friendly analytics to count page views. We do not use third-party advertising cookies. You can disable cookies in your browser at any time without losing access to the site.

3. How we use your personal data

We use the personal data we collect for the following purposes:

To respond to your enquiry, arrange a diagnostic call, and deliver the advisory engagement you have asked us to provide.
To send you our newsletter and any follow-up communication relevant to your stated interest (law, investment banking, private equity, or related sectors).
To classify inbound enquiries internally so we can match you with the most relevant precedents and frameworks from our proof library.
To administer our client relationship: record session notes, track progress, generate proposals, and issue invoices.
To comply with legal and regulatory obligations, including accounting and tax requirements under UK law.

4. Legal basis for processing

Under the UK GDPR, the legal bases on which we process your personal data are:

Consent (Article 6(1)(a)): when you submit our enquiry form, subscribe to our newsletter, or opt into marketing communications.
Contract (Article 6(1)(b)): when we are providing an advisory engagement you have entered into with us, or taking steps at your request prior to entering such an engagement.
Legitimate interest (Article 6(1)(f)): to operate and improve our service, respond to enquiries, maintain accurate client records, and protect our website from abuse.
Legal obligation (Article 6(1)(c)): to comply with UK accounting, tax, and other statutory obligations.

5. Who we share your personal data with

We do not sell your personal data to any third party under any circumstance. We share limited data with the following categories of processor strictly for the purpose of operating our service:

Notion Labs, Inc. (CRM, client records, content calendar).
Beehiiv, Inc. (newsletter delivery and subscriber management).
Vercel Inc. (website hosting, serverless function execution).
Anthropic PBC (via Vercel AI Gateway):used to classify inbound enquiries and draft internal follow-up messages. Prompt data is processed under Anthropic's enterprise data handling commitments and is not used to train foundation models.
Google LLC and Microsoft Corporation: email delivery and calendar scheduling.

Each of the above is bound by its own privacy terms, and we only share the minimum data required for the stated purpose. Some of these processors may transfer data outside the UK and the European Economic Area. Where that happens, we rely on UK-approved transfer mechanisms (UK International Data Transfer Agreement or Standard Contractual Clauses) to ensure your data remains protected.

6. How long we keep your personal data

Enquiry data: retained for up to 24 months from the date of your last interaction, after which it is deleted or fully anonymised, unless you have become an active client.
Active client data: retained for the duration of our engagement and for up to 7 years after its conclusion, to comply with UK accounting and tax retention requirements.
Newsletter data: retained until you unsubscribe. You can unsubscribe at any time using the link in any newsletter email.
Technical logs: retained for up to 30 days.

7. Your rights

Under the UK GDPR, you have the following rights:

Right of access: you can request a copy of the personal data we hold about you.
Right to rectification: you can ask us to correct any inaccurate data.
Right to erasure: you can ask us to delete your personal data, subject to any legal or contractual retention obligations.
Right to restrict processing: you can ask us to stop processing your data in certain circumstances.
Right to data portability: you can ask us to transfer your data to another service in a commonly used format.
Right to object: you can object to processing based on our legitimate interests or for direct marketing purposes.
Right to withdraw consent: where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, email us at clients@accessecs.com. We will respond within 30 days.

8. Making a complaint

If you believe we have mishandled your personal data, we would very much like the opportunity to address your concern directly first. You can also lodge a complaint with the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.

9. Security

We use appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, and destruction. These measures include encryption in transit (HTTPS on all pages and API routes), access controls, and regular review of our processors' security practices.

10. Children

Our service is intended for candidates aged 16 and over, and for parents or guardians acting on behalf of a candidate. We do not knowingly collect personal data from children under 13. If you believe we have received such data in error, please contact us and we will delete it immediately.

11. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated directly to active clients and newsletter subscribers by email.

12. Contact

Questions, requests, or concerns about this policy or your personal data:

Hassan Akram, Data Controller
Elite Careers Strategy
London, United Kingdom
Contact: clients@accessecs.com
clients@accessecs.com

← Back to accessecs.com · Terms of Service