privacy policy.

Chartica Ltd ("Chartica", "we", "us" or "our") is committed to protecting the privacy of everyone who interacts with our website at https://chartica-website.vercel.app and our services. This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it.

All personal data you provide is held by Chartica Ltd at our registered office: 70 Jesmond Avenue, Wembley, England, HA9 6EA. Our company registration number is 15603151 and our ICO registration reference is ZB736266. You can verify our registration at the Information Commissioner's Office: ico.org.uk.

TL;DR We're a UK data controller registered with the ICO. We only collect what we need to reply to your enquiry, run your engagement, and keep our service compliant. We don't sell your data. You have full rights of access, rectification, and erasure under UK GDPR — exercise them by emailing kabilan.thayaparan@chartica.co.uk.

Who we are

Chartica Ltd is the data controller responsible for your personal data when you use our website or engage us as a service provider. Where we act as a data processor on behalf of one of our clients (for example, when we operate a managed analytics dashboard for them), the client remains the data controller and we operate under a signed Data Processing Agreement.

This website is not intended for children under 16 and we do not knowingly collect data relating to children.

1. The personal data we collect

Personal data means any information about an individual from which that person can be identified. We may collect, use, store, and transfer the following kinds of personal data:

• Identity data — first name, last name, job title, company name.
• Contact data — email address, telephone number (if you provide one), postal address (if you provide one).
• Enquiry data — the message or context you share with us through a form or email.
• Technical data — IP address, browser type and version, time-zone setting, operating system, device identifiers, and pages you visit on our site. Collected via cookies and server logs (see our Cookies policy).
• Usage data — information about how you interact with our website and which guides you read.
• Marketing and communications data — your preferences for receiving marketing from us, where you have opted in.

We also use aggregated data (for example, the percentage of visitors who read a guide before booking a call). Aggregated data is statistical and does not identify any individual.

We do not knowingly collect special category data (information about your health, ethnicity, political views, religious beliefs, trade union membership, sexual orientation, biometric or genetic data, or criminal records). Please don't include this kind of information in messages to us.

2. How we collect it

We use three methods:

• Direct interaction — when you fill out a form, email us, book a call, or interact with us by post or phone.
• Automated technologies — when you use our site, cookies and server logs collect technical and usage data. See the Cookies policy for the full list.
• Third parties — we may receive technical data from analytics providers, and contact data from publicly available business sources if we are reaching out to a prospective client.

3. How we use it (legal bases)

UK GDPR requires us to have a lawful basis for processing your personal data. We rely on one or more of the following:

• Performance of a contract — when we are entering into or performing an engagement with you (running your dashboards, billing, support).
• Legitimate interests — to operate our business, reply to enquiries, prevent fraud, secure our systems, and improve our service. We balance our interests against your rights and freedoms before relying on this basis.
• Legal obligation — when we are required to process data to comply with UK law (for example, tax or anti-money-laundering obligations).
• Consent — only where you have actively agreed (for example, signing up for a newsletter). You can withdraw consent at any time.

Specifically:

• We use the contact details you give us to reply to your enquiry on the basis of legitimate interests.
• We use technical and usage data to understand how the site is used on the basis of legitimate interests.
• We use marketing data to send you marketing communications only on the basis of your explicit consent.

4. Who we share it with

We share personal data with the following categories of recipients, only where necessary and under appropriate contractual safeguards:

• Service providers (sub-processors) who help us operate our business: HubSpot (CRM), Google Cloud Platform (infrastructure and BigQuery), Fivetran (data pipelines), Looker Studio (visualisation), Resend or similar email infrastructure providers, Vercel (website hosting). We have signed Data Processing Agreements with each of these providers.
• Professional advisors — accountants, auditors, lawyers, where required.
• Authorities — where required by law, court order, or a properly constituted regulatory request.

We do not sell your personal data and we do not share it with advertisers.

5. International data transfers

Most of our processing takes place in the UK or the European Economic Area. Where we use a service provider that processes data in another country (for example, HubSpot may process data in the United States), we ensure appropriate safeguards are in place — typically the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.

6. Data retention

We keep personal data only for as long as we need it for the purposes described in this policy. As a rough guide:

• Enquiry data — kept for up to 24 months after the last contact, then deleted.
• Client engagement data — kept for the duration of the engagement plus 6 years for tax and accounting purposes, after which it is deleted.
• Technical and usage data — anonymised or deleted within 26 months.

When you cease being a client, we delete all your operational data from our systems within 30 days of contract end and provide written confirmation.

7. Your rights under UK GDPR

You have the following rights over your personal data:

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — you can ask us to delete your personal data in certain circumstances.
• Right to restrict processing — you can ask us to stop processing your data while we resolve a query.
• Right to data portability — you can ask for a copy of your data in a structured, machine-readable format.
• Right to object — you can object to processing based on legitimate interests, and to direct marketing.
• Right to withdraw consent — where we rely on consent, you can withdraw it at any time.

There is no fee for exercising these rights, except in rare cases where a request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse the request, per ICO guidance). We will respond to a valid request within one calendar month, with up to two further months for complex or multiple requests (and we'll let you know if we need the extension).

To exercise any of these rights, email kabilan.thayaparan@chartica.co.uk.

If you're unhappy with how we've handled a request, you have the right to complain to the Information Commissioner's Office (ico.org.uk/concerns). We'd appreciate the chance to address your concerns first, but you can complain at any time.

8. Cookies

This website uses a small number of cookies. The full list of cookies we set, what they do, and how to manage them, is in our Cookies policy.

9. Security

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes role-based access controls, encryption in transit (TLS) and at rest, audit logging, and regular reviews of our sub-processors. No system is completely secure, but we take this seriously and document our controls against the principles set out in UK GDPR Article 32.

10. Changes to this policy

We may update this policy from time to time to reflect changes in our processing or in the law. The version live on this page is always current; we will note the last-updated date at the top.

11. Contact us

For all privacy-related queries, requests, and complaints:

• Email — kabilan.thayaparan@chartica.co.uk
• Post — Chartica Ltd, 70 Jesmond Avenue, Wembley, England, HA9 6EA
• Phone — 07730 453736

Chartica Ltd is a company registered in England and Wales (company number 15603151). Our ICO registration reference is ZB736266.