PRIVACY POLICY

Last updated: 17 April 2025

Circl+Co (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard the information you provide when using our website, communicating with us, or engaging with our services.

By accessing our website or submitting personal information to us, you agree to the practices described in this Policy.

1. Information We Collect

We may collect and process the following types of personal data:

a) Information you voluntarily provide

  • Name, email address, phone number, company name

  • Project enquiries or service requests submitted via forms, email, or social media

  • Correspondence records, including proposals or contracts

b) Automatically collected data

  • IP address, browser type, operating system, and device type

  • Usage data such as pages visited, time spent on site, referral source, and click behaviour

  • Cookies and similar tracking technologies (see Section 4)

c) Third-party sources

Business directories, publicly available platforms (e.g., LinkedIn), or referrals that share contact details lawfully

2. How We Use Your Information

We process your personal data to:

  • Respond to enquiries and deliver project proposals

  • Fulfil contractual obligations and provide agreed services

  • Communicate regarding project timelines, deliverables, or billing

  • Improve the performance, security, and usability of our website

  • Conduct internal analytics and marketing performance reviews

  • Ensure compliance with applicable legal and regulatory obligations

We do not use your data for automated decision-making or profiling.

3. Legal Basis for Processing

We process your personal data in accordance with the General Data Protection Regulation (EU GDPR). Where applicable, we also adhere to the UK GDPR and related local laws.

Legal bases for processing include:

  • Consent – when you voluntarily provide information via forms or direct communication.

  • Contractual necessity – when data is required to deliver services or enter into a working agreement.

  • Legitimate interest – for improving services, communicating with clients, or preventing fraud.

  • Legal obligation – to comply with local, EU, or international regulations.

4. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to:

  • Ensure the proper functioning of key features

  • Analyse website traffic and user behaviour

  • Improve the quality of your experience

You can manage or disable cookies via your browser settings. Please note that disabling cookies may affect certain site functionalities.

5. Sharing Your Data

We may share your personal data with trusted third parties, strictly for the purposes outlined in this Policy:

  • Hosting and infrastructure providers

  • Email and communication platforms

  • Project collaboration or cloud-based services

  • Legal or regulatory bodies when required

All third parties are contractually bound to keep your information confidential and secure. We never sell or rent your personal data.

6. International Data Transfers

If your data is transferred outside the European Economic Area (EEA), we ensure it is protected by appropriate safeguards, including:

  • Transfers to countries deemed adequate by the European Commission

  • Standard Contractual Clauses (SCCs) approved for international data transfers

  • Binding corporate rules or other lawful mechanisms

7. Data Security

We take data security seriously. Your information is protected by:

  • Encrypted storage and transfer protocols

  • Secure servers and firewalls

  • Access controls and authentication procedures

  • Routine system monitoring and data backups

8. Data Retention

We retain your personal data only for as long as necessary to:

  • Fulfil the purposes outlined above

  • Comply with legal, financial, or reporting obligations

  • Resolve disputes and enforce our agreements

Once no longer required, your data will be securely deleted or anonymised.

9. Your Rights

Under the EU GDPR, and where relevant the UK GDPR, you have the right to:

  • Request access to your personal data

  • Request correction or rectification of inaccurate data

  • Request deletion (“right to be forgotten”)

  • Restrict or object to certain types of processing

  • Request data portability in a structured format

  • Withdraw consent at any time (where consent is the basis of processing)

To exercise your rights, please email us at hello@circlandco.com. We may need to verify your identity before fulfilling your request.

10. Third-Party Websites

Our website may include links to external websites. This Privacy Policy does not extend to third-party websites, and we are not responsible for their content or privacy practices. We recommend reviewing their privacy policies separately.

11. Policy Updates

We may update this Privacy Policy from time to time in response to changes in the law, our practices, or our services. The revised version will always be available on this page with the effective date noted above.

Continued use of our website constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions or concerns about how we handle your data, please get in touch by sending an email to hello@circlandco.com.