Legal · Privacy Policy

Privacy Policy

Version 4.2Effective 14 April 2026Supersedes v4.1 (Oct 2025)

Anologe Systems Ltd. ("Anologe", "we", "us") respects your privacy. This policy explains what personal data we collect, how we use it, the legal bases on which we rely, and the rights you have over your data — under the UK GDPR, EU GDPR, and other applicable data protection laws.

1. Scope and controllership

This policy covers personal data we process as a data controller — including data of website visitors, prospective clients, candidates applying to open roles, and contacts at client organisations. Where we process personal data on behalf of a client (for example, as part of a deployed system), we act as a processor under the engagement's Data Processing Addendum ("DPA"). Section 12 sets out the headline processor terms.

2. Data we collect

We collect only what we need to operate, including:

  • Identity data — name, job title, work email, employer, professional profile links.
  • Communications — emails, contact form submissions, scope notes, meeting transcripts where you've agreed to recording.
  • Engagement data — billing contacts, payment references, signed agreements, and engagement deliverables.
  • Technical data — IP address, device, browser, pages viewed, referrer, and similar log information.
  • Candidate data — application materials and outcomes of recorded interview stages.

We do not knowingly collect special‑category data (e.g. health, religion, biometric) via this website, and we do not use third‑party tracking for advertising.

3. Why we collect it

  • To respond to enquiries and run working sessions.
  • To deliver, monitor, and improve client engagements.
  • To process candidate applications and run hiring loops.
  • To produce invoices, manage payments, and comply with accounting obligations.
  • To detect, investigate, and prevent fraud or misuse of our systems.

4. Legal bases

We rely on the following bases under Article 6 of the UK and EU GDPR:

  • Performance of a contract — to deliver engagements and process candidate applications.
  • Legitimate interests — to run our website, manage business development, and operate internal security. We balance these interests against your rights and freedoms.
  • Consent — for optional cookies and where you've opted into receiving updates.
  • Legal obligation — to meet tax, regulatory, and accounting requirements.

5. Sharing and sub‑processors

We share personal data only with carefully selected providers who help us operate. Current sub‑processors include:

Sub‑processorPurposeLocation
VercelWebsite hostingEU / US (SCCs)
SupabaseInternal databaseEU (eu‑west‑2)
Customer.ioTransactional emailUS (SCCs)
HubSpotSales CRMEU / US (SCCs)
StripePayment processingEU / US (SCCs)
AnthropicLLM provider (no training)US (DPA + SCCs)

An up‑to‑date list is available on request to demo@anologe.co.

6. International transfers

Where we transfer personal data outside the UK or EEA, we rely on the UK International Data Transfer Addendum and the EU Standard Contractual Clauses, supplemented by transfer impact assessments where appropriate.

7. Retention

We retain personal data only as long as needed for the purposes set out above, after which we delete or anonymise it. Typical retention windows:

  • Enquiries and CRM contacts — 24 months from last interaction.
  • Candidate applications — 12 months from outcome (with explicit consent to keep longer).
  • Engagement records — 6 years from end of engagement (statutory accounting period).
  • Server logs — 90 days.

8. Your rights

Under data protection law, you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, as well as the right not to be subject to solely automated decisions with legal effect. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email demo@anologe.co. We respond within one month.

9. Security

We follow the controls outlined in our internal Security Policy: encryption in transit (TLS 1.2+) and at rest, least‑privilege access, audit logging on systems containing personal data, MFA on every staff account, and quarterly access reviews. We notify affected parties and the ICO without undue delay (within 72 hours) of a personal data breach where required.

10. Cookies

See our Cookie Policy for the categories of cookies we use, durations, and how to manage your preferences.

11. Children

Our services are aimed at businesses. We do not knowingly collect personal data from children under 16. If you believe we have, please contact us and we will delete it.

12. Data processing terms (when we act as processor)

When we process personal data on behalf of a client, our standard DPA applies and forms part of the engagement contract. Headline terms:

  • We process personal data only on documented instructions from the client.
  • We require equivalent contractual protections from sub‑processors and maintain a current list (Section 5).
  • We assist clients with data subject requests, DPIAs, and breach notification.
  • We delete or return personal data at the end of the engagement, subject to legal retention requirements.
  • We do not transfer personal data outside the UK/EEA without an appropriate transfer mechanism.

A copy of the standard DPA is available on request.

13. Changes to this policy

We update this policy when our processing changes or the law requires. Material changes are notified by email where appropriate; otherwise the new version supersedes the previous one as of the Effective date above.

14. Contact

Anologe Systems Ltd., 71–75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. Email demo@anologe.co. Our data protection lead is the Operating Partner responsible for Internal Systems.