Privacy Policy

Last updated: 2025

1. Introduction

Calmspire Ltd (“Calmspire”) is committed to protecting the privacy and security of our clients and users. This Privacy Policy outlines how we collect, use, store, and protect the personal information of individuals who interact with our services. Calmspire acknowledges its obligations under the UK General Data Protection Regulation (UK GDPR) and is committed to processing personal data in accordance with its principles.

2. Collection of Information

2.1 Personal Data Collected

We collect only essential personal data such as full names and email addresses.

2.2 Lawful Basis for Processing

We collect and process personal data based on the following lawful bases under the UK GDPR:

  • Contract: Processing is necessary for the performance of a contract with the client or to take steps at the request of the client before entering into a contract.
  • Legitimate Interests: Processing is necessary for our legitimate interests in providing and managing our market intelligence services, account management, and client support, and communicating important updates and announcements. We have balanced these interests against the rights and freedoms of our clients.

2.3 Method of Collection

This information is obtained directly from our clients during account creation or through their voluntary interactions with our services.

3. Use of Information

3.1

The collected personal data is used solely for the following purposes:

  • To provide and manage our market intelligence services.
  • For account management and client support.
  • To communicate important updates and announcements related to our services.

4. Data Sharing and Disclosure

4.1

Calmspire does not sell or rent personal data to third parties.

4.2

No customer data is shared with third-party service providers (e.g., cloud hosting services) except where such sharing is necessary for the provision of our services and under strict contractual agreements that ensure data protection.

4.3

We may disclose personal data if required by law or if necessary to protect our rights and comply with legal proceedings.

5. Data Storage and Security

5.1

Calmspire stores personal data securely using cloud services that adhere to SOC 2 and ISO standards. We ensure that any data processors we use also provide sufficient guarantees to implement appropriate technical and organisational measures to protect personal data.

5.2

We implement robust security measures to protect data from unauthorised access, disclosure, alteration, or destruction.

6. Data Retention

6.1

Personal data is retained only as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, regulatory, tax, accounting, or reporting requirements.

6.2

We maintain specific records management and retention policies and procedures, so that Personal Data is deleted after a reasonable time according to the following retention criteria:

  • We retain your Personal Data as long as we have an ongoing relationship with you (in particular, if you have an account with us) and it is therefore needed to provide services to you.
  • We retain your Personal Data as long as needed to comply with our UK GDPR and other regulatory obligations, such as income tax and audit purposes.

7. Client Rights and Choices (Data Subject Rights)

7.1

Clients have the following rights in relation to their Personal Data under the UK GDPR:

  • 7.1.1 Right to be Informed: This right entitles you to be informed about the collection and use of your Personal Data.
  • 7.1.2 Right to Access: This right entitles you to access and receive a copy of the Personal Data we hold about you, and other supplementary information and to check that we are lawfully processing it.
  • 7.1.3 Right to Rectification: This right allows you to ask Calmspire to update any inaccurate or incomplete data we have on you.
  • 7.1.4 Right to Erasure: This right entitles you to ask for your personal data to be deleted if: Personal data is no longer necessary; Individual withdraws consent; Personal data is unlawfully processed; Individual objects to the processing, and the data controller has no reason to continue processing; Data erasure is necessary for compliance with a legal obligation.
  • 7.1.5 Right to Restriction of Processing: This right entitles you to request that Calmspire restrict or suppress the processing of your Personal Data: if you want us to establish the data’s accuracy; where our use of the Personal Data is unlawful, but you do not want us to erase it; where you need us to hold the Personal Data even if we no longer require it as you need to establish, exercise or defend legal claims; you have objected to our use of your Personal Data, but we need to verify whether we have overriding legitimate grounds to use it.
  • 7.1.6 Right to Data Portability: This right entitles you to receive the Personal Data concerning you, which you have provided to Calmspire, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Calmspire.
  • 7.1.7 Right to Object to Processing: This right entitles you to object to the processing of personal data concerning you, including direct marketing.
  • 7.1.8 Right Related to Automated Decision-Making and Profiling: The UK GDPR has provisions on: Automated individual decision-making (making decision solely by automated means without any human involvement); and Profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.

8. International Data Transfers

8.1

We may transfer your personal data to countries outside the UK, to support our global business operations and provide you with efficient services. While these countries may have different data protection laws, Calmspire ensures that your personal data is handled with the same high standards of security and confidentiality as required under UK data protection laws.

8.2

To safeguard your information, we use approved legal mechanisms such as:

  • The UK International Data Transfer Agreement (IDTA), and/or;
  • The European Commission’s Standard Contractual Clauses (SCCs) with the UK Addendum, as approved by the UK Information Commissioner’s Office (ICO).

8.3

In all cases, we take steps to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws.

8.4

You have a right to request further information about the international data transfer safeguards we apply. Please contact us at hello@calmspire.co.uk.

9. Children’s Data

9.1

Our services are intended for business and professional use and are not directed at children under the age of 16. We do not knowingly collect or process personal data relating to children.

9.2

If we become aware that we have inadvertently collected personal data from a child without appropriate consent or legal basis, we will take reasonable steps to delete such data as soon as possible.

9.3

If you believe that a child’s data may have been provided to us in error, please contact us immediately.

10. Personal Data Breach Notification

10.1 In the event that we become aware of a personal data breach, we shall assess without undue delay whether the breach is likely to result in a risk to the rights and freedoms of natural persons.

10.2 Where such a risk is identified, we shall notify the Information Commissioner’s Office (ICO) without undue delay, and, where feasible, no later than 72 hours after becoming aware of the breach, in accordance with Article 33 of the UK GDPR. The notification to the ICO shall include, to the extent possible: a description of the nature of the personal data breach; the name and contact details of the DPO or other appropriate contact point; a description of the likely consequences; a description of the measures taken or proposed to address the breach.

10.3 Where it is not possible to provide all of the above information at the same time, we shall provide the information in phases without undue further delay.

10.4 Where the personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, we shall also communicate the breach to the affected data subjects without undue delay. Such communication shall be made in clear and plain language and shall describe the nature of the breach, its likely consequences, and the measures taken or proposed to address it.

10.5 We may be exempt from the obligation to notify affected data subjects where: appropriate technical and organisational protection measures (such as encryption) had been applied to the data affected by the breach; subsequent measures have been taken to ensure the high risk to data subjects is no longer likely to materialise; individual notification would involve disproportionate effort, in which case a public communication or similar measure shall be undertaken.

10.6 All personal data breaches, whether or not reportable to the ICO or the data subjects, shall be documented in accordance with our obligations under Article 33(5) UK GDPR, including the facts relating to the breach, its effects, and the remedial action taken.

11. Changes to the Privacy Policy

11.1 We reserve the right to update or amend this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.

11.2 When we make material changes, we will notify clients by email (where appropriate) and post the updated version on our website with the “last updated” date.

12. Contact Information

For any questions or concerns regarding this Privacy Policy, please contact us at hello@calmspire.co.uk.

13. Governing Law

This Privacy Policy and any dispute or claim arising out of it or in connection with it shall be governed by and construed in accordance with the laws of England and Wales.

14. Data Controller

Calmspire Ltd

hello@calmspire.co.uk

By accessing or using Calmspire’s services, clients acknowledge that they have thoroughly read, understood, and agreed to be bound by all applicable terms and conditions set forth by Calmspire.