I understand that a P2P review involves access to sensitive business information — supplier details, spend data, internal processes, and in some cases commercially sensitive pricing or contracts.

Here is how I handle your data:

Confidentiality agreement A mutual Non-Disclosure Agreement (NDA) is signed before any business information is shared. This is standard practice and non-negotiable — it protects both of us.

Data minimisation

I only request access to information that is directly relevant to the review. I will never ask for more than I need, and I will tell you clearly at the outset what I am requesting and why.

Secure handling

All documents and data shared with me are stored securely. I do not use personal email accounts or unsecured file-sharing services. Client files are held in password-protected, encrypted storage and are not shared with any third party.

Retention & deletion

On completion of an engagement, I retain only what is necessary for my own professional records. All other client data is securely deleted within 30 days of the engagement closing. You can request deletion at any point.

UK GDPR compliance

Featherstone Optima Limited is registered with the ICO and operates in full compliance with UK GDPR. If any personal data is processed as part of an engagement, this is handled lawfully and transparently.

Your data stays yours

Nothing you share with me is used for any purpose beyond your engagement. I do not use client data for case studies, benchmarking, or any other purpose without your explicit written consent.

Data breach protocol

In the unlikely event of a data security incident involving your information, I will notify you immediately and, where required under UK GDPR, report to the Information Commissioner's Office within 72 hours. You will never be kept in the dark.

If you have specific data security requirements — for example, your own supplier NDA template or internal data handling policies — I am happy to work within your framework.