Legal

Privacy policy

Last updated 9 April 2026

This notice explains how Afferentic Ltd handles personal data. It is written in plain English so you can understand what we do with information about you before you decide to share it. It is written to satisfy the UK GDPR and the Data Protection Act 2018.

Who we are

Afferentic Ltd is a private limited company registered in England and Wales under company number 17146782. Our registered office is at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

Afferentic Ltd is the data controller for the personal data we collect through this website and in the course of providing our services.

Data Protection Officer

Afferentic Ltd is not required to appoint a Data Protection Officer under Article 37 of the UK GDPR. Our processing activities do not involve large-scale monitoring of data subjects, nor large-scale processing of special category or criminal offence data.

Data protection enquiries, subject access requests, and any concerns about how we handle your personal data can be directed to Charlie Shreck, Director, at [email protected].

What data we collect

Through this website:

  • The single-field form on the homepage and on /start. If you submit it, we collect the text you write and the email address you reply from when we respond. We do not ask for your name, phone number, company, or anything else.
  • Correspondence with us. If you email us, call us, or contact us through any channel, we keep a record of that communication and your contact details.
  • Basic analytics. We use privacy-preserving analytics to understand how visitors use the site. No personally identifying information is captured. We do not use behavioural tracking cookies or advertising cookies.

During a client engagement:

  • Client contact details. Name, business email, job title, and phone number of the people at the client organisation we work with.
  • Operational data accessed during an engagement. As part of the Afferentic Map and subsequent build work, we access data held in the client's own systems through authorised, scoped integrations. This may include personal data held by the client about their customers, staff, or suppliers. In all such cases we are acting as a processor on behalf of the client, who remains the data controller.
  • Notes and deliverables. Notes from conversations, findings from assessments, and documents we produce for you.

Why we collect it and our lawful basis

We process personal data on one of the following lawful bases under Article 6 of the UK GDPR:

  • Legitimate interests — for responding to form submissions and enquiries, maintaining contact with prospective clients, and operating the business. This is our default basis for business-to-business communications.
  • Contract — for processing necessary to deliver the services you have engaged us for.
  • Legal obligation — for processing necessary to comply with laws that apply to us, such as tax records, company filings, and responses to regulatory enquiries.

We do not process special category data (data about health, ethnicity, political opinions, religion, sexuality, biometric, genetic, or trade union membership) through this website. If an engagement would require processing of special category data, we would agree a specific lawful basis with the client in writing as part of a Data Processing Agreement.

How we store and protect it

We take the security of personal data seriously. Our measures include:

  • Data stored in encrypted form, on UK or EU-hosted infrastructure
  • Access controlled by multi-factor authentication and, where applicable, device-compliance checks
  • Client data isolated per-engagement and not co-mingled with other clients
  • All access to client systems authenticated via scoped, revocable credentials you authorise; we do not hold your passwords
  • Audit logs of access and actions retained for the duration of the engagement and for an appropriate period afterwards
  • Data transferred over TLS 1.3 or equivalent
  • Workstations and devices with disk encryption and automatic screen locking

How long we keep it

  • Prospect and enquiry records: up to two years from last contact, unless you ask us to delete them sooner
  • Client engagement records: six years from the end of the engagement, for legal, tax, and professional indemnity purposes
  • Accounting records: six years, as required by UK law
  • Statutory company records: for the lifetime of the company plus six years after dissolution

Who we share it with

We do not sell personal data. We share it only with:

  • Service providers we use to run the business — such as Microsoft (email, calendar, file storage), Starling Bank (banking), our accountants, and hosting providers. These providers act as our data processors under written agreements that require them to protect your data.
  • Professional advisers — such as solicitors, insurers, and auditors when their involvement is required.
  • Authorities, courts, or regulators — when we are legally required to disclose information.

We do not transfer personal data outside the UK or European Economic Area without an appropriate safeguard in place, such as the UK International Data Transfer Agreement or equivalent.

Your rights

Under UK GDPR, you have the right to:

  • Ask us what personal data we hold about you and receive a copy
  • Ask us to correct inaccurate data
  • Ask us to erase your data, where we no longer need it and no legal basis requires us to keep it
  • Ask us to restrict or object to how we process your data
  • Ask us to provide your data in a portable format
  • Withdraw any consent you have given us at any time
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint — we would ask that you contact us first so that we can try to resolve any issue directly

To exercise any of these rights, email [email protected]. We will respond within one month.

Cookies

This website uses essential cookies only. We do not use advertising cookies, social media tracking cookies, or behavioural profiling. If we ever introduce optional cookies we will ask for your consent first.

Changes to this policy

We may update this policy from time to time. We will change the “last updated” date at the top of the page and, if changes are material, we will let you know by email or by a notice on the site.

Contact

Afferentic Ltd
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
[email protected]

← Back to home