Privacy Policy

1. Who we are

Caelion Ltd is a company registered in England and Wales. We provide investment technology consulting services to family offices and asset managers. For the purposes of UK data protection legislation, Caelion Ltd is the data controller in respect of any personal data you provide to us.

If you have any questions about this policy or how we handle your data, please contact us at [email protected].

2. What data we collect

We collect personal data only when you provide it to us directly. This may include:

• —Your name and professional title
• —Your email address and telephone number
• —The name of your organisation
• —The content of any enquiry, brief, or message you send us
• —Meeting or consultation booking details via Calendly

We do not collect sensitive personal data (as defined under UK GDPR), and we do not collect data from individuals we know to be under the age of 18.

We may also collect limited technical data automatically when you visit this website — such as your IP address, browser type, and pages visited — through standard web server logs and analytics tools. This data is anonymised and aggregated and is not used to identify you personally.

3. How we use your data

We use your personal data for the following purposes:

• —To respond to your enquiry or booking request
• —To conduct a scoping conversation and assess whether an engagement is appropriate
• —To communicate with you in connection with a current or potential engagement
• —To fulfil any contractual obligations arising from an agreed engagement
• —To comply with any applicable legal or regulatory obligations

We do not use your data for automated decision-making or profiling. We do not send unsolicited marketing communications. We will not contact you for any purpose unrelated to your enquiry or an existing engagement without your explicit consent.

4. Legal basis for processing

We process your personal data on the following legal bases under UK GDPR:

• —Legitimate interests — to respond to enquiries and assess potential engagements
• —Contract performance — to fulfil obligations under an agreed engagement
• —Legal obligation — to comply with applicable UK law and regulation

5. How long we keep your data

We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law.

• —Enquiry data where no engagement follows: deleted within 12 months of last contact
• —Engagement data: retained for 6 years following completion of the engagement, in accordance with UK statutory requirements
• —Financial and contractual records: retained for 6 years as required by HMRC

6. Who we share your data with

We do not sell, rent, or trade your personal data with any third party for commercial purposes.

We may share your data with the following categories of trusted third-party service providers who process data on our behalf:

• —Calendly — scheduling and meeting booking (USA, SCCs in place)
• —Formspree — contact form processing (USA, SCCs in place)
• —Vercel — website hosting (USA, SCCs in place)

Each of these providers operates under appropriate data processing agreements and standard contractual clauses (SCCs) as required under UK GDPR for international data transfers. We may also disclose your data where required by law, regulation, or lawful authority.

7. Cookies and tracking

This website uses only essential technical cookies necessary for the website to function. We do not use advertising, tracking, or third-party analytics cookies. No cookie consent banner is required for essential cookies under UK PECR.

If we introduce non-essential cookies in the future, we will update this policy and implement an appropriate consent mechanism.

8. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

• —Access — to request a copy of the personal data we hold about you
• —Rectification — to request that inaccurate data be corrected
• —Erasure — to request deletion of your data where there is no legitimate reason to retain it
• —Restriction — to request that we restrict processing of your data in certain circumstances
• —Portability — to receive your data in a structured, machine-readable format
• —Objection — to object to processing based on legitimate interests

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. Our website is served over HTTPS. Access to personal data is restricted to those who need it to perform their role.

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when the policy was last updated. We encourage you to review this page periodically.

11. Contact

For any questions about this Privacy Policy or our data practices, please contact: