Privacy policy.

1. Who we are and why this matters

Candid Data Services Ltd, trading as Candid Analytics (“Candid”, “we”, “us”, “our”), respects your privacy and is committed to protecting the personal data we handle.

We help businesses understand and use their data more effectively through analytics, dashboards, and performance reporting. As part of this work, we may collect and process limited personal information in order to communicate with clients, deliver our services, and improve how we operate.

Candid Data Services Ltd is a private limited company registered in England and Wales (Company No. 13393356) with its registered office at:

C/O Str84ward Accounting Ltd
Lewis Building, 35 Bull Street, Birmingham, United Kingdom, B4 6EQ

Candid Data Services Ltd is the data controller for the personal data described in this policy.

This Privacy Policy applies when you:

  • Visit our website https://www.candid-analytics.com (“the Website”),

  • Contact us by email or through a form,

  • Work with us as a client, supplier, or partner, or

  • Otherwise interact with us where we handle your personal information.

2. Key definitions

“Applicable Law” – the UK GDPR, the Data Protection Act 2018, PECR, and other relevant data protection laws and guidance.
“Personal Data” – any information relating to an identifiable person.
“Processing” – any operation performed on personal data, such as collection, use, or deletion.
“Controller” – the organisation that decides how and why personal data is processed (that’s us).
“Processor” – a third party that processes data on our behalf (for example, hosting or analytics platforms).

3. What data we collect

The data we collect depends on how you interact with us. We may collect:

(a) Information you provide directly

  • Name, email address, phone number, job title, and company name

  • Details submitted through contact forms or during project onboarding

  • Payment and invoicing details when entering into a contract

(b) Information we collect automatically

  • IP address, browser type, and device information

  • Usage data on how you interact with our website and content (via analytics tools such as PostHog, Google Analytics, or HubSpot)

(c) Information from third parties

  • Business information from public sources (e.g. LinkedIn, company websites)

  • Marketing or analytics data from trusted tools such as HubSpot and Google Ads

We do not intentionally collect sensitive personal data, nor do we target or knowingly collect data from children.

4. Why we process your data (and lawful bases)

We only process personal data when we have a lawful basis to do so under the UK GDPR. These are the main reasons we may use your information:

  • To deliver our consultancy and analytics services – we process your data as part of performing a contract with you, or to take steps before entering one.

  • To respond to enquiries and communicate with you – we rely on our legitimate interest in running the business and providing relevant information.

  • To maintain business relationships and manage accounts – we process data as part of performing a contract or under legitimate interests.

  • To improve our services and website experience – we rely on legitimate interests to analyse how our services are used and to make them better.

  • To send relevant updates or marketing communications – we only do this where you’ve given consent, and you can withdraw it at any time.

  • To meet our legal and accounting obligations – we process certain data where required by law, such as for record-keeping or tax compliance.

5. How we store and protect your data

We store data securely using modern, cloud-based tools including Google Cloud, BigQuery, Supabase, and HubSpot — all protected by encryption, access controls, and two-factor authentication.

We only keep personal data for as long as it’s needed for the purpose collected, or as required by law. After that, it is securely deleted or anonymised.

Retention periods depend on:

  • The type of data and reason for collection

  • Contractual or legal requirements

  • Our legitimate need to maintain certain business records

6. Sharing and transfers

We do not sell or rent personal data. We only share it with trusted service providers who act as data processors on our behalf, for example:

  • Cloud hosting and analytics platforms (Google Cloud, Supabase)

  • CRM, email, and communication tools (HubSpot, Gmail, Dialpad)

  • Professional services (accountants, IT support, legal advisors)

When data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place — such as adequacy decisions or Standard Contractual Clauses (SCCs) approved by the ICO or European Commission.

All processors are bound by data processing agreements to handle data securely and only as instructed.

7. Cookies and analytics

Our website uses cookies and similar technologies to help us understand how visitors use our site and to improve performance.

We may use:

  • Essential cookies – required for core site functionality

  • Analytics cookies – to understand traffic and page usage

  • Marketing cookies – to measure campaign effectiveness

You can control cookies via your browser settings at any time. For more detail, see our Cookie Policy (linked in the site footer).

8. Your rights

Under the UK GDPR, you have several rights over your personal data:

  • Access – request a copy of your data

  • Rectification – correct inaccuracies

  • Erasure – ask us to delete your data (“right to be forgotten”)

  • Restriction – limit how your data is used

  • Portability – receive your data in a portable format

  • Objection – object to certain types of processing

  • Withdraw consent – if processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at privacy@candid-analytics.com.
We will respond to legitimate requests within one month, as required by law.

If you are unhappy with our handling of your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

9. Data security

We take data protection seriously. Our measures include:

  • Encryption in storage and transmission

  • Role-based access control and 2FA for all tools

  • Regular review of data access and security settings

  • Secure backups and minimal retention policies

All staff and contractors with access to data are required to follow internal security guidelines and confidentiality agreements.

10. Updates to this policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. The latest version will always be available at https://www.candid-analytics.com/privacy-policy.

If we make significant changes, we will provide notice where required.

11. Contact us

If you have any questions or concerns about this Privacy Policy or how we handle personal data, please contact:

Candid Data Services Ltd
(trading as Candid Analytics)
📍 C/O Str84ward Accounting Ltd, Lewis Building, 35 Bull Street, Birmingham, United Kingdom, B4 6EQ
📧 privacy@candid-analytics.com
🌐 www.candid-analytics.com
Company No. 13393356 – Registered in England and Wales