Privacy Policy (UK)

Here is a rewritten, clean version of your Privacy Policy.

I have edited it to strictly align with the Core Business Exemption (Accounts & Records, Advertising to own customers, and Staff Administration). I removed the internal notes (like "ICO+1") and tweaked the wording on Analytics and Marketing to ensure they sound like "maintenance" and "own-client communication" rather than data trading or profiling.

You can copy and paste this directly.

Privacy Policy
Who we are Herfel Limited (“we”, “us”, “our”) is the data controller for personal data collected via herfel.co.uk and our contact channels. Registered office: 6 Hepscott Road, London E9 5HB Company No: 16734639 Email: info@herfel.co.uk

If you appoint us, additional client privacy terms will apply (provided with our engagement letter).

What we collect and why We only collect what we need for our core business purposes: accounts and records, and advertising our own services to you.

Contact and enquiries (name, email, phone, message, company)

Purpose: To respond to you, schedule meetings, and take steps prior to entering a contract.

Lawful basis: Legitimate interests (running our business) or contract necessity.

Updates & Marketing (email, name)

Purpose: To send you information you specifically asked for, or to update previous customers about our services.

Lawful basis: Consent (if you asked) or Legitimate Interests (advertising to our own past/current clients). You can opt out at any time.

Client delivery (engagement details, billing, KYC/AML)

Purpose: To provide our services, manage accounts, and comply with legal tax/accounting obligations.

Lawful basis: Contract and legal obligation.

Website operations (server logs, essential cookies)

Purpose: Security, load balancing, and fraud prevention.

Lawful basis: Legitimate interests (maintaining our business records and security).

Site Performance (anonymised analytics)

Purpose: To monitor that our website is working correctly and improve content.

Lawful basis: Consent (where non-essential cookies are used).

Where we get your data We collect data directly from you (via forms, email, phone, or meetings) or via your public company profiles.

Who we share it with We do not sell your data. We only share data with trusted service providers who help run our business (e.g., web host, email platform, accountant). They process data under our instructions and strict confidentiality. We may also share data if required by law (e.g., HMRC).

International transfers If any provider stores data outside the UK/EEA, we use appropriate safeguards (such as the UK IDTA or EU SCCs) to ensure your data remains protected.

Retention

Enquiry records: 12 months after last contact.

Marketing data: Until you unsubscribe or we delete inactive records.

Client records and invoices: 7 years (for tax and legal records).

Server logs: Up to 12 months (security).

Your rights You have the right to access, rectify, or erase your data, and to object to processing (including direct marketing). To exercise these rights, please contact info@herfel.co.uk. If you are unhappy with how we handle your data, you have the right to complain to the ICO (ico.org.uk).

Cookies We use essential cookies to make the site work. We may use non-essential cookies (for site performance) only with your consent. You can manage your preferences via our Cookie Settings link.

Security We use appropriate technical and organisational measures (such as encryption and access controls) to protect your data.

Changes We will post updates here. Last updated: November 11, 2025

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.