GDPR Policy

1. Our Commitment

CiteSignal Ltd is committed to processing personal data lawfully, fairly, and transparently. We collect only what is necessary, retain it only for as long as needed, and protect it with appropriate security measures.

2. Data We Process

We process the following categories of personal data:

• Identity data: Name, job title, company name
• Contact data: Email address, phone number, postal address
• Technical data: IP address, browser type, pages visited, referring URLs
• Usage data: Information about how you use our website and services
• Marketing data: Your preferences for receiving marketing from us

We do not process any special category data (sensitive personal data) as defined under UK GDPR Article 9.

3. Lawful Basis for Processing

All personal data we process is done so under one or more of the following lawful bases:

• Contractual necessity — processing required to deliver our services to you
• Legitimate interests — processing necessary for our legitimate business purposes where your rights are not overridden
• Legal obligation — processing required to comply with UK law
• Consent — where you have opted in to marketing communications

4. Data Subject Rights

Under UK GDPR you have the following rights, all of which you may exercise by contacting us at hello@citesignal.io:

• Right of access — to obtain a copy of your personal data
• Right to rectification — to correct inaccurate personal data
• Right to erasure — to request deletion of your data where there is no legitimate reason to retain it
• Right to restriction — to request that we limit how we use your data
• Right to portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — at any time where processing is based on consent

We will respond to all valid requests within one calendar month. We may need to verify your identity before processing your request.

5. Data Retention

We retain personal data only for as long as necessary:

• Client data is retained for 6 years following the end of an engagement in line with HMRC requirements
• Marketing data is retained until you unsubscribe or withdraw consent
• Website analytics data is retained for 26 months
• Enquiry data is retained for 12 months if no engagement follows

6. International Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses where applicable.

7. Data Security

We maintain appropriate technical and organisational security measures to protect personal data. These include access controls, encryption where appropriate, and regular reviews of our data handling practices. We report any personal data breaches to the ICO within 72 hours where required by law.

8. Third Party Processors

We use carefully selected third-party processors to support our operations. All processors are bound by data processing agreements and are required to handle data securely and in accordance with UK GDPR. We do not sell personal data to third parties.

9. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

We would always appreciate the opportunity to address your concerns directly before you contact the ICO. Please email us at hello@citesignal.io.

10. Policy Review

This GDPR Policy is reviewed annually or following any significant change in our data processing activities or applicable law.

11. Contact Our Data Controller

CiteSignal Ltd
566 Chiswick High Road (Building 3)
London, W4 5YA
hello@citesignal.io